You use the Virtualized Domain Controller (VDC) cloning feature that Windows Server 2012 introduced. You run the following Windows PowerShell cmdlet in order to clone a domain controller:
When you do this, you receive warning and error messages that resemble the following:
Starting PDC test: Verifying that the domain controller hosting the PDC FSMO role is running Windows Server 2012 or later... Passed: The domain controller hosting the PDC FSMO role (DC2-FULL.root.fabrikam.com) was located and running Windows Server 2012 or later.
Verifying authorization: Checking if this domain controller is a member of the 'Cloneable Domain Controllers' group... Located the local domain controller: (DC2-FULL.root.fabrikam.com). Querying the 'Cloneable Domain Controllers' group... Pass: The local domain controller is a member of the 'Cloneable Domain Controllers' group.
Starting test: Validating the cloning allow list. No excluded applications were detected. Pass: No excluded applications were detected.
No valid clone configuration files were found at any of the supported locations.
All preliminary validation checks passed.
Starting creation of the clone configuration file... Finding the path to the Directory Service database...
WARNING: Failed to find the path to the Directory Service database. New-ADDCCloneConfigFile : Index was out of range. Must be non-negative and less than the size of the collection. Parameter name: index At line:1 char:1 + New-ADDCCloneConfigFile + ~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [New-ADDCCloneConfigFile], ArgumentOutOfRangeException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentOutOfRangeException,Microsoft.ActiveDirectory.Management.Commands.NewADDCCloneConfigFile
The Windows PowerShell cmdlet must run in from an elevated Windows PowerShell command prompt. Otherwise, your security token does not contain the Administrators group and cannot write to the c:\windows\ntds\dccloneconfig.xml file.
Right-click the Windows PowerShell icon on the task bar, and then click Run as Administrator.
Do not disable User Account Control (UAC) as a workaround for this behavior. In addition to the obvious administrative functionality, UAC is required in order to run Modern Application, provides Internet Explorer with its protected mode, and performs file and registry virtualization. Disabling UAC is not a Microsoft best practice.
For more information about how to configure and troubleshoot VDC together with details and step-by-step guidance, go to the following websites: