How it works...

Domain controller cloning leverages the VM-GenerationID feature found in most modern hypervisor platforms. Through the specifications that Microsoft wrote for this feature, this ID is stored in every virtual machine's RAM and only changes under certain circumstances. These circumstances are the following:

When a virtual machine's hard disk is attached to a different virtual machine
When a previous snapshot for a virtual machine is applied

Active Directory Domain Services is the first server role to take advantage of the VM-GenerationID feature to do the following:

Increase the integrity of the contents of the Active Directory database and the Active Directory SYSVOL by employing virtualization safeguards
Clone a perfectly prepared domain controller using domain controller cloning

By storing the 128-bit value for the VM-GenerationID in RAM in the Active Directory database, and the domain controller checking the value stored in the database with the value in RAM before each major action, the domain controller can sense when a snapshot is applied or when the hard disk is reused.

As the VM-GenerationID feature is a hypervisor platform feature, a domain controller cannot sense a snapshot is applied or that the hard disk is reused when these actions originate from the storage fabric or otherwise outside of the hypervisor platform.

When a hard disk is reused and the domain controller is properly prepared to be cloned, domain controller cloning creates a perfect clone of the source domain controller.

Domain controller cloning only allows cloning of fully-writable domain controllers. Domain controller cloning does not apply to r ead-only domain controllers.