Cloning a PC with existing Active Directory connection



  • Hello community,

    I have been dealing with the topic of FOG.
    Just a little bit about me. I come from Germany and I don’t speak english perfectly. Therefore, I use Google-Translate for the translation. I hope everything I write comes clearly and understandably.

    Now to my project: I would like to use the FOG service to bring up computers to the same. I have already installed the FOG server and have already uploaded my first Windows images and installed them on other identical PCs.

    Now comes the part that moved me to register at the forum. And I am definitely not the first person who ask this question:
    The image should be taken from a Windows 10 PC. This PC is a member of an Active Directory.
    Now this image should be transferred to another PC, which should then also be a member of the Active Direcory (-> Backup PC).

    So far I’ve already done some tests with the FOG settings for Active Directory.
    My cloned PC, which also gets a different hostname during the cloning process, does not appear in the Active Directory and had no connection to the AD.
    I have all the Active Directory data stored in the FOG web interface.

    Is there a way to simply transfer a PC, that has an existing connection to the Active Directory, to another PC without performing sysprep or anything else?

    What is the right approach to make that happen?

    Thank you for your help

    Tobi



  • @george1421

    Thank you a lot. It worked. The backup PC works. There is also a connection to the AD (of course only if the Main-PC is offline).


  • Moderator

    @Tobi493 Ok I thought about this a bit. If you are only using FOG to create a DR system…

    You don’t need/want the FOG client on the source computer.

    If PCA is connected to AD and you capture it with FOG then power it down AND deploy it to PCB on the same day and don’t have fog change the system name during deployment (with early host name change), that PCB should be connected and in a trusted state with AD.

    From FOG’s perspective it doesn’t care about windows, linux, macos it only copies disk blocks from PCA to the fog server and then from the fog server to PCB. It doesn’t step inside the target OS (as long as the fog client isn’t installed). Once the target computer reboots after capture or deploy FOG has no way of interacting with the target computer (again as long as the FOG client isn’t installed). So the same day PCA->FOG->PCB should be no different that physically moving the hard drive from PCA -> PCB.

    Now where the issue WILL come in is if you capture PCA in January and then go to deploy it to PCB in June. Then you will have AD issues. This is because the computer account password in AD will be out of sync with the password stored when the image was captured in January. This password between AD and the machine account is changed (depending on the AD setting) every month. This is a security feature to keep long lost computers from being resurrected and connected to AD. You would have the same issue if you backed up the image to tape and tried it restore the image some time in the future.

    Now with the fog client, if you had it configured, it would try to connect PCB to AD, but it will fail because a computer of the same name is already in AD. So PCB will still be in a AD failed state. You could test this by capturing PCA with FOG, remove its AD account then deploy with FOG to PCB. The fog client should recreate the AD entry. It may not be in the OU you want, but it should create it (if the fog client IS installed AND the settings are properly set to have the fog client connect the computer to AD.



  • @george1421

    I thought about the situation again.
    I got an idea… because I would like to solve my problem with FOG.

    Before I create the image on PC A, I removed the PC out of the AD. Then I create the image & transfered this image back to PC-B and PC-A overnight. And at the FOG web interface I said „Join Domain after deploy“.

    Please note: PC-B is only switched on while the image is being downloaded or PC A can no longer work (-> e.g. PC-crash).

    In my tests, the transfer of the image worked without problems, only the connection to the AD was unavailable. Now it would be possible to make this connection manually. But in the event of an emergency, it would be a nuisance.

    Do I need the FOG WindowsClient?


  • Moderator

    @Tobi493 said in Cloning a PC with existing Active Directory connection:

    Now my goal is: when PC B is switched on after successfully transferring the image from PC A. An Active Directory connection should also exist here. (Only if PC A is no available).

    This is true.

    I also re-enacted this scenario. And to PC B I have set the option at the webinterface “join AD after Deploy”. Or do I not need this function if PC A is already in the AD and I took an Image from PC A??

    The computer will already be joined to the network as PC A. In this case you want a like for like clone. So FOG should not be configured to connect PCB to the domain or change its name. FOG should only restore the disk to the second computer and power it on.

    Currently I always run into the problem, when I look into the Active Directory Computers-List there is only one computer (it is logical if PC-A is replaced by PC-B). But I cannot establish a connection to Active Directory with the PC-B.(-> which is an Image from PC-A)

    Could it be that PC-B cannot establish a correct connection to the Active Directory? Or maybe the Active Directory notices that it is a different device and therefore PC-B can‘t join?

    The domain only knows about the logical OS not the hardware its running on. Disable FOG from changing the computer name or messing with its connection to AD during a deploy.

    IMO: If you are only using FOG for this idea, you are using the wrong tool. If you want a bare metal restore backup system use Veeam Windows Agent (free). You can backup the image to a NAS device and do a bare metal restore from the DVD you create during the install process. There is no server involved everything is done right at the computer with a NAS or usb attached hard drive. Its much cleaner and just works. Now if you are using FOG for other reasons then continue using it, if you are only using it for disaster recovery purposes use Veeam Agent instead.



  • @george1421

    Yes it is only 2 computers. PC-A as main and PC-B as backup. Both have the same hardware and are also registered on the FOG server.

    Now my goal is: when PC B is switched on after successfully transferring the image from PC A. An Active Directory connection should also exist here. (Only if PC A is no available).

    I also re-enacted this scenario. And to PC B I have set the option at the webinterface “join AD after Deploy”. Or do I not need this function if PC A is already in the AD and I took an Image from PC A??

    Currently I always run into the problem, when I look into the Active Directory Computers-List there is only one computer (it is logical if PC-A is replaced by PC-B). But I cannot establish a connection to Active Directory with the PC-B.(-> which is an Image from PC-A)

    Could it be that PC-B cannot establish a correct connection to the Active Directory? Or maybe the Active Directory notices that it is a different device and therefore PC-B can‘t join?

    Sorry about my knowledge gaps.

    Tobi


  • Moderator

    The typical approach for creating a one to many type deployment is to created your golden / mother / reference image on a VM so it is hardware independent. Never connect it to AD. Add all programs that are needed globally. Run sysprep and have sysprep power off the computer to ensure all of the files are closed properly. Then power on and capture with FOG.

    If the FOG client is installed on the golden image. Then the FOG client can connect the computer to AD and give it a name. The fog client is not required, in my case I don’t use the FOG client, but use the unattend.xml file to name the computer and connect it to AD. I also have a FOG extension called a PostInstall script that copies the required drivers to the target computer (computer being deployed to) and updates the unattend.xml file with the proper values. I have system requirements that the FOG Client can’t do so I use a PostInstall script to make that part work.


  • Moderator

    If you are transfering an image Computer A -> Computer B and then Computer A is removed from service then the Computer A can be a member of an AD domain. If you want both Computer A and Computer B to remain functioning then NO this is not the process. If you want to use FOG as a system migration tool then this is possible. You may have problems if Computer A and Computer B are different models of computers with different hardware drivers.

    If you are creating a one to many deployment its best to never have Computer A connected to any AD domain. Sysprep is not required to be used but is recommended especially if Computer A and Computer B are different models or made by different companies. Must you use sysprep, no. Should you use sysprep, yes.


Log in to reply
 

297
Online

7.1k
Users

14.3k
Topics

135.1k
Posts