You are really better off building a new system, and then running DCPROMO to make it become a DC.

DC's normally don't do well when P2V'ed.

Jase McCarty

http://www.jasemccarty.com

I also agree ...

It is generally not a good idea to migrate a domain controller using Converter. There are several posts here that warn against that.

http://www.vmware.com/community/thread.jspa?messageID=531753&#531753

http://www.vmware.com/community/thread.jspa?messageID=582094&#582094

We also have a note regarding this on our best practice for (troubleshooting) converter:

http://kb.vmware.com/kb/1004588

Do not attempt to convert a Windows operating system that is currently functioning as a domain controller. Domain controllers are extremely sensitive to hardware changes and the virtual hardware presented to a virtual machine is different from the physical hardware presented to a physical machine. A virtual machine created from an active domain controller may exhibit unexpected behavior.

There is an issue when P2V'ing a DC (Windows 2000 and Windows 2003). It affects the AD's Update Sequence number and can halt DFS replication.

For more information, see the following Microsoft articles:

Windows 2000: http://support.microsoft.com/kb/885875/

Windows 2003: http://support.microsoft.com/kb/875495/

It is possible but not confirmed that HP recognizes the potential problems with migrating a domain controller to another server and built that safety feature into their product.

You also have to factor in how changing the MAC address of your NIC to a vmware vendor made MAC address will have on your domain controller and DNS.

http://vmetc.com/2008/03/11/small-business-p2v-migrations/

I usually do not try to P2V the domain controllers. Too much can go wrong and it's just too easy to build one or two new a VMs as new DCs in the domain, allow time for replication, transfer the FSMO roles, and then dcpromo the physical server back to a member server. Then if there is still any other applications or services left on the box you can P2V what’s left.

The following procedure has been said to work:

Run Dcpromo to remove the machine as a domain controller.

In order to do so, please reference the following:

Repadmin /options DC_Name -disable_inbound_repl -disable_outbound_repl

--> re-run dcpromo

If you need a backup, you may want to use an imaging software such as Ghost, Symmantec or Acronis.

Additional finds:

http://communities.vmware.com/message/883941

Q: So it is a bad idea to convert dc's from physical to virtual correct?

It's a much better idea to stage a new VM and then run dcpromo. With a new VM you don't have to worry about old device drivers, management software, etc.

If you do clone

1) You must perform a cold clone. If you do a hot clone, when you bring the VM up it will be out of sync.

2) If you perform a cold clone and then power on the new VM, you must ensure that the old physical server is never powered on again (at least not with network connectivity).

Note also that snapshots are not supported by Microsoft as a valid method for backing up domain controllers. You'll need to perform a system state backup to be able to properly restore your DC down the road. Doing so can create inconsistencies across your AD databases -

http://support.microsoft.com/kb/888794

http://vmetc.com/2008/03/11/small-business-p2v-migrations/

I usually do not try to P2V the domain controllers. Too much can go wrong and it's just too easy to build one or two new a VMs as new DCs in the domain, allow time for replication, transfer the FSMO roles, and then dcpromo the physical server back to a member server. Then if there is still any other applications or services left on the box you can P2V what’s left.