VMware Cloud Community
conradsia
Hot Shot
Hot Shot
‎04-21-2008 02:59 PM
Jump to solution

Snapshot of active directory server

Does anyone know of any issues when snapshotting a 2003 domain controller? Particulary with reverting back, Can I have issues with AD getting out of sync?

0 Kudos
1 Solution

Accepted Solutions
rickwestrate
Enthusiast
Enthusiast
‎04-22-2008 01:12 PM
Jump to solution

You can certainly take a snapshot of an AD server, but you should never roll it back in a production environment. AD will get very unhappy. The only way you should roll back AD is through the properly supported methods provided by MS via Active Directory Restore Mode.

There was a great session at VMWORLD 2007 regarding running AD on VI3. Check it out at:

View solution in original post

0 Kudos
9 Replies
conradsia
Hot Shot
Hot Shot
‎04-21-2008 04:42 PM
Jump to solution

From what I read on other forum posts it isn't recommeded so I decided not to do it.

0 Kudos
java_cat33
Virtuoso
Virtuoso
‎04-21-2008 05:43 PM
Jump to solution

Excellent decision!! :smileygrin:

conradsia
Hot Shot
Hot Shot
‎04-22-2008 11:47 AM
Jump to solution

What if I shutdown the DC and then clone it? Will that give me a better chance of not corrupting AD If I need to go back to the clone?

0 Kudos
TomHowarth
Leadership
Leadership
‎04-22-2008 12:11 PM
Jump to solution

why would you want to take a snapshot of a DC, if you have reason to revert you will cause your self loads of pain. I put this is the same bracket as P2Ving a DC just because you can does not mean you should.

Tom Howarth

VMware Communities User Moderator

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
0 Kudos
JonRoderick
Hot Shot
Hot Shot
‎04-22-2008 12:26 PM
Jump to solution

Using snapshots and clones with AD VMs (i.e. domain controllers) can be done (I've done it when, for example, testing schema changes) but be very careful how you do it.

The main problem is that if you start randomly reverting to snapshots, the update sequence numbers AD uses to keep track of the changes made on each DC will get screwed up - you'll probably have problems with DCs not replicating changes etc.

If you really have to do it, take every DC down, then take a snapshot of each one. Bring them back up, make your changes or whatever then when you're ready to revert to snapshot, take them all down again and revert to the snapshots you took at the start. Don't power anything up until all the snapshots have been restored. You should find that is ok.

You would have to be absolutely flippin' insane to start doing this in your production AD though - if you're tempted, put the keyboard down and step AWAY from the DC.

Good luck! Smiley Happy

TomHowarth
Leadership
Leadership
‎04-22-2008 01:00 PM
Jump to solution

as I said too much pain Smiley Wink Although in a sandboxed test environment it can be done but never in a production environment, as said if you ever get the urge, put you keyboard down and dip your head in a bucket of cold water until sanity returns.

Tom Howarth

VMware Communities User Moderator

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
0 Kudos
rickwestrate
Enthusiast
Enthusiast
‎04-22-2008 01:12 PM
Jump to solution

You can certainly take a snapshot of an AD server, but you should never roll it back in a production environment. AD will get very unhappy. The only way you should roll back AD is through the properly supported methods provided by MS via Active Directory Restore Mode.

There was a great session at VMWORLD 2007 regarding running AD on VI3. Check it out at:

0 Kudos
java_cat33
Virtuoso
Virtuoso
‎04-22-2008 01:19 PM
Jump to solution

What I've done on my DC VM's is set their disk mode to Independent and persistent so they are not affected by snapshots. This is just another step of protection - however I'll still never take a snapshot of the DC!! - however if someone else does for example unknowingly and then commits it...... lets just hope it doesn't kill it!!

In fact, I don't even think a snapshot will be created for the disk that has the AD database and is set to independent and persistent

0 Kudos
conradsia
Hot Shot
Hot Shot
‎04-22-2008 07:11 PM
Jump to solution

Thanks for all of the replies. I had a client who wanted to patch some DC's and wanted to know if they could snapshot the DC. I told them no but I wanted to here what the general consensus was. Thanks again, the replies were very helpful.

0 Kudos