9 Replies Latest reply on Apr 22, 2008 7:11 PM by conradsia

    Snapshot of active directory server

    conradsia Hot Shot

       

      Does anyone know of any issues when snapshotting a 2003 domain controller? Particulary with reverting back, Can I have issues with AD getting out of sync?

       

       

       

       

       

        • 1. Re: Snapshot of active directory server
          conradsia Hot Shot

          From what I read on other forum posts it isn't recommeded so I decided not to do it.

          • 2. Re: Snapshot of active directory server
            java_cat33 Master

             

            Excellent decision!!

             

             

            1 person found this helpful
            • 3. Re: Snapshot of active directory server
              conradsia Hot Shot

              What if I shutdown the DC and then clone it? Will that give me a better chance of not corrupting AD If I need to go back to the clone?

              • 4. Re: Snapshot of active directory server
                TomHowarth Guru
                vExpertUser Moderators

                why would you want to take a snapshot of a DC, if you have reason to revert you will cause your self loads of pain.  I put this is the same bracket as P2Ving a DC just because you can does not mean you should.

                 

                 

                 

                 

                Tom Howarth

                VMware Communities User Moderator

                • 5. Re: Snapshot of active directory server
                  JonRoderick Expert

                   

                  Using snapshots and clones with AD VMs (i.e. domain controllers) can be done (I've done it when, for example, testing schema changes) but be very careful how you do it. 

                   

                   

                   

                   

                   

                  The main problem is that if you start randomly reverting to snapshots, the update sequence numbers AD uses to keep track of the changes made on each DC will get screwed up - you'll probably have problems with DCs not replicating changes etc.

                   

                   

                   

                   

                   

                  If you really have to do it, take every DC down, then take a snapshot of each one.  Bring them back up, make your changes or whatever then when you're ready to revert to snapshot, take them all down again and revert to the snapshots you took at the start.  Don't power anything up until all the snapshots have been restored.  You should find that is ok.

                   

                   

                   

                   

                   

                  You would have to be absolutely flippin' insane to start doing this in your production AD though - if you're tempted, put the keyboard down and step AWAY from the DC.

                   

                   

                   

                   

                   

                  Good luck!

                   

                   

                  1 person found this helpful
                  • 6. Re: Snapshot of active directory server
                    TomHowarth Guru
                    User ModeratorsvExpert

                     

                    as I said too much pain Although in a sandboxed test environment it can be done but never in a production environment, as said if you ever get the urge,  put you keyboard down and dip your head in a bucket of cold water until sanity returns.

                     

                     

                     

                     

                     

                     

                     

                     

                     

                     

                    Tom Howarth

                    VMware Communities User Moderator

                     

                     

                    • 7. Re: Snapshot of active directory server
                      rickwestrate Enthusiast

                       

                      You can certainly take a snapshot of an AD server, but you should never roll it back in a production environment.  AD will get very unhappy.  The only way you should roll back AD is through the properly supported methods provided by MS via Active Directory Restore Mode.

                       

                       

                      There was a great session at VMWORLD 2007 regarding running AD on VI3.  Check it out at:  http://www.vmworld.com/vmworld/mylearn?classID=11656

                       

                       

                      • 8. Re: Snapshot of active directory server
                        java_cat33 Master

                         

                        What I've done on my DC VM's is set their disk mode to Independent and persistent so they are not affected by snapshots. This is just another step of protection - however I'll still never take a snapshot of the DC!! - however if someone else does for example unknowingly and then commits it...... lets just hope it doesn't kill it!!

                         

                         

                        In fact, I don't even think a snapshot will be created for the disk that has the AD database and is set to independent and persistent

                         

                         

                        • 9. Re: Snapshot of active directory server
                          conradsia Hot Shot

                           

                          Thanks for all of the replies. I had a client who wanted to patch some DC's and wanted to know if they could snapshot the DC. I told them no but I wanted to here what the general consensus was. Thanks again, the replies were very helpful.