P2V MS Active Directory - Domain Controller

athlon_crazy · ‎11-13-2008

Really need opinion from those who had experience P2V MS domain controller.

1) Is it advisable to P2V domain controller?

2) Any issue

3) Any area I need to concern b4 P2V this machine?

Thanks

http://www.no-x.org

AWo · ‎11-13-2008

1) Is it advisable to P2V domain controller?

Advisible? If it is advisible to virtualize servers this also applies to DC's. From my experience I see no issue not to have a virtual DC. In fact I have customers which have all of their DC's virtualized. But you should take care that at least one DC is available if your virtualization host(s) is/are down. Otherwise you may have trouble with Virtual Center.

Why you want to P2V the DC? Why not just install a new one as a virtual machine? That makes the deployment of a DC a lot eassier.

2) Any issue

When I P2Vd DC's I always put them in the Directory Repair Mode so that the AD database was closed.

You should have a look at time synchromization. The PDC FSMO role owner is the highest time authority in an AD. If you use the VMware Tools to synchromize the time (recommended) you should keep W32Time running on virtual DC's but configure them to be a reliable time source and not to sync with others.

Some useful links:

http://kb.vmware.com/kb/1006996

http://communities.vmware.com/message/1054290#1054290

http://communities.vmware.com/message/724773#724773

vExpert 2009/10/11 [:o]===[o:] [: ]o=o[ :] = Save forests! rent firewood! =

ChrisDearden · ‎11-13-2008

If you are just running active directory on the DC then I would migrate the service , not the server. That way your DC doesn't have any remenants of when it was physical.

Build a fresh DC on the ESX server and either promote it from a system state backup of an exisiting machine or let it promote over the LAN ( depending on your AD size )

Make sure its independantly syncing time from another DC , not the ESX host.

If this post has been useful , please consider awarding points. @chrisdearden http://jfvi.co.uk http://vsoup.net

TomHowarth · ‎11-13-2008

personally I would not P2V a DC, it can be more pain than it is worth, it is simplier to just provision a new VM and run DC promo. then transfer any FSMO roles as required.

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth

VMware Communities User Moderator

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

vmroyale · ‎11-13-2008

Like others have said, just build new and skip the P2V. For me, it comes down to the risk involved vs the reward. While the ease of the P2V is there, the reality is that this could affect your AD in a serious way. It is a little bit more work to build new DCs, but I wouldn't want to be on the other end of a support call with Microsoft and have to tell them that I did a P2V of a DC.

Here is a link to Microsoft KB875495 that details one of the things that could go wrong. Compare the amount of work here to building a new DC.

Good Luck!

athlon_crazy · ‎11-13-2008

Perhaps MS wont suggest us to virtualize this (Sorry, I don't have strong knowledge on Windows services). BTW, since both of you done this b4, I'll do P2V for this machine.

Why P2V? since my customer want it, nothing much I can say. BTW, I will try to propose to the customer with the new one!

Regarding the issue or area need to be concerned, there will be another 2 DC on physical machine. Thanks for sharing time sync, directory repair mode & WIN32Time which I need to take care with.

http://www.no-x.org

All

P2V MS Active Directory - Domain Controller