VMware Cloud Community
XTREM1337
Contributor
Contributor
‎02-28-2011 07:28 AM

Any concerns about virtualizing a Domain Controler?

Any concerns about virtualizing a Domain Controler? DC Windows 2003 and our ESX version is 4.1

We heard some horror story, like disynchronized time clock, AD locked, VPN issue etc.

Thanks

0 Kudos
8 Replies
vmroyale
Immortal
Immortal
‎02-28-2011 07:38 AM

Hello.

It can be done safely, but you just have to use some extra caution.  Time sync is important, but equally important in physical servers.  Another important thing is not to snapshot them, as it is not supported by MS.  I have customers with all DCs virtualized, mixed environments, and some with none.  It usually comes down to how well AD is supported/understood internally, but I haven't (yet) seen a technical reason that stopped the virtualization of DCs.

Good Luck!

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
DSTAVERT
Immortal
Immortal
‎02-28-2011 07:39 AM

There should be no real problems with a virtualized domain controller. I would install a fresh 2003 virtual server and use dcpromo on the new install. Move the master roles to the new server and demote the old server.

-- David -- VMware Communities Moderator
0 Kudos
XTREM1337
Contributor
Contributor
‎02-28-2011 08:18 AM

Can we virtualizing it LIVE and stop some services OR shuting down the physical machine and booting it with a converter CD?

We have 2 DC.

0 Kudos
Gooose
Enthusiast
Enthusiast
‎02-28-2011 08:21 AM

Hi,

I run our environment with virtualised DC's, however I have also kept one physical.

To be honest, you are better to build the DC from scratch and then do a DC promo rather than trying to convert it.

Thanks

0 Kudos
DSTAVERT
Immortal
Immortal
‎02-28-2011 08:24 AM

Cloning a Domain Controller makes changes to the OS. There is the possibility that you will need to reactivate the license. It quite likely will not want to syncronize with the existing DC. http://kb.vmware.com/kb/1006996

-- David -- VMware Communities Moderator
0 Kudos
vmroyale
Immortal
Immortal
‎02-28-2011 08:24 AM

Check out Microsoft kb 875495 - I would not want to jeopardize my directory with an unsupported migration.  The P2V of a DC can be done, but the question is whether or not the risk is worth the reward.

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
0 Kudos
Bartmosss
Enthusiast
Enthusiast
‎02-28-2011 08:29 AM

I am working mostly with SMB and sometime I don't have the choice to P2V their AD controller as they have installed many other thing that AD.

You can do it with the converter boot cd, but you can also do it using AD Restore Mode when you boot.. (F8). I have done it many times and I did not have any problem.

MCP, A+, Network+, Linux+, VSP, VTSP, VCP
0 Kudos
WonderingWhy
Enthusiast
Enthusiast
‎02-28-2011 09:40 PM

Hi There,

I have also had to virtualise a domain controller because it was performing many other functions that could not easily be replicated.

I used the cold-clone converter cd, and it went ok.

I took steps to ensure that the hardware for the physical DC was never powered on again.

As mentioned, snapshots cannot/must not be used on DC's or you are asking for a world of pain.

NK

0 Kudos