VMware Cloud Community
Noob_err
Contributor
Contributor
‎07-14-2009 10:53 AM

Converting Domain Controller 2003 VMware server 1.2 to ESXi4.0

Here is my question:

I have 5 Domain Controllers (2 remote) and all 2003. Two of them are hardware and 3 are VM's. VMWare Server 1.2 and 1.3.

I would like to start to convert the VM's to ESXi4.0. I have converted several other VM's (1.x and 2.0) with the Free Converter Standalone Client 4.0.1 BUT never a Domain Controller.

I have read that it is easier to just make a new server and dcpromo it. This sounds easy but the VM that I really need to convert has Cert Authority, DNS, DHCP and is our Licensing Server. So rebuilding it does not give me a "warm fuzzy feeling".

Can this be done with relatively few issues?

Thanks for the help

Reply
0 Kudos
12 Replies
Troy_Clavell
Immortal
Immortal
‎07-14-2009 11:05 AM

here's a good KB article you might want to look at

http://kb.vmware.com/kb/1006996

Reply
SomeJoe7777
Enthusiast
Enthusiast
‎07-14-2009 11:36 AM

Easiest way is to (one at a time), demote the existing domain controller to a standalone server with dcpromo, then convert it, then re-promote it after it's in the new VM environment with dcpromo. The demotion will replicate off any changes to other DCs in the domain, and then after the machine is converted, re-promoting it will copy all the AD information back to the machine.

I did this with two physical DCs, they are now VMs.

One of them was, like yours, installed with all sorts of stuff - network monitoring software, license servers, DHCP, DNS, 3 NICs, RAS, etc. This method worked fine.

Take some sort of image backup of the machine after it becomes a standalone server but before the conversion (I used Acronis True Image). If anything goes wrong during the P2V, you can back out and restore the physical server.

Before you demote the DC, you may also want to gracefully transfer the FSMO roles for the domain/forest to another domain controller rather than have Windows do it for you during the demotion (because you can't control which DC it will transfer the roles to). See Microsoft KB 255504 for how to transfer the roles. To view the existing role holders, install the Windows Server 2003 Support Tools, and run from the Support Tools command prompt:

netdom query /domain:<domain> fsmo

where <domain> is the name of the AD domain.

Reply
Noob_err
Contributor
Contributor
‎07-14-2009 11:46 AM

Were you able to do this with CA installed? I have to many things tied to that and removing that from the Domain breaks quite a few things if I am not mistaken.

Reply
0 Kudos
SomeJoe7777
Enthusiast
Enthusiast
‎07-14-2009 11:54 AM

I do not have CA installed on any of my DCs, so that is a part of your question that I do not know.

It may be possible to migrate the CA to another machine. If Microsoft has a procedure for this, you could migrate the CA to another DC, then perform this procedure on this DC, then migrate it back after it's a VM again.

Reply
0 Kudos
SomeJoe7777
Enthusiast
Enthusiast
‎07-14-2009 12:00 PM

I do not have CA installed on any of my DCs, so that is a part of your question that I do not know.

It may be possible to migrate the CA to another machine. If Microsoft

has a procedure for this, you could migrate the CA to another DC, then

perform this procedure on this DC, then migrate it back after it's a VM

again.

Reply
0 Kudos
Noob_err
Contributor
Contributor
‎07-14-2009 12:07 PM

MS does have a path but you need to use the same server name. It is workable but a pain. Was hoping for an easy way (Like converting it) other then moving every thing to a new server.

Reply
0 Kudos
kchawk
Contributor
Contributor
‎07-15-2009 12:40 PM

If it were me I would go ahead and p2v it using converter. I have done it several times with success. Since you have multiple dcs you shouldn't have any worries for downtime.

Do a clean reboot of physical dc

P2V the DC

Power off physical dc for that just in case feeling

Bring up new vm with networking not connected so it can't connect to other dcs

Go thru and remove all un-needed hardware via device manager - make sure to show hidden devices.

Run the following two commands in a cmd window.

set devmgr_show_nonpresent_devices=1

devmgmt.msc

In dev manager under view select show hidden devices

restart vm

install tools

restart vm with network connected

watch event log for issues

--Sorry missed that they were vms to start with. I would think that would be better anyway. Convert it then update vm tools.

Message was edited by: kchawk

Reply
0 Kudos
Noob_err
Contributor
Contributor
‎07-15-2009 01:10 PM

The server is a VM already (server 1.2) so I "shouldn't" have that much extra hardware. I am worried about sync issues with the AD. I have had this happen before on this server. That was a long night with MS, until they found out it was VMware. Then "Sorry we can't help <click>".

I am toying with backing up the CA DB's > removing CA > Demoting the server > converting it to ESXI > promoting the server > installing CA > importing the CA DB's > Pray. I am worried how dns/dhcp will act as all this is going on though.

I know that it is a lot of work and would just love to convert it.

Never knew about devmgr commands. Thanks I can use those.

**Just bite the bullet and convert it and hope all is well. I might just have to do that. I will make sure that there are no roles and make a backup of the DC's and the system states. Convert it and see if the AD starts to have sync issues.

Reply
0 Kudos
kchawk
Contributor
Contributor
‎07-15-2009 01:18 PM

If you use converter it wouldn't it be:

power off current dc vm

convert to ESXi

power on vm

run for awhile, snap shot it then upgrade vm tools

check and delete snapshot

It would almost be like rebooting it.

Reply
0 Kudos
Noob_err
Contributor
Contributor
‎07-15-2009 01:24 PM

That should work. If there are sync issues then i will just have to deal with them. Need a good Doc on how to recover from that then :smileylaugh:

Snapshot is something that I haven't done on esxi yet but it should be pritty much the same.

Reply
0 Kudos
DSTAVERT
Immortal
Immortal
‎07-15-2009 01:42 PM

Take system state backups. You can use them to do an administrative restore of active directory if you end up with sync issues. Create a little test environment and run through some of the tasks you have in front of you. Make sure you have the DC with the FSMO roles and whatever ones you need to test.

-- David -- VMware Communities Moderator
Reply
0 Kudos
ehinkle
Enthusiast
Enthusiast
‎07-21-2009 03:32 PM

Did you ever do the migration, what type of sync issues would you come accross when you converted it, I would think it would be justing down the server.

Reply
0 Kudos