So it look like a mess here for converting any DC on any version of the windows.

We have 2 DCs.

A) DHCP, DNS, WINS, Infra Role

B) DNS, WINS, Global Catalog, PDC, RID

Note: Both DNS are Actice Directory Integrated.

Are there any issues if we shutdown B) for a period of time and convert it to 5.0U1 ?

Are the below steps feasible?

Transfer Global Catalog from B) => A)

Transfer PDC from B) => A)

Transfer RID from B) => A)

Check for issue

Shutdown B)

Convert B) to new 5.0U1 host

Bring up B)

Check for issue

Transfer Global Catalog from A) => B)

Transfer PDC from A) => B)

Transfer RID from A) => B)

Check for issue

Install DHCP in B) - disable first

Configure in router/switches for the DHCP ip so user devices can obtain DHCP from B)

Plan Switch Over Downtime

Disable DCHP in A)

Activate DHCP in B)

Transfer Infra Role from A) => B)

Check for issue

Shutdown A),

Convert A) to new 5.0U1 host

Bring up A)

Check for issue

Transfer Infra Role B) => A.)

Check for issue

(Optional)

Plan Switch Over Downtime

Disable DHCP at B)

Enable back DHCP at A)

Check for issue

Only a quick thought:

Why don't you enable GC on both DC's, then - preferably during off hours - power off one of the DC's and copy the VM's folder to the new host using e.g. WinSCP or FastSCP? When powering on for the first time on the new host, make sure you select "I moved it" when ESXi asks whether the VM was moved or copied. "I moved it" will preserve the VM's UUID and MAC address.

Before you copy the folder, make sure the DC has been shut down cleanly  (not suspended) and there are no active snapshots ("00000x.vmdk" files in the VM's folder). If there are snapshots, delete them using the Snapshot Manager.

André

We prefer to convert it to the 5.0U1 format and using the new disk layout/align and etc technology.

Moving it will still be 3.5 format and not optimize.

We can enable Global Catalog on both DCs.

We want to make sure that the DC role are transfer and continue to run, while we shut it down for conversion.

The part is more difficult is the DHCP and we need to move as well.

Do you see any issue of the long time shutdown and perform the conversion?

If you are using Windows 2008 DC, I would enable DHCP on both DCs and split the scopes. This way you will introduce HA for your DHCP. If one DC fails, the other one will still be able to hand out IPs. 

If you have MAK licenses, I would just create a new DC from scratch and introduce it to the environment, then decommission the old server. But that's just me.

The purpose I ask is whether the steps I listed is suitable for the migration even it take longer time.

We need to keep the existing server name and ip without any changes.

We prefer to convert it to the 5.0U1 format and using the new disk layout/align and etc technology.

Moving it will still be 3.5 format and not optimize.

All that will not be aligned is the NTFS partition in the guest. For a DC I don't see a real difference in performance.

We want to make sure that the DC role are transfer and continue to run, while we shut it down for conversion.

Unless you run e.g. Exchange which relies on the GC, I don't see an issue with the downtime while copying the VM to the new host.

The part is more difficult is the DHCP and we need to move as well.

I don't see the need to migrate the DHCP server. Clients which already have a lease shouldn't be affected. Just make sure you have an up-to-date backup in case something goes wrong (which I don't think).

Do you see any issue of the long time shutdown and perform the conversion?

What's the size of the DC? I assume it's not very large, so the downtime will be short. If you do this after business hours, nobody should even notice the downtime.

Al in all, I would create a systemstate and sysvol backup before starting to migrate the systems. This will allow you to even restore the AD if disaster strikes.

André

Yes we have Exchange 2010 running as well. We need the Global Catalog be up and running.

The DCs have 1 C: drive which is 28GB, but used is about 10GB.

Currently we have veeam backup to backup those 2 DCs. We will perform systemstate and sysvol backup.

I guess the steps looks fine if we take care of the GC and the other roles properly and make a proper backup.

Any more feedback is greatly appreciated.

Currently we have veeam backup to backup those 2 DCs. We will perform systemstate and sysvol backup.

With Veeam Backup you can also create a current backup (Important: With the DC powered off) and restore this backup on the new host. This might even be a faster option than copying the VM's files.

Restoring an image based backup from a powered on DC will most likely corrupt the AD.

André

With Vmware converter, will it be a better way to go instead of Veeam backup/restore? We are using the old version of veeam.

Also I tried out converting V2V for a non DC windows server, the NIC information was missing after conversion to the new 5.0U1 host.

I notice you can use the advance part to enter the NIC information during the conversion process, but it required compulsory entry for the computer name and etc info.

Will it work, since the we don't change computer name for the conversion and the computer already registered/joined the domain controller?

Will VMware unjoin it from the domain and rejoin it again?

Also I tried out converting V2V for a non DC windows server, the NIC  information was missing after conversion to the new 5.0U1 host.

With the Converter you will always end up with a different UUID and MAC address. However, the changed MAC address should not really matter as long as you assign the correct (old) IP settings to it after conversion.

I  notice you can use the advance part to enter the NIC information during  the conversion process, but it required compulsory entry for the  computer name and etc info.

This is definitely something you don't want to do with the DC. Using the advanced settings (target modification) will basically create a new system.

André

It looks like we CANNOT automate the step to assign the IPs, DNS, WINS address in advance and use power off old VM and power on new VM without intervention.

Any way we can automate that steps?

What I did so far after migrating/converting a DC is to either boot it into safe mode first or boot it while the virtual NIC was set to disconnected (or temporarily connected to an internal-only vSwitch) to adjust all these settings.

André

Andre,

It looks like coming to the end of this discussion.

- We will do the role migration first to B) DC, then power off the A) DC, do a offline VM conversion to 5.0U1 with the old VM turn off autmatically.

- Bring up the converted A) DC (disconnected), set the LAN IPs/DNS,WINS the same as before and then enable it online and perform a one time reboot.

- Migrate back the original role to A) DC.

Perform the same for B) as well.

However with DHCP it will stay there nothing to be done. It will be down for a period of time.

It looks like coming to the end of this discussion.

No problem at all. Better ask now than later (or too late).

... with the old VM turn off  autmatically.

I'm a little bit worried about the "automatically" at the end of the sentence!? Please make sure the "old" VM is powered off before, during and after the conversion!

André

We have not done anything yet on this one.

We have feedback and concern about the downtime.

As mention we have 2 DCs and we will move the role(global catalog, PID, RID, Infra., etc) from one to another and shutdown and migrate it and then move it back.

How long is the downtime allowed for s shutdown DCs? Could we have a shutdown like eg. worst case scenario 3-5 hours?

I read that for windows 2003, the tombstone period is 180 days.

Technically a downtime of a couple of hours for a DC is not a problem at all.

With the size you mentioned before (28GB) and Gigabit Ethernet in place, I guess the migration will take less than half an hour. Once migrated you may want to consider upgrading VMware Tools followed by the VM's virtual hardware version, which will require some reboots. If everything is going to work as expected, migrating the DC shouldn't take more than an hour.

As mentioned earlier, I wouldn't worry about moving the roles, but just activate the GC on the second DC. However, it's your decision.

André