VMware Cloud Community
jesszen
Contributor
Contributor
‎05-16-2011 01:30 PM
Jump to solution

How to properly snapshot and revert a Domain Controller

I have 4 x Windows 2003 Domain Controllers, 2 of which are physical and 2 of which are virtual. I need to install the IMU (Identity Management for Unix) component on each of them.

I would like to take a snapshot of one of the virtual DCs before installing the IMU component to roll back if it causes problems.

Does anyone know how to properly do this?

If I install the component on one of the domain controllers, decide it isn't functioning as planned, restore the domain controller from the 1 hour old snapshot and reboot it will there be AD issues? Are there other steps that need to be taken?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
vmroyale
Immortal
Immortal
‎05-16-2011 01:47 PM
Jump to solution

Hello.

This approach may violate support with Microsoft.  It can be done, but think about the consequences of not having support on AD, before you try this.  I personally would have another DC ready and a good system state backup.

"Active Directory does not support other methods to roll back the contents of Active Directory. In particular, Active Directory does not support any method that restores a "snapshot" of the operating system or the disk volume the operating system resides on. This kind of method causes a rollback in the update sequence number (USN) used to track changes in Active Directory. When a USN rollback occurs, the contents of the Active Directory databases on the improperly restored domain controller and its replication partners may be permanently inconsistent" - from MS kb 888794

Good Luck!

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com

View solution in original post

0 Kudos
3 Replies
vmroyale
Immortal
Immortal
‎05-16-2011 01:47 PM
Jump to solution

Hello.

This approach may violate support with Microsoft.  It can be done, but think about the consequences of not having support on AD, before you try this.  I personally would have another DC ready and a good system state backup.

"Active Directory does not support other methods to roll back the contents of Active Directory. In particular, Active Directory does not support any method that restores a "snapshot" of the operating system or the disk volume the operating system resides on. This kind of method causes a rollback in the update sequence number (USN) used to track changes in Active Directory. When a USN rollback occurs, the contents of the Active Directory databases on the improperly restored domain controller and its replication partners may be permanently inconsistent" - from MS kb 888794

Good Luck!

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
0 Kudos
TomHowarth
Leadership
Leadership
‎05-16-2011 05:49 PM
Jump to solution

Seriously do not do this,  reverting a snap of a DC will leave you in a world of pain.  if you are going to install this product, make sure that you have a  good backup and authoritive restore.

reverting snapshots are not supported by Microsoft and if you do so and it goes bad you will be on your own, Microsoft will wipe their hands of you and refuse support, so make sure that your CV is ready as it will be a career limiting move.

Both VMware and Microsoft do not recommend this!!!

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
AndreTheGiant
Immortal
Immortal
‎05-16-2011 10:58 PM
Jump to solution

AD backup must be handled in a proper way, not with VM or storage snapshots.

If you do not have specific backup tools, make a backup with the system state.

To make a restore follow Microsoft suggestion on how to make an authorative restore.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro