Does anyone know of any issues when snapshotting a 2003 domain controller? Particulary with reverting back, Can I have issues with AD getting out of sync?
You can certainly take a snapshot of an AD server, but you should never roll it back in a production environment. AD will get very unhappy. The only way you should roll back AD is through the properly supported methods provided by MS via Active Directory Restore Mode.
There was a great session at VMWORLD 2007 regarding running AD on VI3. Check it out at:
From what I read on other forum posts it isn't recommeded so I decided not to do it.
Excellent decision!! :smileygrin:
What if I shutdown the DC and then clone it? Will that give me a better chance of not corrupting AD If I need to go back to the clone?
why would you want to take a snapshot of a DC, if you have reason to revert you will cause your self loads of pain. I put this is the same bracket as P2Ving a DC just because you can does not mean you should.
Tom Howarth
VMware Communities User Moderator
Using snapshots and clones with AD VMs (i.e. domain controllers) can be done (I've done it when, for example, testing schema changes) but be very careful how you do it.
The main problem is that if you start randomly reverting to snapshots, the update sequence numbers AD uses to keep track of the changes made on each DC will get screwed up - you'll probably have problems with DCs not replicating changes etc.
If you really have to do it, take every DC down, then take a snapshot of each one. Bring them back up, make your changes or whatever then when you're ready to revert to snapshot, take them all down again and revert to the snapshots you took at the start. Don't power anything up until all the snapshots have been restored. You should find that is ok.
You would have to be absolutely flippin' insane to start doing this in your production AD though - if you're tempted, put the keyboard down and step AWAY from the DC.
Good luck!
as I said too much pain Although in a sandboxed test environment it can be done but never in a production environment, as said if you ever get the urge, put you keyboard down and dip your head in a bucket of cold water until sanity returns.
Tom Howarth
VMware Communities User Moderator
You can certainly take a snapshot of an AD server, but you should never roll it back in a production environment. AD will get very unhappy. The only way you should roll back AD is through the properly supported methods provided by MS via Active Directory Restore Mode.
There was a great session at VMWORLD 2007 regarding running AD on VI3. Check it out at:
What I've done on my DC VM's is set their disk mode to Independent and persistent so they are not affected by snapshots. This is just another step of protection - however I'll still never take a snapshot of the DC!! - however if someone else does for example unknowingly and then commits it...... lets just hope it doesn't kill it!!
In fact, I don't even think a snapshot will be created for the disk that has the AD database and is set to independent and persistent
Thanks for all of the replies. I had a client who wanted to patch some DC's and wanted to know if they could snapshot the DC. I told them no but I wanted to here what the general consensus was. Thanks again, the replies were very helpful.