VMware Cloud Community
Mango96701
Contributor
Contributor
‎09-27-2010 11:01 AM

Virtualizing Domain Controllers

I've read some documents and forum inputs about virtualizing Domain Controllers (esp those with DHCP, DNS roles) and specifically "NOT" to virtualize all DCs.

My question is: We have 3 separate Domains, North America, Asia and Europe. Each has DCs in their location. In the North America Domain, we have 2 remaining DCs. These have DHCP and DNS installed on Windows 2003 servers. The question is: since I have DCs in other domains does the "do not virtualize" all DCs suggestion apply to my North America domain? Would it be practical to make all my North America DCs VMs if I keep , at least, one of the Europe or Asia DCs physical? Or, does the suggestion apply to DCs within each Domain.............I have a suspicion it applies to each domain but wanted to ask anyway.

Also, I'd be interested in hearing how you'all feel about even doing this............making all the DCs in a domain virtual.

0 Kudos
9 Replies
mittim12
Immortal
Immortal
‎09-27-2010 11:44 AM

We have 12 different offices that have domain controllers and we have them all virtual. We have not run into any issues having all of them virtual.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

Mango96701
Contributor
Contributor
‎09-27-2010 11:46 AM

interesting. Are all your servers Windows 2003/2000/2008 or mixed? Do you have multiple domains and/or forests?

Thanks for your input

0 Kudos
mittim12
Immortal
Immortal
‎09-27-2010 11:50 AM

All are Windows 2008 R2 domain controllers but during the migration to 2008 we ran both 2003 and 2008. It used to be one forest and multiple domains but it's now one forest and single domain.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

0 Kudos
Mango96701
Contributor
Contributor
‎09-27-2010 11:52 AM

Thanks. appreciate your information. It may be that we "can" virtualize all our DCs. Want to see how others respond, too.

0 Kudos
mittim12
Immortal
Immortal
‎09-27-2010 11:55 AM

Not sure if you went to VMworld or not but if you did there is a best practices for virtualizing Active Directory session you can download and review from the vmworld.com site.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

0 Kudos
Mango96701
Contributor
Contributor
‎09-27-2010 11:57 AM

no. didn't get to go this year. maybe next year. I'll search for the document from the site. Thanks again

0 Kudos
Josh26
Virtuoso
Virtuoso
‎09-28-2010 12:01 AM

Hi,

The "Do not do" advice around Domain Controllers involves utilising snapshots, snapshot based backups or similar. Sometimes I don't believe a client will be able to help themselves on these issues and advise they do not virtualise a server at all based on this.

Provided the above advise is followed, there is no reason anywhere not to virtualise a domain controller, we've got multiple sites running multiple versions of windows in a purely ESXi environment.

0 Kudos
Mango96701
Contributor
Contributor
‎09-28-2010 05:05 AM

I've read some documents from both Microsoft and VMware and also some of the other forum discussions at other forum sites. There seems to be a split opinion on this.

one interesting point that I've read points to "failover". Since we have only the Enterprise License, we do not have the "failover" capability yet. We expect to upgrade in the future to Plus and also to move toward ESXi (since Vmware is headed that way). Is FAILOVER one of the features that I should consider if I go "totally virtual" with all our Domain Controllers? Bear in mind that the remaining DCs have DHCP, DNS and Wins on them. Also, if we do decide to fully virtualize.....how safe is Cold Boot virtualization? I am leaning toward just creating new VMs with the respective roles and just migrate the scopes and zones to the newly created VMs then re-ip'ing the new VMs so that the new VMs will have the same IP addresses of the old DCs. Also, will transfer FSMO roles, of course.

And, how do I protect our infrastructure if the conversion doesn't work? Is there a good rollback option?

0 Kudos
pauljawood
Enthusiast
Enthusiast
‎09-28-2010 05:29 AM

Hi,

A really helpful document to read I have attached. It takes you through time issues etc and is really informative






----

If you found this helpful then please leave some points.

If you found this helpful then please leave some points.
Preview file
506 KB
0 Kudos