Template Server - Do's and Don't

rampeter · ‎02-21-2017

Hi All,

How to prepare a best template server ,What are recommendations steps which needs to be carried out.Kindly suggest.

1an3 · ‎02-21-2017

I have mine kept very generic.

I do not join our domain.

I install latest windows updates. I install latest VM Tools.

I have the template at a minimum hardware spec.

I have a customization template that maintains a DHCP address, and joins the domain, setting the hostname to the VM Name.

So when I deploy a new server from the template, I provide a VM name. Once the customization has completed, I need to change the VLAN/IP Address, change and record the local admin password and adjust the spec as required.

rampeter · ‎02-21-2017

Is joining the server in domain will cause any problem ?

TomHowarth · ‎02-21-2017

this of it this way, when a machine is joined to the domain it creates a GUID SID for the AD Domain it is joined to. when you create a template this will be duplicated in each machine you build, delivering to capability to potentially cripple your AD.

Do not join a template server to the domain.

Keep them as generic as you can, and regularly fire them up as a VM to update your OS patches

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

rampeter · ‎02-21-2017

Can anyway it can be reviewed in servers of the duplication?

1an3 · ‎02-22-2017

If you customize the new VM when you deploy it you have the option to generate a new SID

TomHowarth · ‎02-22-2017

As an Active Directory cannot have duplicate GUIDS in a domain, you will find machines dropping of the network. Seriously it would just be better to restart your template machine as a VM, return it to Template mode (if a windows machine, Run SYSPrep to and remove it from the domain and then remove and rejoin all the machines that have been created from the original template.

A Local SID is not an issue in an AD environment as it is not used for communication (this is not the case in a WorkGroup)

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410

rampeter · ‎02-22-2017

Tom- I have my template server joined in domain only but i don't find any issues in VM (windows and linux)more than 300 vm's

rampeter · ‎02-24-2017

Any more suggestions ?