VMware Cloud Community
ziasyed
Contributor
Contributor
‎01-14-2019 11:55 PM

physical Domain controller(DC) and ADC server to VM on ESXI host

I've been tasked with converting our physical  Domain controller(DC) and Additional DC server to VM on ESXI host . I have never converted a DC server box and am looking for some Best Practices or known issues to watch out for. I've been reading about what to do, what NOT to do, etc. I am planning on using the VMware Converter Standalone to perform the conversion.I have little inof that the DC Database may get corrupt. But what is the best way, step-by-step, to do this? Should I use the "Synchronize" function in the converter?

Regards,

13 Replies
Beingnsxpaddy
Enthusiast
Enthusiast
‎01-15-2019 12:22 AM

ziasyed​ Dear, I wouldn't suggest you to convert a physical domain controller to Virtual using converter, as it may land you with unexpected issues.

Best way to move DC to virtual infra is when you have more than 1 DC ( DC and ADC) is to decommission the physical domain controller, create a new VM with same host name and other configuration, promote that as a DC. It will make sure that there are no corruption in your AD database. Once first DC is successfully moved to Virtual Infra, monitor it for 10 days  at least and then follow the same approach for the ADC.

This approach is tried and tested in multiple environments and it guarantees no corruption in DB along with no unexpected issues.

Use the benefit AD replication instead of getting stuck with USN rollback and other weird issue which may arise due to P2V.

I hope this helps.

Regards Pradhuman VCIX-NV, VCAP-NV, vExpert, VCP2X-DCVNV If my Answer resolved your query don't forget to mark it as "Correct Answer".
HassanAlKak88
Expert
Expert
‎01-15-2019 12:48 AM

Hello,

Sure you can use the VMware Converter to convert DC physical machine to virtual.

But I recommend the below steps for this case:

  • Create New VM on vmware environment
  • Assign name, IP DNS and join it to domain
  • Install Active Directory Service Role
  • Promote it as secondary DC
  • Move FSMO roles from old DC (Physical) to this new VM
  • Demote the DC role from physical and destroy this server

Note: if you have a concern regarding the IP address of DNS servers, you can use a temporary IP address for new VM and when you move the FSMO roles you can switch to old IP of old DC (physical).

Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.

Cheers,

VCIX6-NV|VCP-NV|VCP-DC|

@KakHassan

linkedin.com/in/hassanalkak


If my reply was helpful, I kindly ask you to like it and mark it as a solution

Regards,
Hassan Alkak
0 Kudos
ziasyed
Contributor
Contributor
‎01-15-2019 01:39 AM

thanks for your answer. please refer my post where i mentioned that i have DC and ADC. Can you reply me with this correction.

0 Kudos
ziasyed
Contributor
Contributor
‎01-15-2019 01:42 AM

Thanks for your inputs. Let me collect more answers and conclude.

Cheers!

0 Kudos
HassanAlKak88
Expert
Expert
‎01-15-2019 01:47 AM

as I understand, the DC is physical and ADC is virtual.

So you can follow the below:

  • Create New VM on vmware environment (ADC)
  • Assign name, IP DNS and join it to domain (ADC)
  • Install Active Directory Service Role (ADC)
  • Promote it as secondary DC (ADC)
  • Move FSMO roles from old Physical (DC) to this new VM (ADC)
  • Demote the DC role from physical (DC) and destroy this server

Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.

Cheers,

VCIX6-NV|VCP-NV|VCP-DC|

@KakHassan

linkedin.com/in/hassanalkak


If my reply was helpful, I kindly ask you to like it and mark it as a solution

Regards,
Hassan Alkak
Beingnsxpaddy
Enthusiast
Enthusiast
‎01-15-2019 01:49 AM

I have given you the best possible option which is already tested with multiple migrations and transformations. Its the safest approach for migrating DC from physical to virtual, with no data loss.

Regards Pradhuman VCIX-NV, VCAP-NV, vExpert, VCP2X-DCVNV If my Answer resolved your query don't forget to mark it as "Correct Answer".
ziasyed
Contributor
Contributor
‎01-15-2019 02:13 AM

Both the servers(DC & ADC) are physcial windows 2008 R2 servers. We are implementing the Virtualization now.

0 Kudos
HassanAlKak88
Expert
Expert
‎01-15-2019 02:18 AM

ok great no problem, so you can create a third server as VM, and move FSMO roles to it.

per example the name of this server is DC02, steps will be:

  • Create New VM on vmware environment (DC02)
  • Assign name, IP DNS and join it to domain (DC02)
  • Install Active Directory Service Role (DC02)
  • Promote it as secondary DC (DC02)
  • Move FSMO roles from old Physical (DC) to this new VM (DC02)
  • Demote the DC role from physical (DC) and destroy this server

Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.

Cheers,

VCIX6-NV|VCP-NV|VCP-DC|

@KakHassan

linkedin.com/in/hassanalkak


If my reply was helpful, I kindly ask you to like it and mark it as a solution

Regards,
Hassan Alkak
ziasyed
Contributor
Contributor
‎01-15-2019 02:55 AM

what about the ADC which is still running as physical server.Do we need to follow same steps.

0 Kudos
larstr
Champion
Champion
‎01-15-2019 03:32 AM

Please keep in mind that this is also be a great opportunity to migrate to a newer server OS than Windows Server 2008 as 2008 will reach end of support in 364 days.

Lars

0 Kudos
Beingnsxpaddy
Enthusiast
Enthusiast
‎01-15-2019 05:00 AM

First you migrate ADC to virtual platform, using the approach discussed above and once that is moved make it FSMO owner and perform same operation with DC. once both are on virtual platform, you can decide which FSMO role needs to be hosted on which DC.

And yes I agree with Lars, its an opportunity to upgrade the DC operating system as well.

Regards Pradhuman VCIX-NV, VCAP-NV, vExpert, VCP2X-DCVNV If my Answer resolved your query don't forget to mark it as "Correct Answer".
0 Kudos
Beingnsxpaddy
Enthusiast
Enthusiast
‎01-15-2019 05:02 AM

Just for your reference.

VMware Knowledge Base

Point want to highlight.

Regards Pradhuman VCIX-NV, VCAP-NV, vExpert, VCP2X-DCVNV If my Answer resolved your query don't forget to mark it as "Correct Answer".
ChrisFD2
VMware Employee
VMware Employee
‎01-15-2019 06:27 AM

Unless absolutely necessary, avoid any kind of physical to VM conversions. You'll more than likely end up with issues down the line.

Deploy a new 2016 or 2019 VM, promote it, move FSMO roles if required and then demote/decommission the old one. Deploying a 2016 or 2019 DC will make AD/schema changes, so you'll likely have to reboot any Exchange servers afterwards.

If you are moving FSMO roles and use the DC as a time source to get its time from an NTP server, don't forget to make the necessary registry changes.

Regards,
Chris
VCIX-DCV 2024 | VCIX-NV 2024 | vExpert 6x | CCNA R&S