Virtualizing Domain controller is the subject of today's post. I was able to attend a session which is oriented for some lead practices for Virtualizing Active Directory using vSphere. The session EA6705 was full or almost.
Some of my customers are still fearing going full virtual, or some of you who working in an organization where the local IT policy is restricted to not going full virtual (keeping half on physical and a half on virtual).
The good thing to know is that it's fully supported by Microsoft (together with SQL, Exchange, Sharepoint…) so there is no reason not to virtualize a Domain Controller (DC). But some lead practices should be followed to avoid you to run into a problems.
One of the biggest consideration is Time synchronization. In fact, the process is not that simple as it seems since there are few possibilities to avoid a time drift. With avoiding that, you save yourself quite a lot of troubles, since even with a small time drift 5 minutes makes your virtualized domain controller running into some difficulties and some nasty things will start to happen.
With avoiding that, you save yourself quite a lot of troubles, since even with a small time drift 5 minutes makes your virtualized domain controller running into some difficulties and some nasty things will start to happen. Like Kerberos tickets not granted and log on requests refused by that domain controller. The access to the resources located on that DC will be become unavailable because of that.
Concerning the backups via snapshots… (if you doing it…) Just forget it, because it's even not supported by Microsoft. All the issues which can and will happen when you'll try to revert to your latest snapshot are documented.
In real world examples, I was able to follow the proper restore of a VM and the proper way of doing it.
USN tombstone issues… pretty critical for a DC…
The best way to migrate? Certainly, it's not the best way to convert a DC from physical controller… It's like 60 to 40 percent scenario… In 60 percent of cases, it works. If you want to save your day. Install a fresh VM and promote via DC promo…
Some virtual hardware advice for the right sizing and some real examples we could see what the virtual hardware should be and the CPU, memory allocation.
I certainly learned much more than I can expose here, so it was certainly worthy to attend this session. With the new knowledge just acquired, I'm gonna have to check what is right and what can be improved for my latest installations.
You can check more in our updated post here.
TIP: Upgrade Windows Server 2012R2 AD to Server 2016
