INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Jobs from Indeed

VMware Question?

VMware Question?

(OP)
One of my domain controllers is an old physical box with Server 2003 only functioning as the second instance of the active directory. My other DC is a VM with all my Network Shares and File Server, Print Server, etc. I have another VMware host in a separate building serving as a DR site where my replica jobs go to and wanted to get rid of the old 2003K DC and create a new VM on the DR site host. My questions are:

1. Is it O.K. to have both DC's in a virtual environment?
2. Can I just create a new VM from one of the backups of the other VM and assign it the same IP of the old 2003 DC and use a new product key for 2008R2?
3. Not interested in P2V because we want to get off 2003.

Thanks for any answers.

RE: VMware Question?

Save yourself a lot of pain and frustration and just create a new 2008R2 VM and DCPromo it. Transfer any FSMO roles that the old DC has to one of the 2008R2 DCs and demote the old one when done. Make sure both your VM DCs are pointing to a reliable external time source (not getting time from the vSphere host) and you should be pretty much set.

The problem you may run into with all VM DCs vs having at least 1 physical is your DCs will likely also be your DNS servers. If your entire environment dies due to a disaster or something tragic, you might have a problem getting everything functioning again without getting DNS and AD running first. This is why most people keep a physical DNS / DC server around. So that they can get that running to speed in the recovery of all of your VMs and everything else. As long as you are able to connect to your host that you know has your VM DCs on it by IP address though you will probably be OK.

You might want to consider rebuilding the 2003 physical box when you are done as a 2008R2 box as well and DCPromoing so that you have it as a DC/DNS server.

RE: VMware Question?

(OP)
First of all, thanks for the reply. So what's the recommended way to go? I was going to buy a 2008 server 32 bit CD and key and just upgrade the 2003K server. This looks pretty easy to do, but we'd still have the old box. I can get the CD and license off Ebay for $160. A found a new 2008R2 64bit server for $699 on Ebay or I could just buy the product key for a 2008R2 server and create a VM.

I know I can have them both as VM's, but I'm just a little concerned that I can't see it boot up without VSphere or VCenter. So if there's a disaster I'll just have to trust that the backup DC/DNS VM would boot up with the host since I won't be able to see it with remoting into it or using the above VMware software.

How many can DC/DNS can you have?

Thanks for all the insight.

RE: VMware Question?

Quote (upinflameszzz)

How many can DC/DNS can you have?
Who many do you have the patience to build? The max is 1,200. But the more you have, the more latency you introduce to the replication. 2 is the minimum you should have, 4 seems to be the count I most commonly see.

There is nothing wrong with virtualizing your primary DC, but it can pose some difficulties as cabrun pointed out. Most of my customer choose to hold onto a physical DC for time synchronization reasons than anything else. You never want to sync time with a virtual server, it causes time drift (virtual CPU, virtual clock as well). Plus, by default, Windows network sync time with the primary DC. So there are less things to muck with using a physical DC.

When the DC must be virual, you need to do some tweaks to minimize the nuisances that go with it. Be sure to optimize the guest machine per the VMWare best practice for DC. Was going to type that out, but this link has a great doc on doing this Virtualizing Active Directory Domain Services On VMware vSphere®



Brent Schmidt [color red]Keep IT Simple[/color red]
Se±or Network Engineer http://www.kiscc.com

RE: VMware Question?

I am going to sort of disagree with my two counterparts slightly. What they say is all true but you also have to look at your environment as a whole. I have a 100% virtual environment with two DCs that are virtual. But I also have a highly redundant and mostly bulletproof infrastructure. Sure nothing is 100% but if you have quite a few hosts I see nothing wrong with virtualizing all your DCs. Set up affinity rules so they don't land on the same host when doing maintenance. I would follow cabraun's suggestion in creating a new VM then running DCPromo and transfer the roles. I would take it a step further and then upgrade to 2012 R2 (since 2008 R2 is already past its mainstream support, you still have 5 years though) but that depends on your own environment and whether your infrastructure can support 2012 R2.

Once again cabraun and Provogeek are correct in what they say. But you should also look at your environment and do what you feel is safe. To give you an example of my environment, I have a blade chassis (my only single point of failure) with 12 Dell m620 blades on a 4 shelf Compellent SAN all running on a redundant 10 gig network.

The answer is always "PEBKAC!"

RE: VMware Question?

(OP)
Thanks for all your replies. I was going to buy a 2008R2 key from go2keys.com for $99, but didn't feel safe using their keys for any or my servers. So, I picked up 2012R2 from an Ebay seller for $299 with a COA and 2CPU, 2VM install. This was a pretty good price. I'll follow some walk through's and set this up DC up. Doesn't look too difficult. Once, I get things pointed away from the physical 2003K server I may spend $150 to upgrade it to 2008 32 bit, which is as far as it'll go. This will put it to some use and provide a little assurance.

I checked my hosts and they aren't in the Active Directory so the DC's should boot with the host without issue. Also set the configs to

restrict 127.0.0.1
restrict default kod nomodify notrap
server 0.vmware.pool.ntp.org
server 1.vmware.pool.ntp.org
server 2.vmware.pool.ntp.org
driftfile /var/lib/ntp/drift

Once again, thanks.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close