Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Virtualizing Domain Controllers

Virtualizing Domain Controllers

Virtualizing Domain Controllers

We have 2 offices, one in the US and other in Canada. In canada there is just 2 physical boxes of the DC's replicating with the master domain controllers in USA through a firewall to firewall VPN setup.

Basically I need to virtualize my 2 Domain controllers in the USA. Is there a best practice document or a step by step link to achieve a smooth transition.

I plan to do this sunday.
-Take system state backups for DC1 and DC2.
-Power down DC2
-Use VMware Converter Cold boot CD and migrate the DC1.
-Power the virtual DC1 and check if everything is ok..
-If not boot into directory restore services mode and do a restore on the system state backup
-Convert DC2 the above way

Any tips here.


RE: Virtualizing Domain Controllers

In my experience doing a P2V on a DC is not advisable. We had nothing but problems. Our DNS wouldn't replicate, there were LDAP/Kerberos issues. You're better off creating a new, fresh, DC then demoting your old ones out. I am sure there are others that have done it and have worked but I've tried to P2V DC's on two different domains for two different companies both didn't end well. One was a 2k domain the other a 2003 domain.

I brought it up at our last VMUG meeting and most of the users there agreed that you're better off creating a new domain controller than doing a P2V of an existing DC.

If you do it, and it works, great for you but I think you'd save yourself a lot of work (and your users a lot of complaining) if it doesn't, by not doing a P2V.


The answer is always "PEBKAC!"

RE: Virtualizing Domain Controllers

Yep defiantly just build a new DC virtualised and don't P2V or you are in for a world of hurt.

RE: Virtualizing Domain Controllers

Agreed, build a new one. We had nothing but problems after one was p2v'd

RE: Virtualizing Domain Controllers

The issue happens to be that there is no write cache on a DC and therefore when you P2V it, it never gets all of the data.  

I recommend building a fresh DC in the VM environment.  Just as theravager and ArizonaGeek have stated.

I hope any help I give leads to great successes.

RE: Virtualizing Domain Controllers

I also agree with the above

"Insert funny comment in here!"

RE: Virtualizing Domain Controllers

Thanks to everyone for your response..I see it is best to create a new VM and then move the DC's..Is there a detailed link on the above steps as well.  

RE: Virtualizing Domain Controllers

Create a VM

Make sure dns is pointing to a existing dc


Wait a day check replication then configure dns to point to itself.

Move any fsmo roles if required.


RE: Virtualizing Domain Controllers

Agreed as well. DC's should be physical, not to say you cannot have multiple VM's in the background

RE: Virtualizing Domain Controllers

They don't need to be physical, just built from scratch as opposed to converting.


If it doesn't leak oil it must be empty!!

RE: Virtualizing Domain Controllers

you would not carry a physical DC? That is one server minus SQL in which I would keep physical. That is not to say that you cannot create VM's for backups just in case something was to crash

RE: Virtualizing Domain Controllers

All of our DCs are virtualized, I struggled with the idea of not having a physical DC, but in reality, it's really no different than a virtual one.  Sure the OS can crash, that's why you have another, sure the hardware can crash, that's why you have another...plus better use of the iron.  Now, my virtual DCs are on different hosts not the same host, they're also on different SANs, gotta keep that redundancy.

RE: Virtualizing Domain Controllers

I have to be honest and say that we have never experienced any issues with P2V'ing our DC's, admittedly they were dumped into test\training environments rather than our production one but all the same we haven't had them failing at all (they run DNS, DHCP, WINS etc) and we refresh these environments quite often (AD and Exchange etc).

If you are worried about the reliability of virtual DC's then there are a couple of ways around that, you can always utilise HA, this will reduce the risk of physical ESX Hosts crashing.

Alternatively you could have a remote DC that has a delayed replica copy of AD sent to it so that should anything occur on your live AD you can always go back to the version that is older (generally speaking keep it 90 minutes behind the live site).


The real world is not about exam scores, it's about ability.


RE: Virtualizing Domain Controllers

what does HA stand for?

RE: Virtualizing Domain Controllers

It's VMware's High Availability, basically if the hardware the server is running on craps out, the VM will reconfigure itself to run on a different host.

It's really a little more complex than that and I'm sure someone with more experience can explain it better, but you get the gist of it.


RE: Virtualizing Domain Controllers

High Availability, useable only with Enterprise ESX and you need shared storage (iscsi or fc san or nas devices) rather than local storage.

I should add that HA reduces the risk of losing the VM should a host crash rather than reducing the risk of losing the host.


The real world is not about exam scores, it's about ability.


RE: Virtualizing Domain Controllers

thank you !

RE: Virtualizing Domain Controllers

I would add that Virtualizing a DC is actually possible with out worrying about AD corruption. 2 out of the 3 DC's in my domain are virtual and 1 was done with p2v. You can do this by shutting down the DC and then booting to the vmware converter boot disc. Just don't convert a dc when its live our your asking for trouble.

This worked for us at least.

John Sorensen
Network/Systems Admin

RE: Virtualizing Domain Controllers

Oh... and one more thing to add is to set the virtual DC's nic not to connect on boot at first. You will need to reconfigure it to match what it was do to the fact that its considered new hardware with the default settings. This way you don't mess with dns.

John Sorensen
Network/Systems Admin

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close