Pro-Exchange,Lync & Office 365
Belgian Microsoft Unified Communications Professionals
Microsoft Exchange Server, Microsoft Lync Server & Office 365
IT-Pro chalk talk : Question 3 about Domain Controllers in Virtual Environments

Our latest event “IT-Pro Chalk Talk” co-hosted with Winsec & IT-Talks was very interactive and several questions arose during that session. 
http://www.pro-exchange.be/blogs/events/archive/2010/02/04/event-it-pro-chalk-talk-session.aspx
This is the first question that I will summarize what we all talked about.

Question : A domain requires at least 2 domain controllers, are there any caveats concerning having all domain controllers virtualized vs one or all domain controllers physical

Answer :

 

Domain Controllers Virtualized:

  • Hardware requirements are more or less the same, Virtual = Physical (virtualization always has a small performance impact thaw)
  • If you decide to virtualize domain controllers you must be aware of some very important information.
  • Common mistakes
    • PDC Emulator virtual receives time updates from Virtualization Host
      • PDC Emulator in the Root Domain is the authoritative time source in the complete Active Directory Forest
      • If the time is not correct on PDC all servers will get bad time information
      • PDC Emulator is a good candidate not to be virtualized because of this
    • Domain Controllers snapshots are used for Disaster Recovery and Backup Restore
      • This is totally not supported because your domain information will be out of sync between domain controllers
        • Objects not synched to domain controllers (Up-to date vectors & High water mark values)
        • RID master giving out RID pools that already exist
        • Schema master may have wrong schema information
      • The supported way is to use System State backups and restore AD like you restore a physical server

 

At least one Domain Controller physical

  • Ensures that there is still a domain available when the Virtual Infrastructure fails
  • Time sync is more predictable

 

Conslusion

Running Domain Controllers in a Virtual Environment is support but you must be very aware about best practices.
In most companies the Virtual Infrastructure is not managed by the same team as the Active Directory environment.
So make sure that you train your Virtual Team with best practices in virtualizing AD.
Mistakes can be easily made so decide for yourself if you trust your teams!

Posted 03-31-2010 1:41 by Johan Delimon
Filed under: ,