VMware vSphere

I've been trying to figure out the best way to do this. We've got a backup domain controller that is scheduled to be either P2V'd or recreated as a VM. Either way, it will be going into our HA cluster. I'm wondering if we can just do a P2V using the bootable converter without issues or would it be a better idea to stage a new VM, then go through the demotion and promotion process. Has anyone ran into any issues P2V'ing a domain controller? I can't really find any best practices on this except for a document from Microsoft. I've looked on this forum and Experts Exchange and the general consensus seems to be, just don't do it. It's better to start from scratch. I say why? What happens when you P2V a domain controller? If not a backup domain controller, then what about the PDC? Are there some unspoken rules on this? A whitepaper that might be good to look at? Any help anyone can give would be awesome. For us, the easy path is to P2V it, but if that's not a good idea, then I guess we'll go the other way.

If you're just p2v'ing a straight exchange nothing else on it say like a print server, I would just create a new VM that is clean and then dcpromo it. If the physical box is running the FSMO roles I would then transfer them to the new VM, then demote the physical box and you're done. Doing it this way will save you a lot of time and headache since you wont need to clean up the VM after the p2v by removing all the old physical hardware that is ghosted afterwards and a state of mind knowing it is a completely clean, brand new machine running your AD.

• Kyle

I should add that this is also a print server as well as a file server.

I should add that this is also a print server as well as a file server.

If that is the case then p2v should be fine. The reason why I asked is one of our DC's was our print server and was easier to p2v than rebuild the printers.

On a side note is this a Small Business Server? If I'm not mistaken having your domain controller and your file server on the same box makes for massive security holes, to the point I think you have to have all your uses as admins to access the files? If you're doing this you should strongly consider (if you have the licenses or the funds) building out a single VM that is just your domain controller and have your file server separate for security reasons. It should be something you consider down the road, it would be pretty easy for you to do as well since you could just add the VM, dcpromo it, then demote the file server. Food for thought.

-- Kyle

"RParker wrote: I guess I was wrong, everything CAN be virtualized "

Microsoft makes a neat program called "Print Migrator" that packages all your installed printers and their drivers into a nice little CAB package. I've used that program numerous times changing our terminal servers around and it works great. Check it out next time you have to move printers, you won't be sorry.

Actually, it's running Server 2003 Enterprise. It's running some certificate services too. So obviously, P2V is the easy solution for us. I don't want to have to mess with that or moving files or even using the Print Migrator. As for security, everything is locked down pretty tight. We're using NTFS like crazy on our file store. It's very granular, so we don't worry too much about it. And it works for us. I tend to agree though, eventually when it's all said and done, we won't have a server doing multiple roles. But for right now, it has to be this way.

Actually I buy the idea to P2V DC as long the machine state is good and you do it by using bootable converter. It's pretty straight forward I would say. I've done many DC p2v successfully before I donno why, but I'm really comfortable with it.

vcbMC-1.0.6 Beta

vcbMC-1.0.7 Lite

http://www.no-x.org

Has anyone ran into any issues P2V'ing a domain controller? ... I can't really find any best practices on this except for a document from Microsoft. I've looked on this forum and Experts Exchange and the general consensus seems to be, just don't do it. It's better to start from scratch. I say why?

Make sure to stop any AD Services on your Physical source server before you start the P2V process, and then make sure that the AD Services are NEVER started again on the physical server after your Virtual copy of the server is brought online. Otherwise AD replication between your other Domain Controllers will get screwed up and require manual fixing.

Is shutting down and doing a P2V with the bootable converter sufficient or do we need to do something special? Like boot up in recovery services mode or something? So it is the replication that suffers when done improperly then?

If the server is shut down and you're doing a cold migration then it'll be fine, you would need to stop the service if you were doing a hot migration (the server was up and running). Just make sure if you do need to power up that physical box again, its off the network when you do.

-- Kyle

"RParker wrote: I guess I was wrong, everything CAN be virtualized "

^-- what kyle said :smileyhappy:

Also, in the same vein, be very careful with snapshots of virtualized Domain Controllers. Reverting to a previous snapshot (going backwards in time) can also confuse AD replication.

Found this relevant blog post today!

http://blogs.technet.com/b/askds/archive/2010/06/10/how-to-virtualize-active-directory-domain-controllers-part-1.aspx

...Do not perform ONLINE physical-to-virtual (P2V) conversions. All P2V conversions for domain controller role computers should be done in OFFLINE mode....