This article discusses techniques and best practises for converting a Domain Controller using VMware Converter.
Symptoms
Resolution
Introduction
A virtual machine created from an active domain controller may exhibit unexpected behavior. Domain controllers are very sensitive to hardware changes. When a physical server is virtualized the hardware presented to operating system may be very different. In addition it is possible that a virtualized domain controller and an identical physical domain controller may be running simultaneously which may result in unpredictable replication issues across Active Directory or even a tombstone condition. If you are using Windows NT, these change may prevent the directory or DNS servers from binding to the network connection.
Follow one of the below solutions depending on your situation:
Windows 2000, and 2003 Servers
For Windows 2000, and 2003 Servers:
Ensure another domain controller is online on the network and properly synchronized, if one is not available provision a new domain controller as a virtual machine and promote it. Demote the domain controller using dcpromo. Set any static IP addresses to DHCP prior to conversion. When converted, power off the source server, reassign any static IP addresses and promote the virtualized server.
Install the Microsoft loopback adapter and assign it an unused static IP address. Set any static IP addresses of the physical network adapters to DHCP, prior to conversion. Power down the source server, then boot it up using the Converter boot CD. Cold clone the server. If a cold clone is not possible, start the server in Directory Recovery mode and perform a hot conversion. Failure to use Directory Recovery mode may result in an incomplete and corrupted copy of NTDS.DIT. After conversion is complete, you can remove the Microsoft Loopback adapter and restore the static IP addresses to the new virtual network cards.
Decommission the existing domain controller using dcpromo, and provision a new domain controller in a fresh installation of Windows Server in a new virtual machine. Do not perform the conversion at all, but use the source server's host name and IP address. (recommended)
Important Notes:
If the server to be virtualized holds any FSMO roles, transfer the roles to an existing and running domain controller. If a problem happens during the conversion process, you can provision new domain controllers in Active Directory and perform other AD operations without having to sieze roles from the unavailable domain controller.
Windows NT
Converting a Windows NT domain controller is a very involved process that may be trouble prone. VMware does not recommend converting a Windows NT domain controller if at all possible.
Warning: The following conversion process updgrades any NTFS file systems on the source and destination to version 3.0 (NTFS5). Do not perform these steps if you require disk utilities that are not compatible with newer NTFS file systems. To avoid NTFS upgrade, perform a hot clone to convert a stand-alone server. Do not hot clone a domain controller.
Below is a detailed list of complete steps to assist you with fully converting a Windows NT domain controller. This process may take several hours to complete. You should plan a maintenance window accordingly to perform the conversion.
To convert a Windows NT domain controller:
1. Verify that you have the latest version of VMware Converter. Older versions do not support all Windows NT Fault Tolerant disk types. Use VMware Converter version 3.0.3 or higher.
2. Ensure the server is running Windows NT Service Pack 5 or higher (Service Pack 6a is recommended).
To determine this:
1. Click Start > Run.
2. Run the winver command. Do not proceed any further if the service pack requirement is not met.
3. Create a Rescue Diskette. Click Start > Run, and run the rdisk command. If there is a problem with the new virtual machine you may be able to repair the problem using the Rescue Diskette.
4. Ensure you have a complete and working backup of the server, especially if the Windows NT server is a Primary Domain Controller (PDC).
5. Ensure another domain controller is available to service user logins.
Note: If you are taking a PDC server offline, you cannot join any other DCs to the domain until it is online again as a virtual machine.
6. Install the Microsoft loopback adapter and assign it an unused static IP address.
7. Set any static IP addresses of the physical network adapters to DHCP.
8. Properly shut down the source server. Click Start > Shutdown > Shutdown the computer. Power off the server with its physical power switch.
9. Boot the Converter cold clone CD.
Warning: Starting the Converter cold clone CD upgrades the NTFS version on the disk on the source and destination virtual machine to version 3.0 (NTFS5). This may prevent disk check (chkdsk) and defrag utilities (Diskeeper) from working on the volume. For more information, see Windows NT 4.0 CHKDSK Refuses to Check NTFS 3.0/3.1 Volumes (http://support.microsoft.com/kb/196707).
Warning: Performing a hot clone of a Windows NT server may result in a corrupted NTDS.DIT on the destination virtual machine. Do not hot clone a Windows NT domain controller.
10. Perform the conversion to a new virtual machine, and power off the source server.
Warning: Do not power the server back on again for any reason after the new virtual machine is powered on with a network connection. Doing so may break synchronization with other domain controllers.
11. Review the virtual hardware settings on the new virtual machine:
12. Power on the new virtual machine with the network card disconnected.
13. Click Start > Settings > Control Panel > Add / Remove Programs. Remove any unnecessary programs used to install or support device drivers, such a RAID management tools, network teaming or management software, wireless card management software, and video and sound drivers.
Caution: Do not restart if prompted by an uninstall program.
14. Restart the virtual machine properly.
15. Remove any additional devices or device drivers that were used to support hardware on the physical server. Use the Control Panel to remove any necessary devices especially COM ports, SCSI controllers, video, and network cards.
Do not remove the following devices:
16. Restart the virtual machine properly.
17. Attempt to install the VMware Tools. If you are missing the CD-ROM drive in the virtual machine or if you are unable to get the network adapter installed, see After converting a physical server running Windows NT the CD-ROM or networking does not work on the VM (http://kb.vmware.com/kb/1002278).
18. Restart the virtual machine properly.
19. Assign the static IP addresses used on the source server to the new virtual network adapters, if applicable.
20. Restart the virtual machine properly.
21. Ensure the DNS and directory services are started and bound to a valid adapter and start correctly.
22. Remove the Microsoft loopback adapter.
23. Restart the virtual machine properly.
24. Review the server's Event Logs and ensure the necessary services are starting correctly without failures. To view the Event Log, click Start > Run, and run the eventvwr command.
Note: Some failures may be due to device drivers or services still being installed. You may need to manually disable or remove these services in the Control Panel to prevent these errors.
25. Shut down the virtual machine properly, then connect the network cards in the virtual device settings.
26. Start the virtual machine normally.
27. Ensure the DNS and directory services are started and bound to a valid adapter and start correctly.
28. Check the Event Logs for any remaining errors and correct as needed.
Important Notes:
Virtualizing existing domain controllers
http://kb.vmware.com/kb/1006996
Best practices for using and troubleshooting VMware Converter
http://kb.vmware.com/kb/1004588