Virtualizing a domain controller, how hard can it be?

For an upcoming project I was preparing to P2V a domain controller and found a lot of “info” on this subject which got me thinking. Everybody is talking about all the dangers related to P2V-ing a domain controller but let’s be honest, when you look closely at the problems most people are talking about, are problems that also occur when practicing bad management on physical domain controllers. Didn’t those same problems arise in the old days when you made a backup of your DC using Ghost and then after a failed Windows update decided to roll it back using that Ghost image?

When working with domain controllers, either physical or virtual, you should keep in mind that you should never revert them back in time or just restore a backup without using the special Active Directory (Authoritive) restore mode.  Each domain controller has an internal counter (USN) by which it knows which updates it has already received. The other domain controllers in the domain also know what updates each domain controller has received. So if you revert a domain controller back in time, even though its internal USN has gone back, the other domain controllers will stop talking to it since the USN the domain controller says it has doesn’t match the one they have in their own records. Microsoft has some very good docs on how to perform restores of domain controllers and how to handle USN rollbacks. Be sure to read them before playing with domain controllers.

If you follow these few very simple rules when P2V-ing a domain controller, all should be fine:

1-      Only do a cold clone of a DC.

2-      Before you start, make sure the replication is working fine, run some dcdiag tests to make sure your AD is healthy. Yes, you can virtualize an unhealthy domain controller just as well, but you want to make sure your problems are not related to virtualization. So, clean it up.

3-      Shut down your DC, boot the server from the CD with your favorite cold cloning tool on it, like VMware vCenter Converter.

4-      Perform the P2V like you would normally do. Remove drivers after the copying is complete, insert and update VMware Tools, etc.

5-      Once your virtual DC has seen the network, never ever again power on that old server.

Keep in mind that VMware Standalone Converter 4.3 does not have the cold clone ISO anymore, you should go back to VMware vCenter Converter 4.0U2, which is on the list of your vCenter 4.0u2 downloads.

Christian Mohn has written a response to my blog on: “p2v a domain controller? why would you?