Just one reason I tell people that virtualization of Domain Controllers in production scares me… This is a post from one of the Microsoft newsgroups. As more and more people move to virtualizing their DCs I expect to see more and more of this.
Newsgroups: microsoft.public.windows.server.active_directory
Hi,
Due to a VMWare problem the local time of one of my remote site DCs was set
back to July 2006. So the other DC in the same site believes that there are
lingering objects and stopped replication.
Is there any way to safely enable replication again without demoting the DC
?Thanks
Mario
Really this goes back to reason #1 which is that most Windows admins really aren’t up to the task of understanding Active Directory well enough to properly run Domain Controllers (or ADAM) in a virtualized environment safely.
joe
November 27th, 2006 at 5:04 pm
I’ve seen this happen with hardware too. When I first started at Microsoft, I helped a customer who had 6 DCs pointing to an NTP device which was a router. They upgraded the firmware and rolled it back a few years.
(Still agree that we should be careful virtualizing the directory, just commenting that it is likely a larger problem we should consider under the umbrella of “shooting yourself in the foot” :))
November 27th, 2006 at 6:42 pm
Absolutely, I just feel problems like this are a more likely case with virtualization.
November 28th, 2006 at 10:38 am
I would be willing to bet this problem occured because the admin didn’t manage his vm’s well. MS publishes guidelines on virtualizing Dcs and a major point is to be careful of time.
December 5th, 2006 at 1:30 pm
I agree it’s a risky proposition, but I support the concept for some uses. Like anything, if done wrong, it could get ugly in a hurry.
I can add to Eric’s story another one that is very similar; I work at a company where the time sync is handled by a third party time server that went nuts and went several years into the future. Domain controllers followed suit and it got really ugly. No virtualization in place, although that would help with a second issue: disaster recovery. It’d make you cry (laughter?) to hear how it’s done now and the unneccessary risks that are taken. Virtualization could be part of the solution that would help with the DR planning and recovery process, quite easily.