Just one reason I tell people that virtualization of Domain Controllers in production scares me… This is a post from one of the Microsoft newsgroups. As more and more people move to virtualizing their DCs I expect to see more and more of this.
Newsgroups: microsoft.public.windows.server.active_directory
Hi,
Due to a VMWare problem the local time of one of my remote site DCs was set
back to July 2006. So the other DC in the same site believes that there are
lingering objects and stopped replication.
Is there any way to safely enable replication again without demoting the DC
?Thanks
Mario
Really this goes back to reason #1 which is that most Windows admins really aren’t up to the task of understanding Active Directory well enough to properly run Domain Controllers (or ADAM) in a virtualized environment safely.
joe
I’ve seen this happen with hardware too. When I first started at Microsoft, I helped a customer who had 6 DCs pointing to an NTP device which was a router. They upgraded the firmware and rolled it back a few years. 🙂
(Still agree that we should be careful virtualizing the directory, just commenting that it is likely a larger problem we should consider under the umbrella of “shooting yourself in the foot” :))
Absolutely, I just feel problems like this are a more likely case with virtualization.
I would be willing to bet this problem occured because the admin didn’t manage his vm’s well. MS publishes guidelines on virtualizing Dcs and a major point is to be careful of time.
I agree it’s a risky proposition, but I support the concept for some uses. Like anything, if done wrong, it could get ugly in a hurry.
I can add to Eric’s story another one that is very similar; I work at a company where the time sync is handled by a third party time server that went nuts and went several years into the future. Domain controllers followed suit and it got really ugly. No virtualization in place, although that would help with a second issue: disaster recovery. It’d make you cry (laughter?) to hear how it’s done now and the unneccessary risks that are taken. Virtualization could be part of the solution that would help with the DR planning and recovery process, quite easily.