Virtualising Microsoft Active Directory Domain Controller August 11, 2012Posted by vbry21 in Microsoft Virtualisation blogs.
Tags: Hyper-V, Microsoft
Virtualising Microsoft Active Directory Domain Controllers has always given me cause for concern.
Not the virtualisation bit, that works brilliantly, but the snapshotting bit, and this is why.
AD DS replication uses InvocationID and USNs on each domain controller to determine what changes need to be replicated to other domain controllers. If a domain controller is rolled back in time outside of the domain controller’s awareness and a USN is reused for an entirely different transaction, replication will not converge because other domain controllers will believe they have already received the updates associated with the re-used USN under the context of that InvocationID. A virtual machine (VM) makes it easy for hypervisor administrators to roll back a domain controller’s USNs (its logical clock) by, for example, applying a snapshot outside of the domain controller’s awareness.
Or to summarise in English, be very careful with Snapshots in AD it may, I say may just STUFF YOUR AD, when you revert back for any reason.
But it gets even better, Active Directory for Windows 2012 was designed with the cloud in mind, so you may want to have Domain Controllers on premise and then have some sitting off premise, so Microsoft have given us features galore, read the link, it’s really rather all quite good