Best practices for WinServ2003 Domain Controller P2V on ESX 4?

I personally used the converter within vSphere to P2V my FSMO master and had no problems at all. BUT...I recommend you moving your roles as a precaution in case something does go wayward with the P2V process. The source server is still up/powered on of course, but it's just a best practice to do so. The cleanest way to do it is to transfer roles to a different DC temporarily, demote the server, build a fresh VM, promote it, then transfer FSMO roles to your VM. But, I've P2V'd several DCs with no issues. I do recommend going the 'clean/fresh install' route (VMware would recommend that as well).

Regards,
~coolsport00

The big thing is not to have the new and old box on at the same time or you could run into USN rollback issues as described here  http://technet.microsoft.com/en-us/library/dd348449(WS.10).aspx

Then if you have to deal with USN rollbacks you have to worry about metadata cleanups etc.

I do agree with coolsport...clean and fresh if you can

Thanks

Mike

Thanks for your response CS.

I've also used vSphere converter on a DC in our own datacenter after transfering the roles, and it worked perfectly. Just wanted to double check before taking the same approach with one of our customers.

Rob

Awesome. Glad to assist :)

~coolsport00

Another word of caution, make sure when you are doing the P2V, there's no AD replication of any sort happening, otherwise when you boot up the new VM DC, it might have inconsistant data and that will cause big problem.
Food for thoughts.

That's a good point BBNP. What's the best way to "Pause" replication for the duration of the cloning process - just to increase the default replication interval so the window is large enough for P2V? Also, it's probably not a good idea to adjust this until AFTER the FSMO roles have been transferred!

Well...actually for this, you'll need to set it for "Domain Controllers", not really computers.

If your server's partition is small (<=20GB), I probably wouldn't mess with replication interval if you don't already have it set. P2V time will probably be less than an hour. I actually do have it set in my org just  because I want replication to happen a bit more frequently than AD's default. Even with it set, I performed all my DC P2Vs with no issues. But again, we're talking 'safest' & 'best practice' here. If you have a W2K3 template in your infrastructure, it would actually (probably) take less time to build a VM from the template, update it, promote it, then move roles to it.

~coolsport00

Depending on bandwidth, this might not take that long to P2V so roles might not be of huge importance. Make sure a GC and DNS server exist elsewhere and move the roles if you think it will be an issue. Then definately download the 'Coldclone.iso' from VMware and clone the server OFFLINE. It is not a best practice to clone an online DC at all.

Justen

I have few concern about virtualizating the GC server, Example: if we are doing p2v "gc01" server at 15:00 hrs and it will complete at 18:00 hrs, the Virtual server have the last replication data is before 15:00,  It means "gc01" Physical server  uptotime update the data in schema master and domain naming master (dc01),2 hrs data  it will not reflect in Virtual server, and also NTP (network time server) issue will come, since ngm2k3eugc01 server have up to time information in osvgc01 (physical server), if you power on the Virtual server for the 2 to 3 hrs delay aim not sure what are the issue will come before and after replication. I have gone through the some forum they are not suggest the P2v for GC server, Please go though the link for the referance  http://vmetc.com/2008/03/17/domain-controllers-to-p2v-or-not-to-p2v/,
Below I have given the 2 option to virtualizating the GC server.


Option 1:

Step 1: Build new server "gc03" in ESX host.
Step 2: Add this server to member of domain, once the server is added to the member server it time should be the domain time so NTP issue will not come
Step 3: Run Dcpromo to add this server to Addition domain controller.
Step 4: Moved "gc03" server to appropriate OU
Step 5: Take VM snap shot in ESX server.
Step 6: Log-on to "gc01" server Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles from osvgc01 to osvgc03 server as per the Microsoft http://support.microsoft.com/kb/324801.
Step 7: Log-on to "gc01"  server run dcpromo to demote the Domain controller
Step 8: Once the  "gc01"  server is demoted, assing the "gc01 server ip address to additional ipaddress on  "gc03" server.as per the below mail Ben is mention DNS forward is using ipaddress
for "gc01" server,after the DNS forward will use ipaddress for the "gc03" server.
Step 9: Finally decommission "gc01" server.

Option 2:

There is no FSMO role in "gc02" server. So first we will do the P2v on "gc02" server after that Transfer the RID Master,
PDC Emulator, and Infrastructure Master Roles from "gc01" to "gc02" server as per the
Microsoft http://support.microsoft.com/kb/324801 ,We will monitor for 2 to 3 weeks if every thing working fine without any issue, we will do the same thing  on "gc01" server and again,
 after that Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles from "gc02" to "gc01".

It should be possible to do without a DC for a while also. Maybe after hours?
Again however do not attempt this online. Boot to a coldclone CD available at VMware or to AD Restore mode.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006996


___________
Apologize for any double posts, our firewall group is working on it.

It should be possible to do without a DC for a while also. Maybe after hours?
Again however do not attempt this online. Boot to a coldclone CD available at VMware or to AD Restore mode.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006996


___________
Apologize for any double posts, our firewall group is working on it.

I suggest that you read this

Virtualizing a Windows Active Directory Domain Infrastructure
http://www.vmware.com/resources/techresources/10029