Solved

How can I use VMWare Server to swap Domain Controllers without downtime?

Posted on 2008-10-22
12
385 Views
Last Modified: 2009-04-02
I realize what I'm about to ask is pretty difficult but I'm hoping somebody on this site will be able to help me out.

What I'm trying to do is this:

I'm trying to find a way to put VMWare Server with Server 2003 on a system, backup all of their domain information up onto that from the server it is hosted on, and them be able to export that to another server to swap in with minimal downtime.

I realize there are a lot of permission issues and what not with doing that but I'm confident that it is somehow possible. Does anybody on here have experience with doing this? If so, can you provide instructions as to how I can accomplish this?


Thanks in advance.
0
Comment
Question by:SysAdminWVU
12 Comments
 
LVL 5

Expert Comment

by:belowzerotech
ID: 22782098
I believe VMWare offers a program to image a current active server into a VMWare image that can be used in ESX or one of their other infrastructure programs called VMware converter. Might want to look into that.  
0
 
LVL 1

Author Comment

by:SysAdminWVU
ID: 22782143
I don't want to directly image the server. This is a hypothetical situation I'm working with for a solution at my company. If there is a problem with our software and database, I'd like to be able to export all the domain controller information without the rest of the information so that I can import that onto a new server.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 22782529
Domain controllers cannot be imaged and "swapped" in the manner that you are describing, certainly not in a supported manner. Redundancy and failover in Active Directory is created by having multiple domain controllers online and replicating with one another at any given time.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22783011
If I'm understanding the question correctly, all you need to do in order to "copy" the domain controller information is to build another server and DCPROMO it.  AD will handle the replication of account information/DNS and such..

??
0
 
LVL 1

Author Comment

by:SysAdminWVU
ID: 22783123
I will have to hold off on this temporarily I suppose and rephrase the question again tomorrow.

The problem we are facing is this: We have a couple dozen or so servers that we need to take down, wipe out, and reconfigure our own software on.

While this is being done, we'd like to be able to temporarily use a virtual machine on another system to manage the domain because our clients cannot afford the downtime. Once we are finished with what we need to do we would then re-export the DC from the VM to the actual server.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22783160
The problem with this question is your continual use of the terms "import" and "export"..   Those terms are quite generic.  We need to know precisely what it is you are trying to accomplish here...
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:SysAdminWVU
ID: 22786675
Okay, without using the words import and export.


We're trying to put the domain controller on a virtual machine hosted on a different system (without the non-DC related things like our software) then wipe that machine and rebuild it and repromote the server to DC.

This is different than system state.
0
 
LVL 18

Accepted Solution

by:
exx1976 earned 500 total points
ID: 22786811
Now you've really got me...   System State?  Where does that enter in the equation?

Are you an admin or a developer?  I think there is a disconnect here in terms of the vocabulary that we are using to try to address this.


Unless I'm misunderstanding, however, you can just install Server 2003 as a VM, DCPROMO it, then DCPROMO your "development" domain controller (who ever heard of such a thing??) back down to a member server, wipe it, reinstall, then DCPROMO again, then DCPROMO the VM back to a member server and then shut it off...

0
 
LVL 1

Author Comment

by:SysAdminWVU
ID: 22787084
This isn't a development server, like I said in an earlier post we're having a problem with our own software that is causing problems with our databases. We have a fix for the issue but it requires us to rebuild the machine and we can't afford for our clients to be down during this time period.

The reason I mentioned system state is because the only way I've discovered of doing this online thus is by using system state.

I will give your method a try to see if it's really as simple as doing that. By DCPROMOing the VM server, you're saying it will automatically replicate all of the DC settings to the VM server and then back to the main server?
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22787190
Well, I don't really know how to answer that, since the rest of the vocabulary in here has been vague at best.

How about tyou define DC settings for me so that I know EXACTLY what it is you are trying to replicate back and forth and then I can suggest the most appropriate course of action?
0
 
LVL 1

Author Comment

by:SysAdminWVU
ID: 22787924
The domain users, groups, permissions, passwords, AD structure, etc.

I simply don't want our software to be on there.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22788059
Yes.  DCPROMO will pull over all the users, password, groups, OUs, directory structure, Group Policies, computer accounts, etc.  All the info stored in AD will automatically replicate.  If you have DNS on the server you are trying to take down, you'll need to install DNS on the VM as well.  During the DCPROMO process, you'll see a little indicator telling you how many records have been copied to the new server.

Do not take down the old server until you are 100% certain that all replication has completed.  Depending on the size of your directory, your forest, and the speed of your network links, this could be as fast as 5 minutes, or as long as a day or so.


HTH,
exx
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now