Solved

Vmware snapshots on Domain Controllers

Posted on 2010-09-22
8
1,459 Views
Last Modified: 2012-05-10
I was told that you should not take snapshots of a domain controller using vmware tools.
Is this true?
If it is true, i could understand if you had multiple Dcs, as it could break replication, however, what if you only have 1 DC. would it still break or cause domain issues if you rolled back to the snapshot?
0
Comment
Question by:bntech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 10

Expert Comment

by:BloodRed
ID: 33735074
It can still cause issues with any AD objects which were created or updated since the snapshot was taken.  I wouldn't recommend it in a production environment, but if you're in a lab with relatively few changes being made and just want to be able to roll back over a short peroid of time you can probably get away with it.
0
 
LVL 40

Accepted Solution

by:
coolsport00 earned 500 total points
ID: 33735082
Here are 2, in my opinion, HIGHLY important RECOMMENDED reads from VMware on Snapshots:
KB:
http://kb.vmware.com/kb/1015180
Basic Admin Guide:
http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf (pg. 203)

Let me explain briefly why I recommend NOT to use snapshots - When you take a snap of a VM, you create a separate file...a point in time 'replica', if you will, of the VM. All data then writes to that snap file. In this case, more than likely this will be mostly your domain data (sysvol folder). When you want to remove the snap, what you do in snapshot manager is 'delete' the snap. Now, this is a confusing task because admins typically think this does just that...deletes the snap...and all data on the snap is gone. But, in actuality what happens is data is written to the parent disk FIRST, THEN the snap file is deleted. So, why I recommend against doing this is the data in your sysvol folder may get corrupted. Now, keep in mind, I say "may"...not that it will. Snapshots in general, in my opinion, regardless of the server type (DC, Exchg, App, etc.) are not good. The main reason is because people tend to use them incorrectly. Snaps are meant as TEMPORARY (i.e. not to exceed a day or 2). Admins tend to forget a snap is created and as such it tends to grow out of control, to the point that no more space is left on the datastore the VM is on; this leads to not being able to delete the snap because you need free space on the datastore to be able to commit the data to the parent disk then remove the snap.

Anyway, that's my 2¢ worth :)

Hope that helps...

Regards,
~coolsport00
0
 
LVL 1

Author Comment

by:bntech
ID: 33735247
Are you saying, even taking a snapshot (not rolling back) could pose a problem as well, when you want to delete AKA commit the snapshot to the parent file.

So in summary - dont use snapshots on domain controllers - period
Also you recommend against snapshots on other servers as well -- i thought that this process was relatively safe for non-dcs.

Thanks for the responce guys
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 40

Expert Comment

by:coolsport00
ID: 33735289
Yes, my recommendation is not to use them on DCs for sure and MINIMALLY on other VMs. Snapshots are meant for BRIEF periods...mainly when you're doing an update to a VM's guest OS. Take a snap, do the update, test for a day or 2, then delete the snap. That's all it should be used for.

Hope that helps.
~coolsport00
0
 
LVL 10

Expert Comment

by:BloodRed
ID: 33735314
Once you create the snapshot, all additional data and/or modifications to existing data are stored in the snap file.  When you delete the snap, that data must be merged back into the the base disk.  If the snap grows too large, the process of merging the data back into the original can take a very long time and becomes prone to error and corruption.  

Like said above, snapshots are not meant to be left in place for long periods of time.
0
 
LVL 1

Author Comment

by:bntech
ID: 33735415
Un-related, but are there any best practices \ settings to make on a DC running in a vmware environment.  Same question for Exchange 2007..

Thanks for your answers
0
 
LVL 40

Expert Comment

by:coolsport00
ID: 33735441
Mmm...there are a couple articles you can look at from both VMware and MS. You should ask this in another thread though as asking mulitple questions in a thread is frowned upon from EE (see: http://www.experts-exchange.com/help.jsp#hs=23&hi=23)

Regards,
~coolsport00
0
 
LVL 1

Author Comment

by:bntech
ID: 33735502
I will post a new thread -- Thanks, feel free to reply \ answer the new thread at
http://www.experts-exchange.com/Software/VMWare/Q_26491740.html
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question