• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1487
  • Last Modified:

Vmware snapshots on Domain Controllers

I was told that you should not take snapshots of a domain controller using vmware tools.
Is this true?
If it is true, i could understand if you had multiple Dcs, as it could break replication, however, what if you only have 1 DC. would it still break or cause domain issues if you rolled back to the snapshot?
0
bntech
Asked:
bntech
  • 3
  • 3
  • 2
1 Solution
 
Justin CAWS Solutions ArchitectCommented:
It can still cause issues with any AD objects which were created or updated since the snapshot was taken.  I wouldn't recommend it in a production environment, but if you're in a lab with relatively few changes being made and just want to be able to roll back over a short peroid of time you can probably get away with it.
0
 
coolsport00Commented:
Here are 2, in my opinion, HIGHLY important RECOMMENDED reads from VMware on Snapshots:
KB:
http://kb.vmware.com/kb/1015180
Basic Admin Guide:
http://www.vmware.com/pdf/vsphere4/r40/vsp_40_admin_guide.pdf (pg. 203)

Let me explain briefly why I recommend NOT to use snapshots - When you take a snap of a VM, you create a separate file...a point in time 'replica', if you will, of the VM. All data then writes to that snap file. In this case, more than likely this will be mostly your domain data (sysvol folder). When you want to remove the snap, what you do in snapshot manager is 'delete' the snap. Now, this is a confusing task because admins typically think this does just that...deletes the snap...and all data on the snap is gone. But, in actuality what happens is data is written to the parent disk FIRST, THEN the snap file is deleted. So, why I recommend against doing this is the data in your sysvol folder may get corrupted. Now, keep in mind, I say "may"...not that it will. Snapshots in general, in my opinion, regardless of the server type (DC, Exchg, App, etc.) are not good. The main reason is because people tend to use them incorrectly. Snaps are meant as TEMPORARY (i.e. not to exceed a day or 2). Admins tend to forget a snap is created and as such it tends to grow out of control, to the point that no more space is left on the datastore the VM is on; this leads to not being able to delete the snap because you need free space on the datastore to be able to commit the data to the parent disk then remove the snap.

Anyway, that's my 2ยข worth :)

Hope that helps...

Regards,
~coolsport00
0
 
bntechAuthor Commented:
Are you saying, even taking a snapshot (not rolling back) could pose a problem as well, when you want to delete AKA commit the snapshot to the parent file.

So in summary - dont use snapshots on domain controllers - period
Also you recommend against snapshots on other servers as well -- i thought that this process was relatively safe for non-dcs.

Thanks for the responce guys
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
coolsport00Commented:
Yes, my recommendation is not to use them on DCs for sure and MINIMALLY on other VMs. Snapshots are meant for BRIEF periods...mainly when you're doing an update to a VM's guest OS. Take a snap, do the update, test for a day or 2, then delete the snap. That's all it should be used for.

Hope that helps.
~coolsport00
0
 
Justin CAWS Solutions ArchitectCommented:
Once you create the snapshot, all additional data and/or modifications to existing data are stored in the snap file.  When you delete the snap, that data must be merged back into the the base disk.  If the snap grows too large, the process of merging the data back into the original can take a very long time and becomes prone to error and corruption.  

Like said above, snapshots are not meant to be left in place for long periods of time.
0
 
bntechAuthor Commented:
Un-related, but are there any best practices \ settings to make on a DC running in a vmware environment.  Same question for Exchange 2007..

Thanks for your answers
0
 
coolsport00Commented:
Mmm...there are a couple articles you can look at from both VMware and MS. You should ask this in another thread though as asking mulitple questions in a thread is frowned upon from EE (see: http://www.experts-exchange.com/help.jsp#hs=23&hi=23)

Regards,
~coolsport00
0
 
bntechAuthor Commented:
I will post a new thread -- Thanks, feel free to reply \ answer the new thread at
http://www.experts-exchange.com/Software/VMWare/Q_26491740.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now