Convert a W2K3 DC to a VM

We have an old Windows 2003 Server DC that is starting to show hardware problems, and would like to move this server to a Vmware Esxi 4.1 and run it as a VM. This old server presently acts as a DC and also the DNS, DHCP and WINS server for the network. We have another DC (Windows 2008) running on the network, acting also as a 2nd DNS server.

We were planning on using the VMware vCenter Converter to do a P2V conversion. Will this cause issues since it is a DC ?  Or should we demote it to a member server, remove DNS server, dhcp, wins before doing the conversion, and then promote it back to a DC and assign DNS, Dhcp, Wins server roles after it is running as a VM ?


Who is Participating?
bill_lynchConnect With a Mentor Commented:
Why not just build a new 2003 domain controller as a VM and demote the other after AD has replicated.  Also remember to move FSMO roles if you choose this route.
ndidomenicoAuthor Commented:
This server is running a custom application and we don't want to go through the re-installation and configuration.

It appeears that VMware recommends staying away from P2V Domain Controllers, so it looks like a demotion and then a re-promotion would be the better choice.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

bart1975Connect With a Mentor Commented:
It is not recomennded to P2V a DC, it can cause kerberos & replication issues etc.
Maybe you could build another DC and Demote this one and then P2V it to get it within the VM environment
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Do you have a single DC - if so it's recommended to use VMware Converter COLD, e.g. with Server powered-off!

otherwise you would have to shutdown ALL the services if doing the conversion HOT.

It may be quicker to build a new DC, and transfer the roles (and safer).
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
Build a new DC, and Transfer the roles, and then migrate DHCP, DNS, WINS
ndidomenicoAuthor Commented:
Ok, so no P2V of a DC.

But it would save us a lot of work if we could P2V the server without the DC, DNS, DHCP, WINS server roles, because of the custom server application running on it for all of our users, and also the shares used by all of our users. And we need to keep the same server name, IP address, etc.

Would this be a viable plan:
1) Demote server as a DC
2) Remove DNS, DHCP, WINS server roles
3) Shutdown server
4) Do a cold P2V of server and create new VM from the P2V file, keeping same Name and IP address
5) Promote VM as a DC
6) Install DNS, DHCP, WINS

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
The issue you will have if the server is having hardware difficulties, whether P2V will work correctly, and get an image 100% of the disk.

If you are going to do a COLDCLONE P2V, no need to shutdown any of the services. Shutdown the server for the last time. (NEVER TURN ON THE PHYSICAL AGAIN connected to the LAN!)

Boot COLDCLONE P2V, convert to VM, do not connect to the network, at first reboot, follow Best Practice, and remove drivers, and hidden devices.

Read fellow Expert Bestway's article.

Best Practice Video Guide here

Check the video here I created earlier, and you can see the process.

TURN on VM and connect to LAN, check for replication errors, but there should not be any, and after 15-30 minutes all errors should have cleared!

Not recommended, but if done carefully can be done!
ndidomenicoAuthor Commented:
hanccocka: your last comment is for a P2V of a regular member server, not a DC, right ? Your last statement about checking replications errors seems to refer to a P2V of a DC. Everybody else seems to strongly discourage a P2V of a DC (as you also seem to: "... Not recommended, but if done carefully can be done!).

Note: the hardware is presently working ok on the old server. We had a bad memory chip issue recently and had to change some memory chips. The server is 7-8 years old, so we thought we should think about moving it elsewhere before we start having real hardware problems (disk, motherboard, etc).
Luciano PatrãoICT Senior Infraestructure  Engineer  Commented:

@hanccocka in my opinion for this type of servers DC, Exchange etc., you should always disable non Windows services(and in DC case, all services related).

Not for the conversion itself, but when you power up that VM for the first time.

Until you clean, remove any phantom hardware, build new Network adapters(all this in safe mode), you should have that services down.

Then when the VM is clean and ready, you should run Windows on normal mode and start all services.

With this, we will bypass any issue that may encounter after the P2V. Is safer this way.

But like above answers, the best choice is too build a new DC and move all the roles into the new DC. But if you have legacy software that you need to move and you cannot install again, then do this conversion in the right way, to bypass any issues on your DC and domain.

Hope this can help.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Yes, I know it is!

It depends on your circumstances, if you have time to setup again, build a new DC, transfer roles, MIgrate Services. That should be the prefered route, BUT, we ALL live in the real world, where time is money, and sometimes, that takes time, and your Server is failing........(it could be dead in the water in an hour!)

or P2V, it's not recommended, but many, many P2Vers do it! Many create P2V copies for Backup, and also to provide DR and Test facilities, and some do it, WARM *WITHOUT* shutting down!

It's also like asking the question, "whether a Domain Controller should be virtual?".

If the machine is OFF, and COLDCLONED, AD does not know anything has changed, other than the DC has been OFF for x hours!

After which, it will start replicating again.

Once you understand the possible issues, you must eventually make the decision, and if it's not that large a DC, you'll be done in 30 mins! (image will be done, 30 mins to tidy drivers and hidden devices etc)

Test it and try it, it will not hurt!
Luciano PatrãoICT Senior Infraestructure  Engineer  Commented:

And since he have another DC in the domain, he should have double careful.

I have done P2V in domain with one or more DCs. Also I have restored DCs in some failovers of all the infrastructure. The focus must be on how to do the job and do the right plan(to perform a P2V or to perform a restore)

Example on restoring DCs:

If you have backup 2 or more DCs with lets say Veeam, if you plan to restore all the DCs, you should always start with the last DC that you have backup. Because this last DC is the most actualized in the domain.

ndidomenicoAuthor Commented:
Finally, as it was recommended, we did a fresh install and migration of services instead of doing a P2V.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.