Solved

DC migration

Posted on 2013-02-02
4
339 Views
Last Modified: 2013-03-04
I am in the process of planning to upgrade my domain controllers. I am currently running Server 2003. I have a couple of questions as I am podering a few different configurations. Are there any known issues with making you domain controllers virtual vs physical? I am running ESXi 5.1 with 3 hosts in an HA configuration. Also, what are the pros/cons of upgrading all the way to Server 2012 versus Server 2008 R2?
0
Comment
Question by:ktpoitm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 125 total points
ID: 38847553
IT is best practice to have at least on physical DC on the domain.
0
 
LVL 23

Assisted Solution

by:Stelian Stan
Stelian Stan earned 125 total points
ID: 38847636
Their is a lot of debate to have all your DC virtual. I personally prefer to have one DC running on a physical box. Regarding 2008 R2 vs 2012, definitely 2012. Why to spend all this time migrating to 2008 R2 and then again to migrate to 2012.

Some good reading "Virtual Domain Controllers and Windows Server 2012 Improvements".

Also read "Safe virtualization of domain controllers ":http://technet.microsoft.com/en-us/library/hh831734.aspx
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 38847641
Windows 2012 has some safety features built in for virtual DC.  ESX 5.1 supports the features

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2013/01/22/list-of-hypervisors-supporting-vm-generationid.aspx

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/07/new-features-in-active-directory-domain-services-in-windows-server-2012-part-12-virtualization-safe-active-directory.aspx

The caveat to the previous statement is that if you have two sites for example and have your virtual machines split then it is safe to go all virtual.

The danger of going all virtual is if you are running all your DCs on the same host or connected to the same back end storage and although unlikely if the storage or hosts totally dies you are in trouble because all your machines are gone.  

Thanks

Mike
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 125 total points
ID: 38847691
Configuring DC either from clone/snapshot/image is not recommended.

How to Virtualize Active Directory Domain Controllers

http://blogs.technet.com/b/askds/archive/2010/06/10/how-to-virtualize-active-directory-domain-controllers-part-1.aspx

http://blogs.technet.com/b/askds/archive/2010/06/15/how-to-virtualize-active-directory-domain-controllers-part-2.aspx

Deployment Considerations for Virtualized Domain Controllers
http://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#deployment_considerations_for_virtualized_domain_controllers

For DCs virtualization, not the that it recommended to have at least one physical DC / DNS / GC server that holds all FSMO roles.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question