Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DC migration

Posted on 2013-02-02
4
Medium Priority
?
345 Views
Last Modified: 2013-03-04
I am in the process of planning to upgrade my domain controllers. I am currently running Server 2003. I have a couple of questions as I am podering a few different configurations. Are there any known issues with making you domain controllers virtual vs physical? I am running ESXi 5.1 with 3 hosts in an HA configuration. Also, what are the pros/cons of upgrading all the way to Server 2012 versus Server 2008 R2?
0
Comment
Question by:ktpoitm
4 Comments
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 38847553
IT is best practice to have at least on physical DC on the domain.
0
 
LVL 23

Assisted Solution

by:Stelian Stan
Stelian Stan earned 500 total points
ID: 38847636
Their is a lot of debate to have all your DC virtual. I personally prefer to have one DC running on a physical box. Regarding 2008 R2 vs 2012, definitely 2012. Why to spend all this time migrating to 2008 R2 and then again to migrate to 2012.

Some good reading "Virtual Domain Controllers and Windows Server 2012 Improvements".

Also read "Safe virtualization of domain controllers ":http://technet.microsoft.com/en-us/library/hh831734.aspx
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 38847641
Windows 2012 has some safety features built in for virtual DC.  ESX 5.1 supports the features

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2013/01/22/list-of-hypervisors-supporting-vm-generationid.aspx

http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2012/09/07/new-features-in-active-directory-domain-services-in-windows-server-2012-part-12-virtualization-safe-active-directory.aspx

The caveat to the previous statement is that if you have two sites for example and have your virtual machines split then it is safe to go all virtual.

The danger of going all virtual is if you are running all your DCs on the same host or connected to the same back end storage and although unlikely if the storage or hosts totally dies you are in trouble because all your machines are gone.  

Thanks

Mike
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 500 total points
ID: 38847691
Configuring DC either from clone/snapshot/image is not recommended.

How to Virtualize Active Directory Domain Controllers

http://blogs.technet.com/b/askds/archive/2010/06/10/how-to-virtualize-active-directory-domain-controllers-part-1.aspx

http://blogs.technet.com/b/askds/archive/2010/06/15/how-to-virtualize-active-directory-domain-controllers-part-2.aspx

Deployment Considerations for Virtualized Domain Controllers
http://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#deployment_considerations_for_virtualized_domain_controllers

For DCs virtualization, not the that it recommended to have at least one physical DC / DNS / GC server that holds all FSMO roles.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question