Exchange roll up and DC update

I am planning to update my Exchange CU10 -
currently I have physical DC (2008 r2) and virtual Exchange. Exchange roll up talks about backing up Exchange and DC before upgrade. For virtual Exchange I can take snapshot or use VDP based backup, however, for physical DC and DHCP server I do not have any third party backup. What I is the recommended backup before I try CU update on Exchange.
Since I am planning to introduce 2012 virtual DC in my environment. Would it be better to install virtual DC in my environment take a snapshot of that and then plan exchange roll up?
pchettriIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
You are right on point.  Bring the 2012 server on the domain.  Promote it to a domain controller where it will do the forestprep and domainpreps updating the schema.   Make sure replication is good with the 2008r2 domain controller,  make sure dns replication is fine as well.  After that you are comfortable with that, back up the system state of the 2012 dc and also take a snapshot.  After that's all said and done, move on to the exchange roll up.
Rodney BarnhardtServer AdministratorCommented:
Microsoft does not support the snapshotting of domain controllers. Even with 2012, particularly if there is more than one DC. If you do not have a current third party backup solution in place for your DC, then you could install Windows Backup. Below is the link for the Technet article on doing a full backup of a DC with Windows Server Backup.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott CSenior EngineerCommented:
Since you don't have a 3rd party way to backup your current DC, I'd say, yes, stand up your virtual 2012 DC, take a snapshot then do the Exchange update.

What about Windows backup?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Rodney BarnhardtServer AdministratorCommented:
Microsoft does NOT support taking snapshots of domain controllers for the purpose of restoring. I advise against it. From Technet:

Restrictions of domain controllers in a virtual environment
pchettriIT DirectorAuthor Commented:
I think snapshot of DC restriction does not apply for 2012 sp1 DCs it was a restriction for 2008 DC. MS is pushing more towards virtualization and cloud after 2012 and I thought they don't have that restriction.

I guess the easier route for me now -

1) Windows backup of 2008 r2 DC and DCHP
2) Do a p2v conversion of 2008 r2 before CU update and add it to ESX offline and keep it ready if WIndows restore does not work.
3) Then do CU and DC upgrade.

I am using ESX 6 update 1 which should at least support snapshoting Exchange or at least I will clone Exchange 2013 and DC and test the CU upgrade in lab first.

Installing Windows backup role on DC would require reboot.  So I think it would be better to do in non-production hour
Rodney BarnhardtServer AdministratorCommented:
I just completed a Microsoft RAP (a proactive review of our environment). They told me last month, as well as pointed to this article, that the snapshotting of virtual DC is still not a supported backup and recovery method, even in 2012. Part of the issue is the USN as mentioned in the screen shot above. However, I believe if your hypervisor is Hyper-V, they may have some steps that make that safe. Something referred to as "VM-Generation ID". We are a VMware shop and were told it was not supported. I am just trying to avoid you having an issue.
Rodney BarnhardtServer AdministratorCommented:
I did find this:

"If the hypervisor does not provide a VM-Generation ID for comparison, the hypervisor does not support virtualization safeguards and the guest will operate like a virtualized domain controller that runs Windows Server 2008 R2 or earlier. The guest implements USN rollback quarantine protection if there is an attempt to start replicating with USNs that have not advanced past the last highest USN seen by the partner DC. For more information about USN rollback quarantine protection, see USN and USN Rollback"

Which it looks like it has been in vSphere 5.5 and should be in 6, so you may be OK. Not sure why MS still tells customers it is not a supported BCDR solution. Of course I was also told that the fact we have a live DC at our DR site was not considered a supported recovery method.
pchettriIT DirectorAuthor Commented:
Thanks for the update -

In that case,
I will have to try cloning for lab test first
install backup services on physical DC and do authoritative restore, if required.
Finally, I will keep P2V and v2v handy, if required. As I have done P2V copy to my lab for production DC anytime I have to test an upgrade. Worst case scenario, if I am unable to get bring physical DCs back then I will have converted VMs take over that role.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.