Home > Hyper-V > AD in Virtual Enviroment Using Hyper-V

AD in Virtual Enviroment Using Hyper-V

Domain controllers is a critical point in any infrastructure, As virtualization rises more and more in the production infrastructure we must be aware about consideration when hosting AD DS in Hyper V environment.
I am talking about hyper V as it is Windows Server Virtualization technology.

Microsoft already released a recommendation for this process KB888794

Hyper-V is a thin layer of software between the hardware and the Operating System (OS) that allows multiple instances of an OS to run, unmodified, on a single physical server at the same time. This technology is an ideal platform for developing and testing software, consolidating production servers, and managing business continuity (growth and scalability).

When you host any virtual machine, there are major hardware factors to consider like:

• CPU
• Memory
• Disk
• Network
• Local devices

By virtualizing these resources on a physical computer, host software lets you use fewer computers to deploy operating systems for test, development, and production roles.
However, certain restrictions apply to the deployment of domain controllers that runs in a virtual hosting environment. These restrictions do not apply to a domain controller that runs on a physical computer.

1. Check your host hardware compatibility .The Windows Server catalog is available at the Microsoft Web site http://go.microsoft.com/fwlink/?LinkId=111228.

2. If the virtual hosting environment software correctly supports a SCSI emulation mode that supports forced unit access (FUA), unbuffered writes that Active Directory performs in this environment are passed to the host operating system. If forced unit access is not supported, you must disable the write cache on all volumes of the guest operating system that host the Active Directory database, the logs, and the checkpoint file.

3. Don’t place them in locations where mission-critical services like Exchange require a domain controller

4. An Active Directory domain controller requires regular system state backups to recover from user, hardware, software, or environmental problems. The default useful life of a system state backup is 60 or 180 days depending on the operating system version and the service pack revision during the installation.

5. Don’t use them to host Flexible Single Master Operation (FSMO) roles

6. Don’t use them for bridgehead roles

7. In a production environment, you may want to back up the system state of at least one domain controller in every domain several times a day.

8. Make sure that all the domain controllers perform inbound replication on all locally held Active Directory partitions according to the schedule defined on site links and connection objects, especially in the number of days that is specified by the tombstone lifetime attribute.

9. When a domain controller runs in a virtual hosting environment, do not pause the domain controller for long periods of time before you resume the operating system image. If you do pause the domain controller for a long time, replication may stop and cause lingering objects. The following Error event may be logged in the Directory Service log:
Event ID: 2042
Source: NTDS Replication
Type: Error
Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

10. To roll back the contents of Active Directory to a previous point in time, restore a valid system state backup. A system state backup can be restored up to the tombstone lifetime number of days after the backup was performed. The backup must have also been made on the same operating system installation as the operating system that you are restoring.

11. Active Directory does not support other methods to roll back the contents of Active Directory. In particular, Active Directory does not support any method that restores a snapshot of the operating system or the volume the operating system resides on. This kind of method causes an update sequence number (USN) rollback. When a USN rollback occurs, the replication partners of the incorrectly restored domain controller may have inconsistent objects in their Active Directory databases. In this situation, you cannot make these objects consistent. We will discuss this problem in another post.

12. Microsoft also do not support using “undo” and “differencing” features in Virtual PC on operating system images for domain controllers that run in virtual hosting environments.

13. We recommend that you locate critical server roles on domain controllers that are installed directly on physical hardware. Critical server roles include the following:

Global Catalog servers
Domain Name System (DNS) servers
Operations master roles, also known as flexible single master operations (FSMO)

14. Make a list of the hotfixes that must be installed on the domain controller that runs in the virtual hosting environment.

15. We recommend that you install either Windows Server 2003 Service Pack 1 or the 875495 hotfix on all Windows Server 2003 domain controllers. On a Windows 2000 Server-based domain controller, install the 885875 hotfix.

Advertisements
Categories: Hyper-V Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: