Virtualize your Windows Server 2012 domain controllers

by Scott Lowe [Published on 31 July 2012 / Last Updated on 31 July 2012]

For years, administrators have been warned about the dangers of running virtualized domain controllers.  Although virtualizing domain controllers is a fully supported activity, certain hypervisor-related functions introduce issues that can be catastrophic to the domain.  For example choosing to use snapshots and then actually reverting a domain controller back to a snapshot can wreak havoc in the domain.  This has to do with the way that Active Directory handles update sequence numbers (USNs).  When a snapshot is applied, the USN gets out sequence and updates are applied incorrectly, thus potentially corrupting the Active Directory environment. The inability to use snapshots and other hypervisor functionality is a shame since it eliminates many of the management functions that can be enjoyed by so many other services. With Windows Server 2012, all of that is about to change.  With the 2012 release, domain controllers running in a virtual environment use a new identifier known as the VM-GenerationID.  The VM-GenerationID is a method by which domain controllers can understand when they’ve been cloned or recovered from a snapshot. There is still one matter to consider:  At present, only Hyper-V 2012 supports this capability, but Microsoft is working with other hypervisor vendors to get it implemented in competing products.

For years, administrators have been warned about the dangers of running virtualized domain controllers.  Although virtualizing domain controllers is a fully supported activity, certain hypervisor-related functions introduce issues that can be catastrophic to the domain.  For example choosing to use snapshots and then actually reverting a domain controller back to a snapshot can wreak havoc in the domain.  This has to do with the way that Active Directory handles update sequence numbers (USNs).  When a snapshot is applied, the USN gets out sequence and updates are applied incorrectly, thus potentially corrupting the Active Directory environment.

The inability to use snapshots and other hypervisor functionality is a shame since it eliminates many of the management functions that can be enjoyed by so many other services.

With Windows Server 2012, all of that is about to change.  With the 2012 release, domain controllers running in a virtual environment use a new identifier known as the VM-GenerationID.  The VM-GenerationID is a method by which domain controllers can understand when they’ve been cloned or recovered from a snapshot.

There is still one matter to consider:  At present, only Hyper-V 2012 supports this capability, but Microsoft is working with other hypervisor vendors to get it implemented in competing products.

Review and Comments Add New

  1. Jason Sherry Fri, 21 March 2014 22:09

    Need to remove the "&nbsp" and other HTML info from the article.

Featured Links