Re: Need Expert Opinions - VMware & Active Directory

They can't tell them they can't do it but by the same token those companies can't tell MSFT that they have to support it. MSFT gives guidelines on when and how they will support virtualized DCs. Unless you have a premier service contract, you get no support on anything by MSFT virtualization software. I may not like that but that is how it is it and it is understandable. The very best support on non-MSFT virtualization is best effort and you have to duplicate the issue on physical hardware if they so decide.

My biggest fear about virtualized DCs is that most people don't really understand enough about how AD works to do it properly. When you screw a lab environment you throw it away, tough to do that with production, the C*O's don't tend to understand it. What are your plans for a guest DC failure? What about a physical host failure? That latter is one that I have yet to have seen a customer to either have any docs for or docs that are actually safe to follow. Simply put, if you blow your physical host, you aren't just restoring the host and restarting VMs from the restored host's disk... you are restoring the host, then you are restoring individually every DC (or any other app that is distributed across multiple machines and needs to track the distributed state of the application) from systemstate backup or rebuilding and repromoting them all next.

Virtualization can be quite cool, but it is a good way to get yourself in a state that very few people in the world if anyone can easily pull your *** out of too. DC database divergence is very painful and extremely difficult to detect as there aren't tools out there right now to do it and most people don't even know to look for it or what they are looking for.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Paul Williams [MVP] wrote:
My opinion is that such things are driven by business requirements. There's no issue with the OMs being on virtual machines in general. Again, in large environments the PDCe might suffer on a virtual machine due to limited resources.

I'd say that KB is incorrect or more likely slightly out dated and inaccurate. Either that or the snippet you've provided has been read (by me; I didn't look at the KB) out of context. Again, as already said, it's all about the scale of things.

Simply consider this. An oil tanker or some kind of frigate might need a domain. Space is going to be seriously hampered. Therefore there are real justifications for having all DCs on VMs. MSFT can't tell Shell, BP or some country's Navy they can't do this. It comes down to your requirements, your SLA(s) and, in part, your budget.

.