Domain controllers on VMware

[ArizonaGeek]

I have heard some people say that we shouldn't put our DC's in a virtual world and others that say its perfectly ok. I am not seeing any downside to it, can anyone point out anything I am not thinking of?

We have a small/medium sized network, approx 40 servers and about 40 users. A couple of SQL and a couple of Sybase servers (that'll probably get moved to SQL at some point) we outsource our Exchange hosting so we don't have to worry about that.

Our DC's also do DNS and DHCP.

What are your thoughts on a virtual DC?

Cheers
Rob

The answer is always "PEBKAC!

 

[ArizonaGeek]

Oh, I forgot to mention that 98% of our production servers will be virtual in about a month or two when we get all of our new equipment in for our VM world. We have one Sybase and one SQL server that are using a ton of CPU and memory that will probably stay physical until we can recoup some of the cost of our upgrade. Right now I only have 5 production virtual servers.

Cheers
Rob

The answer is always "PEBKAC!

 

[jfrantz]

Rob,

I have had my entire infrastructure virutalized, including DCs, for almost two years with the exception of the server which I use for data backups. Everything runs smoothly with no AD issues.

-Jeff

 

[mrdenny]

I've had a few people tell me that they virtulize basically there entire enviroment. We are working towards that as well.

When we are done the only physical machines we will have will be the VM Servers and the SQL Servers. If the Exchange server ever gets large enough it will be made physical as well, but not for a while.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

My Blog

 

[Arisap]

I too have done many virtual DC's without issue. Just do NOT P2V the DC's. Create new DC's and then dcpromo out the original physical ones. Since you are runing DHCP, you might just want to copy the DHCP database file over, or create a new scope. If you don't, you will get A LOT of IP conflicts when the new DHCP server starts handing out IP addresses.

 

[eraH]

I would also just make sure you time synching is sorted out, that's the only issue I can't think of.
We setup NTP on our ESX servers to an Internet time source and configured our Windows servers to sync their time to the ESX servers using vmware tools and disabled the w32time service.
The only exception to this is the PDC which also sync's to an Internet time source and not to the ESX servers.

 

[stupman]

Pookies is right, time sync can be an issue.
But disabling W32time on a DC disables all clients getting their time from the domain controller.
Like Poekies said, sync the time of the DC using the VMware tools. But make following registry change:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type = NoSync.
This ensures that the server doesn't use W32time for sync'ing its time, but still functions as a time server.