Monday, February 17, 2014

Can I perform a P2V conversion on an Active Directory domain controller? (Note!! Use at your own risk!)

Updated 2014-Apr: 

Summary; you can do it. Just make sure all the FSMO roles are on the DC that is being P2Ved. Also Microsoft test-case is based on only ONE DC. The ramifications of performing this action on a mult-DC environment is not clear.

In essence, this P2V test case is based on SCVMM and not VMware Converter. There are multiple steps involved. SCVMM will use VSS to take a snapshot of the current state of the AD and simultaneously create a VM (on MS platform) and start cloning.

VMware Converter process:

From the horses' mouth, this is how it coordinates with the ESXi layer, the source VM and the destination target VM.

1. Authenticate the Source Machine. (I take this as logging on to the source machine)
2. Get the Source VM information.
3. Install the Agent on the Source Computer.
4. Create a new Destination VM.
5. Call the VSS program to Clone or Snapshot the guest machine internally.
6. Copy the cloned info to the destination machine.
7. Uninstall the agent from the Source Machine.


"We do not invoke any other thing which will cause the Source Machine to hamper."

Original post 17 Feb 14

NOTE - Use these only at your OWN RISK. I cannot be held responsible for any issues that may arise through applying any of the following. It is generally a well known "no-no" to P2V and V2V a DC that is pre-2012.

(From Microsoft Support - Advisory only - Further details, if any, will be updated as more information becomes available)

Can I perform a P2V conversion on an Active Directory domain controller?
Yes. You can perform an offline P2V conversion on a domain controller. Performing the conversion offline helps avoid potential Active Directory USN rollback issues during the process.

Recommendations:

Offline P2V:
The impact to the original is when you perform P2V, the source DC will restart into the Windows Preinstallation Environment. It is the recommended solution if you need to P2V multiple domain controllers. 

Online P2V:
SCVMM Online P2V will not impact original Physical environment, which has been double confirmed with System Center team.  But it will cause USN rollback problem for the virtual environment if you P2V multiple domain controllers. However, if you only P2V one DC with FSMO roles, it will not cause any problem.

If you P2V only one DC with FSMO role using Online P2V. Please perform the following steps on the converted DC in virtual machine:
1.         Clean up metadata for DCs no longer exist
Clean up server metadata
2.         Please disable initial synchronization when you start the virtual machine for the first time:

How to disable initial synchronization
On the PDC, go to the following registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Add the following Value:

Value name:  Repl Perform Initial Synchronizations Value type:  REG_DWORD Value data: 0  =============================

Thursday, February 13, 2014

Status check of AD RID pool with email (Powershell)

Import-Module activedirectory
$RIDinfo=dcdiag /test:ridmanager /v | find "Available RID"

send-mailmessage -to demo@somewhere.com -from someone@somewhere.com -subject $RIDinfo -smtpserver 10.10.10.10