Virtualizing Microsoft Active Directory Domain Controller servers is a topic that has been gaining traction in recent times. While there are valid reasons to virtualize Domain Controllers, I strongly advise against performing a P2V (Physical 2 Virtual) conversion of existing Domain Controllers. In this blog post, I will explain why P2V migration of Domain Controllers is not recommended.
First and foremost, it is important to understand that there are very few scenarios where I would even consider doing a P2V conversion of an existing Domain Controller. The reasons for this are numerous, and they include:
1. Cold conversion is the only way to go: When virtualizing a Domain Controller, it is essential to perform a cold migration. This means that the old physical server must be shut down before the new virtual instance is started. Attempting a hot P2V migration can lead to a world of hurt, as the new virtual machine may not be in sync with the other Domain Controllers in the domain.
2. Never power on the old server again: Once you have performed a cold P2V migration, it is essential never to power on the old physical server again. If you do, you risk causing all sorts of issues, including domain controller inconsistencies and potential cleanup problems.
3. Potential Cleanup problems: When performing a P2V migration, it is crucial to clean up the old driver stack. This is essential to ensure that the new virtual machine does not end up with multiple network cards sharing the same IP address, which can cause DNS issues and other problems.
4. DNS issues: As mentioned earlier, DNS issues are a common problem when performing a P2V migration of a Domain Controller. If the new virtual machine does not bind to the correct network interface, you may end up with DNS resolution failures, which can bring your entire domain to its knees.
5. Other potential issues: Apart from DNS issues, there are many other potential problems that can arise when performing a P2V migration of a Domain Controller. These include Kerberos authentication and trust failures, as well as other issues related to the physical-to-virtual conversion process.
In light of these potential issues, it is essential to ask yourself why you would want to perform a P2V migration of a Domain Controller in the first place. Setting up a new Domain Controller is relatively straightforward, and it can be done quickly and easily without risking any potential issues.
Furthermore, Gabrie van Zanten recently published a recipe for P2V migrations of existing Domain Controllers, called Virtualizing a domain controller, how hard can it be? However, I am confident that this method would probably work out fine. The question remains: Why risk it at all?
In conclusion, while there may be valid reasons to virtualize Domain Controllers, I strongly advise against performing a P2V migration of existing Domain Controllers. The potential issues that can arise are simply too great, and the process is not worth the risk. Instead, I recommend setting up a new Domain Controller and transferring any FSMO roles the soon-to-be-decommissioned Domain Controller has to the new instance. This approach is much safer and less risky than attempting a P2V migration.