SlideShare a Scribd company logo

Things to consider when you host active directory domain controllers in virtual hosting environments

Andre Fortunato
Andre Fortunato

Active Directory

Technology
1 of 2
Download to read offline
08/05/2015 Things to consider when you host Active Directory domain controllers in virtual hosting environments https://support.microsoft.com/en­us/kb/888794?wa=wsignin1.0 1/2 Support for Windows Server 2003 will end on July 14, 2015 Microsoft will end support for Windows Server 2003 on July 14, 2015. This change will affect your software updates and security options. Learn what this means for you and how to stay protected. Article ID: 888794 ‐ View products that this article applies to. System Tip This article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center A virtual hosting environment lets you run multiple guest operating systems on a single host computer at the same time. Host software virtualizes resources that include the following: CPU Memory Disk Network Local devices By virtualizing these resources on a physical computer, host software lets you use fewer computers to deploy operating systems for test, for development, and in production roles. However, certain restrictions apply to the deployment of Active Directory domain controllers that run in a virtual hosting environment. These restrictions do not apply to a domain controller that runs on a physical computer.  This article discusses the things to consider when a Microsoft Windows 2000 Server‐based domain controller, a Windows Server 2003‐based domain controller, or a Windows Server 2008‐based controller runs in a virtual hosting environment. Virtual hosting environments include the following:   Windows Server 2008 Virtualization with Hyper‐V VMware family of virtualization products Novell family of virtualization products There is an updated document on virtualized Domain Controllers that reflects the current status of system robustness and security more closely than this article: http://technet.microsoft.com/en‐us/library/virtual_active_directory_domain_controller_virtualization_hyperv﴾WS.10﴿.aspx ﴾http://technet.microsoft.com/en‐ us/library/virtual_active_directory_domain_controller_virtualization_hyperv﴾WS.10﴿.aspx﴿ Many of the considerations in TechNet also apply to 3rd party virtualization hosts. This article is still in place to help with additional hints and considerations deemed not relevant enough for TechNet. Things to consider when you host domain controller roles in a virtual hosting environment When you deploy an Active Directory domain controller on a physical computer, certain requirements must be satisfied throughout the domain controller's life cycle. The deployment of a domain controller in a virtual hosting environment adds certain requirements and considerations. These include the following:   To help preserve the integrity of the Active Directory database if a power loss or another failure were to occur, the Active Directory service performs un‐buffered writes and tries to disable the disk write cache on volumes hosting the Active Directory database and log files. Active Directory also attempts to work in this manner when installed in a virtual hosting environment. If the virtual hosting environment software correctly supports a SCSI emulation mode that supports forced unit access ﴾FUA﴿, un‐buffered writes that Active Directory performs in this environment are passed to the host operating system. If forced unit access is not supported, you must disable the write cache on all volumes of the guest operating system that host the Active Directory database, the logs, and the checkpoint file.  Notes You must disable the write cache for all components that use Extensible Storage Engine ﴾ESE﴿ as their database format. These components include Active Directory, the File Replication Service ﴾FRS﴿, Windows Internet Name Service ﴾WINS﴿, and Dynamic Host Configuration Protocol ﴾DHCP﴿.  As a best practice, consider installing uninterruptable power supplies on VM hosts. An Active Directory domain controller is intended to run Active Directory mode continuously as soon as it is installed. When the domain controller is started, end‐ to‐end replication of Active Directory must occur. Make sure that all the domain controllers perform inbound replication on all locally held Active Directory partitions according to the schedule defined on site links and connection objects, especially in the number of days that is specified by the tombstone lifetime attribute. If inbound replication does not occur, the following Error event may be logged in the Directory Service log: Event ID: 2042 Source: NTDS Replication Type: Error Things to consider when you host Active Directory domain controllers in virtual hosting environments SUMMARY MORE INFORMATION Support   By product Downloads Store Contact us
08/05/2015 Things to consider when you host Active Directory domain controllers in virtual hosting environments https://support.microsoft.com/en­us/kb/888794?wa=wsignin1.0 2/2 Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. When this replication does not occur, you may experience an inconsistency in the contents of Active Directory databases on domain controllers in the forest. This inconsistency occurs because knowledge of deletes is persisted for tombstone lifetime number of days. Domain controllers that do not transitively inbound replicate Active Directory change in a rolling tombstone lifetime number of days cause lingering objects. Lingering objects are objects intentionally deleted by an administrator, service or operating system that incorrectly exists on destination DCs that did not perform timely replication. The cleanup of lingering objects can be very time‐consuming, especially in multi‐domain forests that include many domain controllers. When a domain controller runs in a virtual hosting environment, do not pause the domain controller for long periods of time before you resume the operating system image. If you do pause the domain controller for a long time, replication may stop and cause lingering objects. The following Error event may be logged in the Directory Service log: Event ID: 2042 Source: NTDS Replication Type: Error Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. An Active Directory domain controller requires regular system state backups to recover from user, hardware, software, or environmental problems. The default useful life of a system state backup is 60 or 180 days, depending on the operating system version and the service pack revision at play during the installation. This useful life is controlled by the tombstone lifetime attribute in Active Directory. At least one domain controller in every domain in the forest should be backed up every tombstone lifetime number of days. In a production environment, you should make system state backups from two different DCs on a daily basis. Virtualized DCs in clustered hosts  In order for the nodes, disks and other resources on a clustered computer to auto‐start, authentication requests from the clustered computer must be serviced by a DC in the cluster computer's domain.  To insure that such a DC exists during cluster OS startup, deploy at least 2 domain controllers in the clustered host computer's domain on physical hardware. The physical DCs should be kept online and be network accessible ﴾in DNS + all required ports and protocols﴿ to the clustered hosts. If the only DC’s that can service authentication request during cluster startup reside on a cluster computer that is being restarted, authentication requests will fail and manual recovery steps will be required to make the cluster operational.  Virtualized DCs may be placed on Cluster Shared Volumes ﴾CSV﴿ and non‐CSV volumes. CSV disks cannot be brought online unless authentication request have been serviced by Active Directory. Non‐CSV disks can be brought online without authentication. Because non‐CSV disks can be brought online more easily, Microsoft recommends that files for virtualized domain controllers be placed on non‐CSV disks. Note: Always have at least one DC that is on physical hardware so that failover clusters and other infrastructure can start. When you host domain controllers on virtual machines that are managed by Windows Server 2008 R2 or by Hyper‐V Server 2008 R2, we recommend that you store the virtual machine files on cluster disks that are not configured as Cluster Shared Volumes ﴾CSV﴿ disks. This allows for easier recovery in specific failure situations. If there is a site failure or a problem that causes the whole cluster to crash and the DC on physical hardware is not available, storing the virtual machine files on a non‐CSV cluster disk should enable the cluster to start. In this situation, the disks that are required by the virtual machine can be brought online. This will let you start the virtual machine that hosts the domain controller. Then, you can bring CSV disks online and start other nodes. This process is required only if there are no other domain controllers available at the time that the cluster is started. Support for Active Directory domain controllers in virtual hosting environments For more information about the supportability of hosting domain controllers in Microsoft and third‐party virtual hosting environments, click the following article number to view the article in the Microsoft Knowledge Base: 897615 ﴾https://support.microsoft.com/kb/897615/ ﴿ Support policy for Microsoft software running in non‐Microsoft hardware virtualization software Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as‐is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use ﴾http://go.microsoft.com/fwlink/?LinkId=151500﴿ for other considerations. Article ID: 888794 ‐ Last Review: December 29, 2011 ‐ Revision: 13.0 APPLIES TO Microsoft Windows Server 2003 Service Pack 2 Windows Server 2008 Standard Windows Server 2008 Enterprise Windows Server 2008 R2 Standard Windows Server 2008 R2 Enterprise Keywords: kbinfo kbhowto KB888794 Properties Give Feedback

Recommended

Gemma Cassidy - Digital Production Manager
Gemma Cassidy - Digital Production ManagerGemma Cassidy - Digital Production Manager
Gemma Cassidy - Digital Production Manager
Gemma Cassidy
 
Strings In OOP(Object oriented programming)
Strings In OOP(Object oriented programming)Strings In OOP(Object oriented programming)
Strings In OOP(Object oriented programming)
Danial Virk
 
Windows server 2012_r2_evaluation_guide
Windows server 2012_r2_evaluation_guideWindows server 2012_r2_evaluation_guide
Windows server 2012_r2_evaluation_guide
Andre Fortunato
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 

Recommended

Gemma Cassidy - Digital Production Manager
Gemma Cassidy - Digital Production ManagerGemma Cassidy - Digital Production Manager
Gemma Cassidy - Digital Production Manager
Gemma Cassidy
 
Strings In OOP(Object oriented programming)
Strings In OOP(Object oriented programming)Strings In OOP(Object oriented programming)
Strings In OOP(Object oriented programming)
Danial Virk
 
Windows server 2012_r2_evaluation_guide
Windows server 2012_r2_evaluation_guideWindows server 2012_r2_evaluation_guide
Windows server 2012_r2_evaluation_guide
Andre Fortunato
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
Remote DBA Services
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
danishmna97
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Bhuvaneswari Subramani
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

More Related Content

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Featured (20)

Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 

Things to consider when you host active directory domain controllers in virtual hosting environments

  • 1. 08/05/2015 Things to consider when you host Active Directory domain controllers in virtual hosting environments https://support.microsoft.com/en­us/kb/888794?wa=wsignin1.0 1/2 Support for Windows Server 2003 will end on July 14, 2015 Microsoft will end support for Windows Server 2003 on July 14, 2015. This change will affect your software updates and security options. Learn what this means for you and how to stay protected. Article ID: 888794 ‐ View products that this article applies to. System Tip This article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you. Visit the Windows 7 Solution Center A virtual hosting environment lets you run multiple guest operating systems on a single host computer at the same time. Host software virtualizes resources that include the following: CPU Memory Disk Network Local devices By virtualizing these resources on a physical computer, host software lets you use fewer computers to deploy operating systems for test, for development, and in production roles. However, certain restrictions apply to the deployment of Active Directory domain controllers that run in a virtual hosting environment. These restrictions do not apply to a domain controller that runs on a physical computer.  This article discusses the things to consider when a Microsoft Windows 2000 Server‐based domain controller, a Windows Server 2003‐based domain controller, or a Windows Server 2008‐based controller runs in a virtual hosting environment. Virtual hosting environments include the following:   Windows Server 2008 Virtualization with Hyper‐V VMware family of virtualization products Novell family of virtualization products There is an updated document on virtualized Domain Controllers that reflects the current status of system robustness and security more closely than this article: http://technet.microsoft.com/en‐us/library/virtual_active_directory_domain_controller_virtualization_hyperv﴾WS.10﴿.aspx ﴾http://technet.microsoft.com/en‐ us/library/virtual_active_directory_domain_controller_virtualization_hyperv﴾WS.10﴿.aspx﴿ Many of the considerations in TechNet also apply to 3rd party virtualization hosts. This article is still in place to help with additional hints and considerations deemed not relevant enough for TechNet. Things to consider when you host domain controller roles in a virtual hosting environment When you deploy an Active Directory domain controller on a physical computer, certain requirements must be satisfied throughout the domain controller's life cycle. The deployment of a domain controller in a virtual hosting environment adds certain requirements and considerations. These include the following:   To help preserve the integrity of the Active Directory database if a power loss or another failure were to occur, the Active Directory service performs un‐buffered writes and tries to disable the disk write cache on volumes hosting the Active Directory database and log files. Active Directory also attempts to work in this manner when installed in a virtual hosting environment. If the virtual hosting environment software correctly supports a SCSI emulation mode that supports forced unit access ﴾FUA﴿, un‐buffered writes that Active Directory performs in this environment are passed to the host operating system. If forced unit access is not supported, you must disable the write cache on all volumes of the guest operating system that host the Active Directory database, the logs, and the checkpoint file.  Notes You must disable the write cache for all components that use Extensible Storage Engine ﴾ESE﴿ as their database format. These components include Active Directory, the File Replication Service ﴾FRS﴿, Windows Internet Name Service ﴾WINS﴿, and Dynamic Host Configuration Protocol ﴾DHCP﴿.  As a best practice, consider installing uninterruptable power supplies on VM hosts. An Active Directory domain controller is intended to run Active Directory mode continuously as soon as it is installed. When the domain controller is started, end‐ to‐end replication of Active Directory must occur. Make sure that all the domain controllers perform inbound replication on all locally held Active Directory partitions according to the schedule defined on site links and connection objects, especially in the number of days that is specified by the tombstone lifetime attribute. If inbound replication does not occur, the following Error event may be logged in the Directory Service log: Event ID: 2042 Source: NTDS Replication Type: Error Things to consider when you host Active Directory domain controllers in virtual hosting environments SUMMARY MORE INFORMATION Support   By product Downloads Store Contact us
  • 2. 08/05/2015 Things to consider when you host Active Directory domain controllers in virtual hosting environments https://support.microsoft.com/en­us/kb/888794?wa=wsignin1.0 2/2 Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. When this replication does not occur, you may experience an inconsistency in the contents of Active Directory databases on domain controllers in the forest. This inconsistency occurs because knowledge of deletes is persisted for tombstone lifetime number of days. Domain controllers that do not transitively inbound replicate Active Directory change in a rolling tombstone lifetime number of days cause lingering objects. Lingering objects are objects intentionally deleted by an administrator, service or operating system that incorrectly exists on destination DCs that did not perform timely replication. The cleanup of lingering objects can be very time‐consuming, especially in multi‐domain forests that include many domain controllers. When a domain controller runs in a virtual hosting environment, do not pause the domain controller for long periods of time before you resume the operating system image. If you do pause the domain controller for a long time, replication may stop and cause lingering objects. The following Error event may be logged in the Directory Service log: Event ID: 2042 Source: NTDS Replication Type: Error Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source. An Active Directory domain controller requires regular system state backups to recover from user, hardware, software, or environmental problems. The default useful life of a system state backup is 60 or 180 days, depending on the operating system version and the service pack revision at play during the installation. This useful life is controlled by the tombstone lifetime attribute in Active Directory. At least one domain controller in every domain in the forest should be backed up every tombstone lifetime number of days. In a production environment, you should make system state backups from two different DCs on a daily basis. Virtualized DCs in clustered hosts  In order for the nodes, disks and other resources on a clustered computer to auto‐start, authentication requests from the clustered computer must be serviced by a DC in the cluster computer's domain.  To insure that such a DC exists during cluster OS startup, deploy at least 2 domain controllers in the clustered host computer's domain on physical hardware. The physical DCs should be kept online and be network accessible ﴾in DNS + all required ports and protocols﴿ to the clustered hosts. If the only DC’s that can service authentication request during cluster startup reside on a cluster computer that is being restarted, authentication requests will fail and manual recovery steps will be required to make the cluster operational.  Virtualized DCs may be placed on Cluster Shared Volumes ﴾CSV﴿ and non‐CSV volumes. CSV disks cannot be brought online unless authentication request have been serviced by Active Directory. Non‐CSV disks can be brought online without authentication. Because non‐CSV disks can be brought online more easily, Microsoft recommends that files for virtualized domain controllers be placed on non‐CSV disks. Note: Always have at least one DC that is on physical hardware so that failover clusters and other infrastructure can start. When you host domain controllers on virtual machines that are managed by Windows Server 2008 R2 or by Hyper‐V Server 2008 R2, we recommend that you store the virtual machine files on cluster disks that are not configured as Cluster Shared Volumes ﴾CSV﴿ disks. This allows for easier recovery in specific failure situations. If there is a site failure or a problem that causes the whole cluster to crash and the DC on physical hardware is not available, storing the virtual machine files on a non‐CSV cluster disk should enable the cluster to start. In this situation, the disks that are required by the virtual machine can be brought online. This will let you start the virtual machine that hosts the domain controller. Then, you can bring CSV disks online and start other nodes. This process is required only if there are no other domain controllers available at the time that the cluster is started. Support for Active Directory domain controllers in virtual hosting environments For more information about the supportability of hosting domain controllers in Microsoft and third‐party virtual hosting environments, click the following article number to view the article in the Microsoft Knowledge Base: 897615 ﴾https://support.microsoft.com/kb/897615/ ﴿ Support policy for Microsoft software running in non‐Microsoft hardware virtualization software Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as‐is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use ﴾http://go.microsoft.com/fwlink/?LinkId=151500﴿ for other considerations. Article ID: 888794 ‐ Last Review: December 29, 2011 ‐ Revision: 13.0 APPLIES TO Microsoft Windows Server 2003 Service Pack 2 Windows Server 2008 Standard Windows Server 2008 Enterprise Windows Server 2008 R2 Standard Windows Server 2008 R2 Enterprise Keywords: kbinfo kbhowto KB888794 Properties Give Feedback