Virtualized domain controller can use the snapshot (Snapshot) or in a backup copy of the VHD to do it?
From Windows Server 2012, Microsoft support and optimize virtual domain controller is running,
More can be cloned (Clone) which is considered the conventional operation of the domain controller crazy!
But before to learn about new technologies, we take a look at why Microsoft says the old version of the domain controller can not be done.
Previous Windows Server 2003/2008 is not impossible to install a virtual machine, if a virtual machine is running as usual
May have been using for 10 years is not a problem, but the problem is when the backup / restore VHD (or vmdk), and unique virtual machine snapshot feature.
These actions do not correct the old version of the domain controller is likely to lead to reply out of the domain controllers so that the entire domain is unstable, and even collapse.
Active Directory domain controller has a database, all the data stored on AD subjects
All positions in the AD domain controller will put data synchronization, the domain controller will note the sum of the last isochronous data after a certain point in time
This pointer is called USN, USN Normally only increase, but different DC's USN numbers are not necessarily the same,
And there is not only a USN AD so simple, but each object also has examples of just simplify the process to make it easier to understand.
There are two assumptions into the environment DC, DC1 with DC2, respectively, on the two branches of China Taiwan with the United States,
They have been synchronized with each other three accounts data, AD fact, there are many non "account" type of data, the actual situation is not so simple
The DC1 is a Windows Server 2003 virtual machines. DC2 is an example of Window Server 2003 machine.
1. Today is Monday morning, AD database is so original appearance, a total of three pen-funded
| DC1 | USN3 | DC2 | USN3 |
| 1 | Justin Lau | 1 | Justin Lau |
| 2 | Tony Chan | 2 | Tony Chan |
| 3 | Mary Lee | 3 | Mary Lee |
Now USN record to update 3.
2. Admin now I feel good in this situation, so we put this Monday DC1 make it a snapshot backup
3. At noon the same day China Taiwan Division was notified of two new employees to work, named Peter Pen and John Ho, so the new Admin two accounts on DC1
Now two DC in an unbalanced state, but they soon will be overwritten action, due to the DC1's USN is relatively high, so pick it DC2 to update
DC1 look at his record, you have DC2 data USN1-3 know before, so just give it USN4-5 on it.
| DC1 | Ushn5 | DC2 | USN3 |
| 1 | Justin Lau | 1 | Justin Lau |
| 2 | Tony Chan | 2 | Tony Chan |
| 3 | Mary Lee | 3 | Mary Lee |
| 4 | Peter Pen | ||
| 5 | John Ho |
After some time, and data synchronization between two DC Well, we now know that the database USN 5
| DC1 | Ushn5 | DC2 | Ushn5 |
| 1 | Justin Lau | 1 | Justin Lau |
| 2 | Tony Chan | 2 | Tony Chan |
| 3 | Mary Lee | 3 | Mary Lee |
| 4 | Peter Pen | 4 | Peter Pen |
| 5 | John Ho | 5 | John Ho |
4. time so, after three days to Thursday, really bad luck 
today because DC1 unexplained wounded, but the company can not stop
Today there are two employees work in the United States, Bill Gates with Steven Jobs, Admin so first create two new accounts on DC2, and then slowly find a way.
Then DC2 has to support the banner of the world, I have been looking for DC1 overwritten but do not connect, only continue to wait.
Then DC2's USN is 7, and when it is written with a back contact DC1 USN is its 5
| DC1 | DC2 | USN7 | |
| 1 | Justin Lau | ||
| 2 | Tony Chan | ||
| 3 | Mary Lee | ||
| 4 | Peter Pen | ||
| 5 | John Ho | ||
| 6 | Bill Gates | ||
| 7 | Steven Jobs |
5. Well, Admin remembered Monday in China Taiwan has done a snapshot backup (or backup VHD),
Wipe the cold sweat, the snapshot DC1 quickly start up.
Now two machines look the start, but this is not a good imagination, two AD database looks like this.
DC1 has returned to the state on Monday, and now there are several possible scenarios occur.
| DC1 | USN3 | DC2 | USN7 |
| 1 | Justin Lau | 1 | Justin Lau |
| 2 | Tony Chan | 2 | Tony Chan |
| 3 | Mary Lee | 3 | Mary Lee |
| 4 | Peter Pen | ||
| 5 | John Ho | ||
| 6 | Bill Gates | ||
| 7 | Steven Jobs |
A. When DC1 asked to update their USN3
Since DC1 knows DC2 USN3 have been used to synchronize, so there told DC1 USN Rollback case,
DC2 and final state of the database is not met (in this Part 2 are discussed in more detail)
When DC1 receives this message, will own synchronization stop, and stop their NetLogon service let users log in again.
Microsoft recommends that this was an isolated DC operates in the document where you want to force (Force) Demote will clean it.
B. Another condition is not know DC2 DC1 USN Rollback have appeared, such as two DC in cross-boundary AD Site
Override interval may be large, and when DC1 has been increased and the USN greater than DC2, DC1 will notify DC2's USN has not been used.
That outcome USN Rollback does not occur, this situation made damage may be greater.
Assuming that there is not yet overwrite the beginning, and does not appear the case of A, DC1 thought he was normal, it continues to run
China Taiwan backlog down a bunch of new employees to go to work, so set up several accounts
| DC1 | USN8 | DC2 | USN7 |
| 1 | Justin Lau | 1 | Justin Lau |
| 2 | Tony Chan | 2 | Tony Chan |
| 3 | Mary Lee | 3 | Mary Lee |
| 4 | 员工 A | 4 | Peter Pen |
| 5 | Staff B | 5 | John Ho |
| 6 | Staff C | 6 | Bill Gates |
| 7 | D staff | 7 | Steven Jobs |
| 8 | E staff |
Now overwrite began, the number of USN, DC1 USN8 carries it to anyone else than the big two DC,
DC2 see, oh my USN, 7, when the last synchronization DC1 only 5, but rather how DC1 now relatively large
It is possible, for example in the Admin DC1 uses Authoritative restore technology.
Rules of the game who is relatively large there is no way to win, so he asked DC2 DC1, is what USN8
| DC1 | USN8 | DC2 | USN8 |
| 1 | Justin Lau | 1 | Justin Lau |
| 2 | Tony Chan | 2 | Tony Chan |
| 3 | Mary Lee | 3 | Mary Lee |
| 4 | 员工 A | 4 | Peter Pen |
| 5 | Staff B | 5 | John Ho |
| 6 | Staff C | 6 | Bill Gates |
| 7 | D staff | 7 | Steven Jobs |
| 8 | E staff | 8 | E staff |
USN is now synchronized, but the database was a mess.
We want to imagine, AD's action is not only user accounts, many of the updates are we unaware of AD and change quickly,
And when the company is large scale, it is more difficult to control, so it is not clear the account, so that you can then create a simple solution to the problem.
Unduly virtual domain controller backup and restore will create a great deal of damage, this only make a start,
In fact, apart USN, the domain controller there are other mechanisms to control the situation, it will continue to explore in Part 2.
Technorati Tags: Domain controller, Clone, virtualize, USN, error, virtualization, domain controller replication, snapshots, snapshotOriginal: Big Box virtualized domain controllers (1) - can use the snapshot (Snapshot) or in a backup copy of the VHD to do it?