Virtual Windows Domain Controller Best Practices

Submitted by erichagstrom on Sun, 12/07/2008 - 12:45am.

Microsoft has a great KB article that lists a number of best practices to consider when virtualizing domain controllers. Most notable of these below:

1. Disable Write Cache on volumes hosting ESE based databases. This was also tossed around on the VMware forums a while back and there doesn't appear to be a conclusive answer how to deal with this suggestion.
2. Don't let your machine stay disconnected for extended periods. This applies in physical worlds too, but I can see how pausing a VM to release some resources and then forgetting about it could happen easier on a VM then a physical server. Good monitoring tools eliminate this though.
3. Backup system state at least as often as the tombstone period and if you need to restore, restore from this backup. You can't roll a DC back to a snapshot taken earlier and expect your AD to be consistent.
4. Performance Considerations:

  • Global Catalogs - Evaluate whether Exchange facing Global Catalogs in your deployment can be deployed on VM’s or physical hardware.
  • FSMO roles - The load for FSMO roles is relatively light except for the primary domain controller which receives password updates for users, computers and trusts following password changes. Additionally, the PDC is consulted by remote DC’s if user or computers logon with mismatched passwords.
  • The RID and Schema FSMO availability are used infrequently but are critical when required.
  • DNS Server – Both the DNS client and DNS Server cache queries. DNS Servers provide their best performance when sufficient memory is available to cache the contents of DNS zones. The loading of AD-integrated zones is delayed unless Active Directory 1st inbound replicates. The DNS Client settings on a DNS Server should point to multiple DNS Servers that can resolve the CNAME records of replication partners to their IP addresses.

    There are other considerations listed in the full KB article

    • »

    Post new comment

    The content of this field is kept private and will not be shown publicly.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
    • Lines and paragraphs break automatically.
    • You may use [inline:xx] tags to display uploaded files or images inline.

    More information about formatting options