There are several major considerations for running virtual domain controllers. While I support and recommend VDC use, some common sense precautions need be taken.
- Ensure the basic virtual networking configuration for the VDC is within Windows Sites definitions and their appropriate subnets.
- Confirm connectivity for full Microsoft DS IP-suite ports to the Virtual Hosts Farms. This means routing and firewalls should be in place and tested. Note that bridgeheads are applicable in more constrained environments but any type of autotopology support is usually preferable – especially with Windows 2003 and 2008.
- If using DCs with Virtualization HA features such as VI3′s, make sure the above is true and safely test.
- Don’t treat VDCs like regular Windows servers – they aren’t. You can risk serious issues if you think you can just fall back on a snapshot or a prior image file. MSDS like DNS uses a serial number of sorts (the USN). You don’t want to cause issues in one of the most important systems in your environment.
- Exercise care when restoring with backup software whether Microsoft certified or not. Use the principle of doing the least required. Restoring a DC from even a trusted backup application still should be treated with gravity.
Microsoft themselves further recommends the following to prevent the domain’s Update Sequence Numbers (USN) being rolled back from causing issues (from Technet).
- Do not take or use a snapshot of a domain controller virtual machine.
- Do not copy the domain controller VHD file.
- Do not export the virtual machine that is running a domain controller.
- Do not restore a domain controller or attempt to roll back the contents of an Active Directory database by any other means than a supported backup solution, such as Windows Server Backup.
Now, really, all the above applies to _physical_ DCs as well (or for that matter, P2Ving, V2Ping, P2Ping, or V2Ving), but the point is that with the proliferation of Virtualization that it is much too easy to shoot yourself in the foot.
For more information, please see my Microsoft Systems Resource page.