1

I work in an environment where the amount of paperwork I have to do to stand up a single server in boundless. That being said I'm standing up two new 2012 R2 Domain Controllers. One is to be a virtual and one is to be a physical machine (we have a bunch of physical windows servers on the network and require beyond five 9's.)

What I'm trying to figure out is if I need to do a full blown install on the physical server (takes forever here), or if I can use the clone DC function and do a V2P to the new physical machine.

What I'm wanting to know is if anyone has done this and if there is anything I need to be concerned with or if there is any reason I shouldn't do this?

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Nxahoward
  • 13
  • 2
  • Don't take shortcuts if you're setting up a brand new server. Do it the right way. – Nixphoe May 08 '14 at 16:11
  • 4
    @Nixphoe cloning a DC is the *right way* - it is a supported deployment option: http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012.aspx – the-wabbit May 08 '14 at 16:43
  • @syneticon-dj that is amazing! This is why I hang out here. – Nixphoe May 08 '14 at 16:54
  • but has anyone done a V2P of one? – Nxahoward May 08 '14 at 19:23
  • 1
    Once I cloned a Windows 2008 Server DC but I got problems later when trying to install exchange on the cloned one because the administrator SID was the same on both. – Scorpion99 May 08 '14 at 21:39
  • V2P is unsupported for DCs as far as I know. – MDMarra May 08 '14 at 21:54
  • @MDMarra why would it be? It might be as easy as copying the VHD and the boot loader to a different machine and booting off it, right? I never tried, but I do not see any serious obstacles here. – the-wabbit May 09 '14 at 06:58
  • Copying the same VHD isn't really V2P. In that case you would probably be OK. A real V2P is bad because it would suffer the same fate as a V2V, snapshot, or clone of a DC, but VM Generation ID is not something that is available on a physical machine. Without VM Generation ID available to the physical machine, the clone is not protected from a USN rollback during conversion. – MDMarra May 09 '14 at 10:09
  • @Scorpion99 You forgot to Sysprep the system, yuo can't do a direct clone of a windows server unless you are A) deleting the original or (B) sysprepping the copy. – Nxahoward May 09 '14 at 13:47

1 Answers1

5

I surely would not recommend it, even if domain controllers are clonable now (yippie!), for the same reason you generally see a lot fewer utilities, options and support around V2P than you do around P2V: drivers. And related to that, the fact that a V2P generally will be at least as much effort as just installing new.

In your scenario, to do a V2P, at a minimum, you would need to:

  1. Go through the Domain Controller clone procedure.
  2. Use an expensive tool to actually to do the V2P.
  3. Go into DSRM to ensure the validity of your Active Directory, and restore [part of] the domain controller again.

I have trouble imagining how that would be either quicker, or easier, than just installing your OS on a physical media and promoting it to a domain controller. (And I'd probably have lingering questions/concerns about whatever third party tool not properly handling the V2P because it's a domain controller, but I don't know how valid those are, TBH.)

My advice: Just do it the manual way. Yeah, it'll take longer, but that's why you'd want to kick off the install and get through the manual portion and then go to lunch or go home for the day, or do something else, so it doesn't matter that the computer is performing the time-intensive automated functions of actually installing the OS, because you're not waiting on it anyway.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
  • 3
    To create just a DC should be very simple indeed following this approach, and from my experience there's no better way to ensure your new domain controller is properly configured and talking to its peers correctly than promoting it from a member server. – Rob Moir May 08 '14 at 20:35
  • @HopelessN00b Genius of For the most part, your answer is what I was looking for, though messign with drivers may still be easier as I have 200+ pages of manual security settings to go through (yay gubermunt) to stand up a new DC from scratch. I was trying to avoid that. Thats four days of work thats so mind numbing your eyes will bleed. That being said, VMWare currently supports a V2P operation with their converter... – Nxahoward May 09 '14 at 13:52