Tag: Domain Controller

Azure Stack Migration Series YouTube Playlist

Learn about Azure Stack Migration in this Video Series

Together with Tiberiu Radu from the Azure Stack Product Group, I worked on a series of videos to show how you can migrate workloads to Microsoft Azure Stack. This includes basic workloads like Active Directory Domain Controllers, File Servers, and SQL Servers. We are not only adding videos about Azure Stack Migration, but we also added a couple of tips on how you can take advantage of some of the infrastructure-as-a-service (IaaS) features on Azure Stack, like Azure Resource Manager templates and extensions.

The journey to the cloud provides many options, features, functionalities, as well as opportunities to improve existing governance, operations, implement new ones, and even redesign the applications to take advantage of the cloud architectures.
This video series was created in the context of the End of Support (EOS) motion for Windows Server 2008/2008R2 and SQL Server 2008/2008R2, with the target to highlight some of the migration options. The EOS program could be a good opportunity to start this process and it’s not only about the lift-and-shift or move your servers and forget about them, instead it could be the start of a modernization journey. As part of the EOS motion, Azure VMs running Windows 2008/R2 and SQL 2008/R2 on Azure and Azure Stack, offer 3 years of free Extended Support Updates. That means you can enable the same operational processes, use ARM templates, and use the infrastructure-as-a-service (IaaS) platform on both Azure and Azure Stack, to start this journey.
– Tiberiu Radu

Azure Stack Migration Introduction

Check out my Azure Stack Migration introduction video, which will give you a quick overview of migrating workloads to Azure Stack.

Video Series

You can find the full playlist with the complete Azure Stack Migration video series on YouTube.

Azure Stack Migration Series YouTube Playlist

Azure Stack Migration Series YouTube Playlist

If you want to read more, check out my blog post on ITOpsTalk.com. There we have some detailed blogs on these videos. I also recommend that you check out the IaaS blog series from the Azure Stack team, which includes different features around running virtual machines on Azure Stack.

If you have any questions, please let me know in the comments.



Windows Server 2012 Hyper-V: How to clone a Virtual Domain Controller

Windows Server 2012 Domain Controller cloning

In Windows Server 2012 added a lot of improvements to Hyper-V and Active Directory. One of Microsoft strategic goals is to virtualize every workload. With the improved scale of Hyper-V Virtual Machine it is now possible to run even high SQL workload on Hyper-V Virtual Machines. In Windows Server 2008 R2 virtualization of Active Directory had still some challenges which Microsoft addressed in Windows Server 2012. (Windows Server 2008 R2: Running Domain Controllers in Hyper-V)

  • Physical DC is required for Windows Server 2008 R2 Clusters
  • No Snapshots of virtual Domain Controllers
  • No cloning of virtual Domain Controllers
  • No online V2V migration via Snapshots
  • No restoring of virtual Domain Controller VMs

Most of this was caused by the problem of USN (update sequence numbers).

In Windows Server 2012 Microsoft included a new feature for Active Directory Domain Controllers called VM-GenerationID. At the moment you can use this feature with Windows Server 2012 Hyper-V as a hypervisor, but Microsoft also offers other hypervisor vendors to integrate this feature.

TechNet: Safe virtualization of domain controllers

“With Windows Server 2012, AD DS employs safeguards on virtual domain controllers hosted on VM-GenerationID aware hypervisors and ensures that the accidental application of snapshots or other such hypervisor-enabled mechanisms that could ‘rollback’ a virtual machine’s state will not disrupt your AD DS environment (by preventing replication problems such as a USN bubble or lingering objects). However, restoring a domain controller by applying a virtual machine snapshot is not recommended as an alternative mechanism to backing up a domain controller. It is recommended that you continue to use Windows Server Backup or other VSS-writer based backup solutions.”

Another problem was solved by Active Directory-less Cluster Bootstrapping. This basically removes the Active Directory dependencies during a cluster boot. This means you can boot up your cluster even if there is now other Active Directory server available during the boot process.

With the integration of the VM-GenerationID, Microsoft also created a new possibility which allows you to clone virtual Active Directory Domain Controllers.

How to clone a virtual Domain Controller

Preparation

  • A Windows Server 2012 Hyper-V server is needed. In the future maybe other hypervisors will also support VM-GenerationID.
  • A deployed Windows Server 2012 domain controller (virtualized or physical) that hosts the PDC emulator role. To check which server hosts the PDC role you could use the following PowerShell command.
    Get-ADComputer (Get-ADDomainController –Discover –Service “PrimaryDC”).name –Property operatingsystemversion | fl

    PowerShell PDC

  • A source virtual Domain Controller with Windows Server 2012 hosted on a Windows Server 2012 Hyper-V server. This will be the VM which will be cloned from. This cannot be the Domain Controller with the PDC role. In my example case this is VirtualDC1.

 

Step 1

Grant the source virtualized domain controller the permission to be cloned. Add the source domain controller to the Cloneable Domain Controllers group. You can do this over Active Directory Users and Computers, the Active Directory Administrative Center or Windows PowerShell. In my case I added the computer object VirtualDC1 to the Cloneable Domain Controllers group.

Cloneable Domain Controllers

With Windows PowerShell this would be done like this.

 
Add-ADGroupMember –Identity “CN=Cloneable Domain Controllers,CN=Users,DC=cloud,DC=win” –Member “CN=VirtualDC1,OU=Domain Controllers,DC=cloud,DC=win”

Step 2

In the TechNet manual step to would now be to run Get-ADDCCloningExcludedApplicationList, this will check for applications which are not evaluated for cloning. If your source domain controller is a new clean setup with any special applications you can skip this step. If you have installed any application which is listed when you run Get-ADDCCloningExcludedApplicationList you have to create a Custom DC Clone Allow List. You can do this with the following PowerShell command.

 
Get-ADDCCloningExcludedApplicationList -GenerateXml

Step 3

Run New-ADDCCloneConfigFile on the source domain controller (VirtualDC1), which allows you the configuration of your new domain controller clone (in my case VirtualDC2), such as Name and IP Address.

New-ADDCCloneConfigFile –Static -IPv4Address “10.10.29.2” -IPv4DNSResolver “10.10.20.1” -IPv4SubnetMask “255.255.0.0” -CloneComputerName “VirtualDC2” -IPv4DefaultGateway “10.10.0.1” -SiteName “Default-First-Site-Name”

New-ADDCCloneConfigFile

 

Note: The new domain controller has to be on the same site.

There are a lot of options you can configure your virtual server. For more information check out the TechNet page.

Step 4

In step for you have to export the source virtual machine (VirtualDC1) and import it as a new virtual machine (VirtualDC2). You can do this via Hyper-V Manager GUI or via the cool way with Windows PowerShell. Check out my blog post about doing import and export of virtual machines via Windows PowerShell.

Import-VM

Import-VM Copy

After the import of your virtual machine is done you should rename it. In my example this will be VirtualDC2. After the import is finished you can boot up the virtual machines and you will have a new domain controller in your infrastructure.

Domain Controller cloning

By the way Peter Noorderijk wrote a blog post called The future of a virtual domain controller on the Hyper-V.nu blog.



How to add a Windows Server 2008 R2 Core as Secondary Domain Controller (replica)

This is a small How to which shows you how you can add a Windows Server 2008 R2 Core as a Secondary Domain Controller or Replica.

  1. sconfig Windows Server 2008 R2First configure the Core Server, Name, Domain, IP Adresse and more. You can use the command sconfig to run the Server Configuration Utility.
  2. Now you can go back to the Command Promt.
  3. Now you have to possibilities to install a Domain Controller. First you run dcpromo with a unattend file you have created and copied on the server, or you run dcpromo with some parameters. I decided to run dcpromo with the necessary parameters because I just need a simple replica.
  4. Now you can run the command on the Command Promt
    Dcpromo Windows Server 2008 R2 Core Dcpromo /unattend /replicaOrnewDomain:replica /replicaDomainDNSName:corp.pepsi.local /ConfirmGC:yes /username:corp’administrator /Password:* /safeModeAdminPassword:PepsiPassword
  5. After that the Server will run the installer and reboot.
    Windows Server 2008 R2 Core DCPROMO
  6. A replication connection was created
    Windows Server 2008 R2 AD Replication

If you need more Information about Active Directory Creation on a Windows Server 2008 Core Server you can checkout the Microsoft KB947034.



Time sync problems with Hyper-V Guests

If you have time sync problems with Hyper-V Guest Systems there is a simple solution for this.

Problems:

  • Time between Server and Active Directory Domain Controller is not correct
  • Can’t login because of this
  • Can’t add AD Users to local groups

Solution:

To solve this problem you have to disable Time Synchronization in the Hyper-V Integration Services for each guest. Then restart the Windows Time serviceon the guest. The guests will then correctly synchronize with a domain controller.