Best way to replicate a primary Domain Controller?

[hasayeretFMG]

Hi guys,

We are planning on moving our main DC between 2 hosts and we believe that the best way to do that would be to replicate and then to do a planned failover through Veeam.
Any recommendation on what would be the best way to do it without completely breaking my network?
We're using the latest Veeam and our DC is 2008r2 Standard

Thanks!!!

[Gostev]

Hi, I don't believe there any special considerations because you intend to use a Planned Failover functionality. Since this process shuts down the VM before transferring the last delta, overall the whole process will be no different from power cycling the VM (except it will power up on another host). Thanks and please let us know how it went!

[csinetops]

Veeam works great for this. When we moved data centers a few years back, I used planned fail over to move around 100VM's ( DC's included) to our new location over the period of a month. As long as you have more than one DC you'll be fine while it's off line for the 10 minutes or so that it takes to do the planned failover.

[hasayeretFMG]

Hi, I don't believe there any special considerations because you intend to use a Planned Failover functionality. Since this process shuts down the VM before transferring the last delta, overall the whole process will be no different from power cycling the VM (except it will power up on another host). Thanks and please let us know how it went!

So just planned failover with another DC online will do the trick, is that the case?

[hasayeretFMG]

Veeam works great for this. When we moved data centers a few years back, I used planned fail over to move around 100VM's ( DC's included) to our new location over the period of a month. As long as you have more than one DC you'll be fine while it's off line for the 10 minutes or so that it takes to do the planned failover.

Thanks so much! What about VMs that are running SQL database? Did the planned failover take care of these as well?

[foggy]

So just planned failover with another DC online will do the trick, is that the case?

Yes.

Thanks so much! What about VMs that are running SQL database? Did the planned failover take care of these as well?

Yes, just make sure application-aware processing is enabled in all cases.

[hasayeretFMG]

Sounds good. Is the application-aware processing impacting my current machine? (not the replica, the source!)

Thanks!

[foggy]

You shouldn't notice the impact, but the VM will be properly quiesced prior the backup to allow for further seamless failover.

[hasayeretFMG]

Thank you!
One more question for you if you don't mind: Is there any issue restoring a 2008r2 domain controller using Veeam? I am participating in another thread and one of the users there says that it might not work and I better upgrade to 2012. Doesn't really make sense to me since I couldn't find anywhere that Veeam says that but I figured I'd ask you.

Thoughts?

[foggy]

I've replied in that thread as well, basically, with AAIP enabled, there shouldn't be any issues with W2008R2 DC's either.

[hasayeretFMG]

Thanks so much! will give it a shot!

[mwvme]

While I do agree with the others above that replicating the VM should work, it is a best practice for many professional services people, such as myself, to suggest not replicating domain controllers and instead, deploy a new domain controller. I have done many migrations in the past for customers and I always deployed new DC's and even Microsoft - who worked with me on some of these projects - agreed with me. I know that this is very conservative and careful, but that is what PSO people are like.

Michael

[Andbac]

I agree with mwvme, install additional DC(s) instead, if possible. Besides getting better control during the migration, you really should install the new DC(s) using Windows Server 2012 R2 or possible 2016 as the OS.

[TGacs]

While I do agree with the others above that replicating the VM should work, it is a best practice for many professional services people, such as myself, to suggest not replicating domain controllers and instead, deploy a new domain controller. I have done many migrations in the past for customers and I always deployed new DC's and even Microsoft - who worked with me on some of these projects - agreed with me. I know that this is very conservative and careful, but that is what PSO people are like.

Michael

I agree with mwvme and Andbac. In broad strokes:
1) Add a new DC VM on the new host (preferably with 2016 OS)
2) Verify DC & DNS replication.
3) Migrate FSMO roles to the new DC.
4) Power down the old DC.
5) After some time (say, 2-4 wks) of no issues, you can DCPROMO the old DC to remove it as a DC, and then remove it from the domain. Delete the old VM at your leisure.

I used this method to upgrade 6 domain controllers (3 domains, 2 per domain) from 2008R2 to 2016 OS.

[BlueComp]

While I do agree with the others above that replicating the VM should work, it is a best practice for many professional services people, such as myself, to suggest not replicating domain controllers and instead, deploy a new domain controller. I have done many migrations in the past for customers and I always deployed new DC's and even Microsoft - who worked with me on some of these projects - agreed with me. I know that this is very conservative and careful, but that is what PSO people are like.

Michael

If you need to move a physical server to a different room do you also throw it away and buy / build a new one? Bit of an outdated school of thought isn't it?

[skrause]

For something that is both as critical as AD and has the robust built-in replication/HA capabilities that AD has, for me the answer would be yes. In your hypothetical physical example the cost of a server to run AD on would be far less than the cost of downtime if there was an issue with just shutting it off and moving it.