Questions about failing over a domain controller

[bhagen]

I need to move a very large AD DC (large due to storing user files on it) from an older esxi host to a newer one.

I figure I can replicate it from old to new, then do a failover.

But a planned failover shuts down the original vm, then does another snapshot, and *then* spins up the replica. I just tried this on a test vm with a single 40Gb drive and there was a 10 minute gap that the vm was powered off.

I feel like if the DC for the site is shut down, I'm going to lose connectivity (well, authentication actually) in that site, and then veeam isn't going to be able to log into the esxi host and finish the job. Not only that, but this vm has a 250gb drive and a 3tb drive; I feel like that would make the "down" time much, much longer.

Is that correct?

If so, should I instead just manually do a final replication of the DC (to the new esxi host), and then immediately do a "failover now", since that keeps the original vm powered up?

And if that's the case, how is dns (on that dc) going to know which vm is the "real" vm?

I need to plan this for a specific window of time on a specific night, so I also need to know how long it's going to take (planned or "now") so I know when to abort and roll back if I need to.

Thanks for any help!!

[FrancWest]

Isn’t it possible to add the new host to the same vcenter as the old host and do a vmotion?

Why not use a local account to the esxi host instead of a domain account, so that Veeam doesn’t rely on AD? In case of a disaster and the DC is not reachable how would you restore it when Veeam and the esxi host rely on an AD account for authentication?

Best practice is also to have more than one DC, doesn’t that site have a second DC?