Virtualization Adapted Adapting Business Processes for Virtual Infrastrcuture (and vice-versa)


virtualized active directory domain services

Filed under: virtualization — Tags: , , , , — iben @ 00:21

There are many customers we’re setup with virtualized active directory domain controllers. Windows 2003 at first and now Windows 2008 both work fine as Virtualized Domain Controllers.

Here are some of the links and notes that help as references…


An anti-affinity DRS rule is used when you want to keep 2 virtual machines on separate hosts when they provide a redundant service and locating them on the same host would eliminate that redundancy.


The Virtual Machine on 64-Bit Windows Server

If using the x64 version of Windows Server 2003 or 2003 R2, one of the primary goals will be to contain the entire Active Directory database within the virtual machine’s RAM cache. On 64-bit Windows, employing 16 GB of RAM cache will accommodate a database of approximately 2.5 million users.
Caching the Active Directory database in 64-bit Windows will avoid performance hits related to certain disk operations. For a virtual machine that is a domain controller, adding, modifying, searching, deleting and update operations generally benefit significantly from caching. Write operations will always incur a slight penalty, regardless of whether a domain controller is running on a physical or virtual machine.
There is limited benefit for filling cache on 32-bit Windows for customers with large directories; in fact, in some cases this actually can exhaust kernel resources.

–> http:/

–> http:/
First Published: 17 June 2009
Windows 2008 Server and Windows 2008 Server R2 further refine the functionality with the service being renamed Active Directory Domain Services.

This article describes a condition that occurs when a domain controller that is running Microsoft Windows 2000 or Microsoft Windows Server 2003 starts from an Active Directory database that has been incorrectly restored or copied into place. This condition is known as an update sequence number rollback, or USN rollback. When a USN rollback occurs, modifications to objects and attributes that occur on one domain controller do not replicate to other domain controllers in the forest. Because replication partners believe that they have an up-to-date copy of the Active Directory database, monitoring and troubleshooting tools such as Repadmin.exe do not report any replication errors.

Here is a link to a VMworld 2006 Presentation titled TAC 9710 –
Virtualizing a Windows Active Directory Domain Infrastructure:
* Clock synchronization
* Network performance
* Multi-master replication model
* Security
* Potential single point of failure
* Disaster recovery


# To help prevent a potential update sequence number (USN) rollback situation, see Appendix A: Virtualized Domain Controllers and Replication Issues.


— I b e n
iben.rodriguez – gmail
Follow me on

Powered by WordPress