you're not off-base - you should certainly handle access to the VMs as critical as a physical machine and educate your admins.
I'm not sure if you can completely turn it off if your admins also have admin-access on the host (which is likely the case for the DAs). You could potentially run the host on standalone servers, but that just shifts the poblem a different direction. /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Donnerstag, 16. Juni 2005 18:08 To: [email protected] Subject: RE: [ActiveDir] Virtual Domain Controllers Thanks for all of the responses. I had a chance to look at the KB article on USN rollback and found it very informative. I will get to the white paper when I have a little time. I am still concerned about the Snapshot feature. How do others handle this? Is it possible to turn it off or apply a deny permission to that feature or is it used? Am I off base in worrying about this aspect? "Harper, Gary" <[EMAIL PROTECTED] hn.org> To Sent by: <[email protected]> [EMAIL PROTECTED] cc ail.activedir.org Subject RE: [ActiveDir] Virtual Domain 06/16/2005 10:27 Controllers AM Please respond to [EMAIL PROTECTED] tivedir.org We have a 9 site, 25000 user active directory running on 14 Windows 2000 DCs. We recently converted our last DC to a VM (ESX 2.X) and we haven't any any problems. The only thing is that we needed to allocate 1Gb of memory to every DC. A little high for a VM (IMHO), but still better than using hardware. Other than that, it's been working great. -----Original Message----- From: Geary, Simon [mailto:[EMAIL PROTECTED] Behalf Of Geary, Simon Sent: Thursday, June 16, 2005 9:53 AM To: [email protected] Subject: RE: [ActiveDir] Virtual Domain Controllers There is a white paper about this, it is supported under some strict limitations. http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-4 209-8ED2-E261A117FC6B&displaylang=en From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Thu 16/06/2005 09:52 To: [email protected] Subject: [ActiveDir] Virtual Domain Controllers All, Is anybody currently running Domain Controllers in VMware of Virtual Server? Have there been any problems with this environment? There is a big push at my company to virtualize every environment but, I am sure Domain Controllers should be virtualized. One of my biggest concerns is the snapshot feature. I do not have full control over the Domain Controllers and I worry that another Admin will take a snapshot of the DC and make a few changes and if they don't work, revert to the snapshot before the changes. Wouldn't this be the same as using an older ghost image of the DC? I'm just looking for some feedback to see if this is a viable solution. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ CONFIDENTIALITY NOTICE: This email message and any accompanying data are confidential, and intended only for the named recipient(s). If you are not the intended recipient(s), you are hereby notified that the dissemination, distribution, and or copying of this message is strictly prohibited. If you receive this message in error, or are not the named recipient(s), please notify the sender at the email address above, delete this email from your computer, and destroy any copies in any form immediately. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
