back to article At last! Virtual domain controllers just work

Virtual domain controllers (VDCs) in Server 2012 – and now 2012 R2 – are awesome. I have used domain controllers inside virtual machines since Virtual Server 2005 and have seen them fail in every way imaginable. VDCs address all of my issues and, considering the features they bring to the table, it is flat out nuts not to use …


This topic is closed for new posts.
  1. Rukario


    Sounds strange...

    And shurely, you mean Norton Ghost, not Symantec Ghost (as in the good one, before Symantec royally borked it)?

    (BTW, glad to hear you weren't swept away by the chaos to your south.)

    1. Trevor_Pott Gold badge

      Re: Clones?

      Now that I think about it, I was rocking that Norton Ghost 9 CD for a long, long time...

      Also: have to go down to Cowgary in a couple days. Going to be a mess, methinks...

  2. Roland6 Silver badge

    Informative article

    Good focused article Trevor, I suspect that whilst you (rightly) focused on MS's VDC's much of what you wrote is applicable to other vendor's DC's/directory servers (leaving such application as an exercise for the reader...).

    1. Trevor_Pott Gold badge

      Re: Informative article

      I don't know. I doubt it. Any evidence to back this up with other directory systems? I've heard nothing similar about any of the others so far. I'd be interested, if true!

      1. Roland6 Silver badge

        Re: Informative article @trevor 20:56

        Sorry, I basically took the key points as additional points on a checklist for things to lookout for when deploying a VDC/directory system.

  3. NinjaTheVanish

    A couple of notes...

    On recovering from a failure of all DCs: It can and does happen in a full virty environment. Particularly when you are single threaded on power, AC, storage, and networking as some of the infrastructures I support are.

    One of the best things you can do to make this less traumatic is have a non-DC server carrying a secondary DNS zone (not AD Integrated) for the domain and for _msdcs.domain. Your PDC emu's network settings should use that server as a second or third DNS server for name resolution.

    When a DC boots the first thing it does is look for DNS for its own domain. If it can't find DNS, it will keep retrying for 20 minutes before continuing the boot cycle. If all your DCs are down, and all your zones are AD Integrated, the first to boot obviously won't find DNS. The backup secondary zone speeds this process along. Saving you the horrible feeling of standing with users behind you trying to explain that "It'll be a little longer before you can continue doing your job; and no I can't make it go any faster."

    Also, the default tombstone for domains built from 2003 SP2 on is 180 days, not 60.

    1. Trevor_Pott Gold badge

      Re: A couple of notes...

      60 according to all the official documentation I've read AND their technet articles about the VDCs AND the linked blogs in the piece I wrote.

      1. NinjaTheVanish

        Re: A couple of notes...

        60 vs 180 -- It's a nit to be picked. I confirmed the number with a couple of domains before posting. Fortunately I was in the middle of building labs to study for my MCS* upgrade, and happened to have ADSI edit open when I read your article. There's a good discussion @

        I appreciate the articles, and wish the rest of the interwebs had an accuracy rate as high as yours.

        1. Trevor_Pott Gold badge

          Re: A couple of notes...

          So we're both right...and Microsoft is insane.


          1. NinjaTheVanish

            Re: A couple of notes...

            You were expecting anything else?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021