Microsoft Active Directory, Snapshots and VMware vSphere


We have done a good job! Overall, all of us, every day we have focussed on creating a differentiator in our datacenters and have heavily contributed in making VMware a Leader in the Gartner Magic quadrant for 4 consecutive years (

Among the features that have provided a true added value in the agility of our datacenters, the concept of snapshots ( has itself created a new opportunity that has been heavily exploited by many backups vendors.

But been ahead and a leader provide its set of downsides. You need to ensure that applications are leveraging the route you have created.


Granted, snapshots is a cool feature of a virtualized environment. In a nutshell, a snapshot file is only a change log of the original virtual disk; when taking a snapshot, the state of the virtual disk at the time the snapshot is taken will be preserved. When this occurs, the guest cannot write to the vmdk file. The delta disk is an additional vmdk file to which the guest is allowed to write.

When a snapshot is deleted, the changes between snapshots and previous disk states are merged, and all the data from the delta disk that contains the information about the deleted snapshot is written to the parent disk and merges with the base disk only when you choose to do so.

Let’s be transparent about it: there is loss of data in a snapshot process. Agreed, very very tiny loss, but loss in the overall process of leveraging it.

The primary reason for these tiny losses is the snapshot process itself. As the virtualized datacenter gained momentum in the first years, applications hosted on servers were typically not disrupted by snapshots. However other applications suffered from this technology and often we were stuck in a place where a snapshot was taken, and when reverted created a huge amount of data corruption.

The Best Practices

Many vendors have worked hard to ensure their applications were optimized and compliant with most if not all features provided by vmware, and let’s be honest, vmware has done a good job at opening up the various APIs for them.

Citrix was one of the first to ensure compliance. It provided their customers with large set of best practices and references that allowed organizations to remain engaged on the virtualization journey they had taken ( and more at ).

On the flip side, vmware has been generously distributing a set of “best practices” for Citrix on vmware (

So why all these Best Practices and White Papers? The main reasons behind it is to, besides the obvious, provide the community with a set of tools and references that would not put in jeopardy the investments in the datacenters and sustain the growth while accelerating the adoption and maximizing the strategy.

But what happen when you leverage snapshot on unstructured centralized “data set” management technologies. Freezing a state of a virtual machines could have tremendous loss potentials. While Databases have been addressed in a separate manner, looking at Microsoft infrastructures servers such as Active Directory, the snapshot can be a killer for all objects hosted. Ever heard about lingering objects??…

Virtualizing Active Directory Domain Services on VMware vSphere

The primary use of this directory service is user and computer authentication within a domain, a set of domains, a forest or a set of forests. However, Active Directory has evolved to more than an authentication service. In many organizations, it is a central repository for not only user and computer data, but also for application configuration information, network resource location services, and name resolution, and so on. It also acts as the authentication source for external system

VMware has released a paper titled: “Virtualizing Active Directory Domain Services on VMware vSphere” that contains over 50 pages on practices in deploying Active Directory Directory Service on vSphere.

Active Directory *needs* to be on a virtualized infrastructure, first, and second, it *needs* to address the uniqueness of the application and unleashed the potential of the the hypervisor.

What I’m glad to see is the virtualization of domain controllers allowing administrators to take advantage of a new feature set not available to physical domain controllers. THAT is the great news. No longer will Active Directory be treated like any other applications and will be equipped with a much needed set of tools among which cloning and snapshots are two powerful tools.


Finally will we able to “test” these patches safely and more rapidly leveraging the most of vSphere. No longer will we have to test in lab, write a procedure, then apply the procedure in production and cross fingers.

Finally will we be able to leverage HA and DRS and address Disaster Recovery in a safe manner with a proven reference architecture

Ultimately the need to ensure that every objects and data is safely returned to a consumable state post-snapshot is a critical piece of the equation.

Look at page 25 through 35 of and get cracking.


About florenttastet

As an IT professional and leader, my objective is to help an organization grow its IT department with new and innovative technologies in order to have production at the most efficient level ensuring the right alignment in the deployment of such technologies through a precise Professional Services results in a extraordinary experience for the customer. Team member of multiple projects, I have developed a strict work ethic allowing development of superior communication skills, as well as the ability to multi-task and meet precise deadlines. As an IT veteran with a broad background in consulting, management, strategy, sales and business development, I have developed an deep expertise in virtulization using VMware and Citrix products with a strong skillset on Storage Arrays (HP, EMC, Netapp, Nimble & IBM). I have also developed a Security practice through CheckPoints NGX R65-R66 (CCSA obtained) and Cisco PIX-ASA product line. Specialties: Microsoft infrastructure products; Monitoring HPOV, SCOM, CiscoWorks, Firewalls: checkpoint, PIX and ASA. Virtualization with VMware (ESX through vSphere & View/Horizon), Microsoft (Hyper-V server, VDI and App-V), Citrix (Xenserver, XenDesktop, Xenapp), Storage (EMC, HP, Netapp, Nimble & IBM), Reference Architectures and Converged Datacenters (vSPEX, Flexpod, vBlock, PureFlex & HP Matrix)
This entry was posted in Datacenter, Microsoft, Server virtualization, Uncategorized, vmware. Bookmark the permalink.

One Response to Microsoft Active Directory, Snapshots and VMware vSphere

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s