Updated: January 7, 2009
Domain controllers that are running on virtual machines have operational restrictions that do not apply to domain controllers that are running on physical machines. When you use a virtualized domain controller, there are some virtualization software features and practices that you should not use:
- Do not pause, stop, or store the saved state of a domain controller in a virtual machine for time periods longer than the tombstone lifetime of the forest and then resume from the paused or saved state. Doing this can interfere with replication. To learn how to determine the tombstone lifetime for the forest, see Determine the Tombstone Lifetime for the Forest (http://go.microsoft.com/fwlink/?LinkId=137177).
- Do not copy or clone virtual hard disks (VHDs).
- Do not take or use a Snapshot of a virtual domain controller.
- Do not use a differencing disk VHD on a virtual machine that is configured as a domain controller. This makes reverting to a previous version too easy, and it also decreases performance.
- Do not use the Export feature on a virtual machine that is running a domain controller.
- Do not restore a domain controller or attempt to roll back the contents of an Active Directory database by any means other than using a supported backup. For more information, see Backup and Restore Considerations for Virtualized Domain Controllers.
All these recommendations are made to help avoid the possibility of an update sequence number (USN) rollback. For more information about USN rollback, see Appendix A: Virtualized Domain Controllers and Replication Issues.