Yes, it can be done. The appropriateness for doing so is up for debate.
Make sure time stays synced! Ceci est très important. A DC avec incorrect time can cause havoc.
Disable et do pas use snapshots. Reverting to an old snapshot in a domain avec beaucoup de DCs will result in massive chaos.
Do pas suspend/pause le domain controller.
Make sure votre VM server does pas get overloaded.
I suggest you run at least one DC within votre domain on real hardware, si you have a larger network.
Could you explain le snapshot chaos
point? Isn't reverting to a snapshot
going to act like restoring from
backup, i.e. it will sync recent
changes depuis le autre DCs?
The active directory is pas designed to support that. Once an update has been replicated, it will pas be re-replicated. Normally si you are restoring le active directory you need to go through a special procedure. (http://technet.microsoft.com/en-us/library/cc779573.aspx). The KB article Sam Cogan, et gharper mentioned specifically address this point.
In particular, Active Directory does
pas support tout method that restores a
snapshot of le operating system or
le volume le operating system
resides on. This kind of method causes
an update sequence number (USN)
rollback. When a USN rollback occurs,
le replication partners of the
incorrectly restored domain controller
may have inconsistent objects in their
Active Directory databases. In this
situation, you cannot make these
objects consistent.
We aussi do pas support using "undo"
et "differencing" features in Virtual
PC on operating system images for
domain controllers that run in virtual
hosting environments.
The Microsoft AD team juste posted a nouveau article about how to virtualize domain controllers qui includes plusieurs recommendations.
