At the current moment I have 2 servers running ESXi, both at opposite ends of the school.
I already have one VM running AD, DNS, DHCP and all the FSMO roles.
I have a non-ESXi server that's the BDC.
My thinking is to set up a third DC as a VM and then demote the old BDC as the VM will be the new BDC.
Now, I just need your opinions on the following.
Let's say, for example, all your servers died and went to PC heaven. To set up a whole new network can be very lengthy. However, you're using ghetto script to backup your 2 VM DCs on a weekly night as full images.
Would there be any problems just getting in new servers and whacking on what ever latest VM images you have of the DCs (most likely a week old image backup)?
Another thing, must the PDC image backup be recent and latest than the BDC or does this not matter?
If network/server failure did happen, the only thing I can see myself losing is any updates I've done from the last backup to the present, e.g. AD, DHCP, GPO modifications etc.
You've got to be careful with virtual DCs and imaging but if you are it can make stuff really easy. The issue is that AD has timestamps and replication IDs in its database and imaging it then restoring it at a later date can cause havoc. You should be able to do it if you can shutdown both DCs at the same time then run the backup while both are down and with the same version of the AD database. In this case you could just boot those on a different VM host if the network did die.
I would strongly recommend a system state backup of the DCs though as that way you can do an authorative restore to set things right if it all goes horribly wrong. I would also recommend splitting the fsmo roles between the DCs as if one goes south then you have less roles to seize.
The (unwritten) rules about DC's is that if one dies, or goes very wrong then teh safest thing to do is a demotion (if you can) and transfer of FSMO roles (or seize them on the remaining DC(s)) and reinstall from scratch. Never, ever mess around with AD. I've even seen it once where an inexperienced NM changed the BIOS date\time on one of his domain controllers so as to attempt to get round a software trial experation period. His network went bye-bye, and it's horrible seeing a grown man cry.
I think what I will do is have two virtual DCs and have them not only back up as complete images on a weekly basis, but also a full daily backup of the OSDisk and System State. The DCs won't be doing anything other than to run AD, DNS and DHCP (2nd DC will have it deactivated)
I just want to limit the impact of not having a fully functional network when the brown stuff hits the fan.
I have purchased a brand new DL180 G6 purely as a testing server. Should something happen I can always use this as a backup.