0

I have read a lot about how bad domain controller snaphots are due to possible inconsistencies being created. They all seem to be only related to the case of having multiple DCs, like you have in a medium to large company.

What I am not sure about:

  1. When I have only 1 DC (very small company), are there negative implications from reverting to snapshots?
  2. Do I get inconsistencies if I have only 1 DC, but made changes to AD (affecting other computers) since the snapshot was created? Can I somehow resync?
  3. I am running Hyper-V hosts newer than 2012, though I think the "new" USN mechanism is only for DC-DC synchronisation, so in my case (reverting to snapshot) it isn't an advantage, but also no disadvantage?

Many thanks!

Andreas Reiff
  • 201
  • 3
  • 10
  • Why would you need to snapshot a Domain Controller in the first place? – joeqwerty Jan 14 '17 at 18:05
  • Upgrade Exchange 2003 to 2010. From what I know it affects all the old exchange 2003, new exchange 2010 as well as the DC server. I want that option as a fallback in case of an error occuring. So I am going to snapshot exchange 2003 and dc and run the whole process over the weekend, where there are neither mails nor AD changes. – Andreas Reiff Jan 14 '17 at 18:31

2 Answers2

2

I have read a lot about how bad domain controller snaphots are due to possible inconsistencies being created.

And they all predate 2012 when this was fixed on an AD level.

When I have only 1 DC (very small company), are there negative implications from reverting to snapshots?

It pretty much does not matter how small you are, you should have 2 DC.

But, what is your problem? With 1 DC you can not have inconsistencies to start with. An inconsistency is if one DC thinks the current AD structure looks different than others - which never happens with one.

To go to your point 2 - you also can not resync because there is nothing to resync. Computers you added will not be there after a rollback, all changes are undone.

TomTom
  • 51,649
  • 7
  • 54
  • 136
1

When I have only 1 DC (very small company), are there negative implications from reverting to snapshots?

Absolutely! Think about for example time synchronisation. Maybe some users changed their password? Maybe some DNS or DHCP changes took place in the meanwhile? You do NOT want to go back in time with a domain controller if there is no essential need to

Do I get inconsistencies if I have only 1 DC, but made changes to AD (affecting other computers) since the snapshot was created? Can I somehow resync?

I do not think there will be any inconsistencies to be created. But I don't see a good reason to create a snapshot for a domain controller. You'd better make sure you have a good backup. I'd only make a snapshot if you're going to do maintenance in evening hours. But then, I would just add another DC to failover and replicate.

user395290
  • 21
  • 3