No, I believe you're correct. If we were still on Windows 2003 AD, I don't think I would be doing this because of the USN rollback issue. Newer versions of Windows server are much different when it comes to AD, as we probably all know. DCs running on VMs can even be cloned if the virtualization platform is new enough. My one standing DC would have the newest USNs and the others would recognize that. I see no reason to believe otherwise, unless I’m missing something.
In any case, thanks for the feedback in your other message. It's really helpful. You've essentially tested the same thing I would be doing. You are using array-based replication which is slightly different, but as I said I'll check with VMware from that angle. -----Original Message----- From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Michael Leone Sent: Friday, February 5, 2016 2:10 PM To: ntsys...@lists.myitforum.com Subject: Re: [NTSysADM] Replicating AD VMs On Fri, Feb 5, 2016 at 2:01 PM, Jack Kramer <j...@smalltype.net> wrote: > You mean aside from the part where the backup DC would see the other > four DCs turn off and then turn back on with a 15-minute-old copy of the > data? > Data that it thinks should already be replicated because it’s > operating in the present, not the past? The backup DC would just see that replication failed for 15 minutes, then got re-established. Of course the copies are out of sync, as they would be during any failure of replication (such as network outage, etc). I don't see this as too big of an issue. Unless I am completely misunderstanding how AD replication handles temporary outages. > Don’t do it. If you lose the four main DCs, seize the roles on the DR > domain controller and create fresh ones.
