Month: April 2013

Windows Server 2012 Hyper-V : Simultaneous Live Migration

Samir Farhat Uncategorized

Windows Server 2012 added a new possibility of making a simultaneous live migration of virtual machines from one cluster node to another (or more).

This is very interesting when we are in hurry and want to rapidly evacuate a node for maintenance or restart. Maybe we don’t feel it when we have 2 or 3 virtual machines to move, but think when you have 20 or 30 or more !!

Migrating multiple virtual machines is nice, Windows Server 2012 don’t impose any limitation of the simultaneous number (2, 3, 20…) of VMs to move, but give you the possibility to configure the maximum authorized number of simultaneous live migrated machines. Think about it, it’s not like moving 10 VMs from one node to another using 5 Gbit link, like moving them over 1 Gbit link. So, depending in your policy and your SLAs, you will calculate a reasonable number to configure. Don’t forget that live migration duration depends on the Live Migration network link speed, virtual machine memory and virtual machine load.

  • How to configure maximum simultaneous live migrations ?

Simultaneous live migration settings can be configured per node basis, each node in the cluster (or even in a non cluster configuration, Nothing Shared Live Migration) can have it’s own configuration. In addition, don’t forget that the configured value is for In/Out simultaneously live migration ; in other words, if you configure a maximum of 5 simultaneous live migration operations, this node will accept a max of 5 IN and Out live migration at once (3 IN and 2 Out, 4 IN and 1 Out…).

To configure simultaneous Live Migration maximum count setting, go to Hyper-V Manager, Hyper-V Settings, Live Migrations. Type the desired value in the Simultaneous live migration box

SNAG-0016

 

How to easily live migrate all my virtual machines from one node to another ?

Now, what if i want to live migrate all my virtual machines from one node to the rest of the nodes, in other words, what if i want to empty a given node from all the virtual machines that runs on (i need to restart it!)

  1. First method : The direct method is to select all the virtual machines, right click, Move, Live migration, Select node. The matter here is  that i can select only one node, so if i have 30 virtual machines, i have to place them on a single node !! not very practical, i need to select some virtual machines, migrate them to a node, then select some other virtual machines and migrate them to another node, and so on. Boring, time consuming, and i need to know if my target node will handle all the virtual machines to move to.SNAG-0011            SNAG-0012
  2. Second Method : The Microsoft Failover cluster team has thought about it, there’s an excellent method to migrate all the virtual machines from one node and spread them to the other nodes. In the Failover cluster console, Nodes, right click the node that holds the VMs to migrate, Pause, Drain roles. This will start live migrating and queuing VMs to the rest of the cluster nodes. The node will be placed to paused state, so it will not accept ingoing live migration or virtual machine placement.   SNAG-0014                SNAG-0015
    You can see that only the maximum simultaneous live migration operations is happening at the same time, the other virtual machines are placed in a a queue. The nice other thing is that you can move back you virtual machines to this node after doing your maintenance or restart. Just right click it, Resume, Fail back roles ; All the virtual machines that were on this node will be live migrated back to this node. SNAG-0017

Migrate Active Directory 2008 R2 to Active Directory 2012 – Part3

Samir Farhat Uncategorized

Like any Active Directory migration or upgrade, we need to run the famous “Adprep” to prepare the forest and the domains that we wish to upgrade.

– Run “Adprep” once in each forest you want to upgrade

– Run “Adprep” for each domain you want to upgrade

– We will need a privileged account for each operation

– It’s recommended to run the “Adprep” preparation in a domain controller that holds the needed FSMO role. To identify which domain controller is holding FSMOs role, run  the following command line in any domain controller for each domain.

netdom query fsmo

Don’t forget that there’s 5 FSMO roles, Schema Master and Domain Naming Master are unique in the forest, PDC emulator, Infrastructure master and RID master are unique for each domain.

So in our case we will run 3 times this command, one for each domain.

SNAG-0001

More about FSMO roles in the following technet article, it’s really an interesting reading HERE

The forest and domain functional level must be at least Windows 2000 Native mode. Windows 2000 Mixed mode is not supported. All your domain controllers must run Windows Server 2003 or higher operating system.

You will need the Windows Server 2012 sources for the Adprep.exe tool (\Support\Adprep folder). You can copy the Adprep folder to a desired location and run the Adprep.exe tool from that location. In my case i will copy the folder under the C:\ partition of each domain controller i will run the command from within it.

  • Forest Preparation

In this step, i will prepare our forest for the upgrade. We will need to make this preparation only one time because our environment is composed of only one single forest.

  1. Connect to the domain controller that holds the Schema Master role (in our case, LAB-DC-01.lab.local) with a user member of the Schema Admins group, Enterprise Admins group, and  Domain Admins group of the domain holding the Schema Master role (The built-in Administrator account in the forest root domain is a member of the Schema Admins group by default).
  2. Open a privileged command prompt
  3. Go to Adprep folder, and run the following command :         Adprep /forestPrep        SNAG-0002
  4. Type C then press Enter
  5. You should have the following message if the schema upgrade was successful   :  Adprep successfully updated the forest-wide information                                                                                                                                                                                                                                                                                         SNAG-0003
  6. Verify that replication is completed successfully by following the next steps

Verification Sart

  1. Log on to an administrative workstation that has ADSIEdit installed.
  2. Click Start, click Run, type ADSIEdit.msc, and then click OK.
  3. Click Action, and then click Connect to.
  4. Click Select a well known Naming Context, select Configuration in the list of available naming contexts, and then click OK.
  5. Double-click Configuration, and then double-click CN=Configuration,DC=forest_root_domainwhere forest_root_domain is the distinguished name of your forest root domain.
  6. Double-click CN=ForestUpdates.
  7. Right-click CN=ActiveDirectoryUpdate, and then click Properties.
  8. If you ran adprep /forestprep for Windows Server 2008 R2, confirm that the Revision attribute value is 5, and then click OK.If you ran adprep /forestprep for Windows Server 2008, confirm that the Revision attribute value is 2, and then click OK.
  9. Click ADSI Edit, click Action, and then click Connect to.
  10. Click Select a Well known naming context, select Schema in the list of available naming contexts, and then click OK.
  11. Double-click Schema.
  12. Right-click CN=Schema,CN=Configuration,DC=forest_root_domain, and then click Propertieswhere forest_root_domain is the distinguished name of your forest root domain.
  13. If you ran adprep /forestprep for Windows Server 2008 R2, confirm that the objectVersion attribute value is set to 47, and then click OK.If you ran adprep /forestprep for Windows Server 2008, confirm that the objectVersion attribute value is set to 44, and then click OK.

Verification End

  • Domain Preparation

After preparing the forest, we have to prepare each domain we want to upgrade. If you want to upgrade just one domain, make this operation only on that domain. In our case we will make his operation three times. To help ensure that the domain preparation command runs successfully, complete these steps on the infrastructure operations master role holder for each domain. You need an account that is member of the Domain Admins group

Upgrading LAB.Local domain : Adprep /DomainPrep

SNAG-0004

Upgrading LABX.Local domain : Adprep /DomainPrep

SNAG-0004

Upgrading LABCHILD.Local domain : Adprep /DomainPrep

SNAG-0004

To verify that adprep /domainprep completed successfully

  1. Log on to an administrative workstation that has ADSIEdit installed.
  2. Click Start, click Run, type ADSIEdit.msc, and then click OK.
  3. Click Action, and then click Connect to.
  4. Click Select a well known Naming Context, select Default naming context in the list of available naming contexts, and then click OK.
  5. Double-click Default naming context, double-click the container that is the distinguished name of the domain, and then double-click CN=System.
  6. Double-click CN=DomainUpdates, right-click CN=ActiveDirectoryUpdate, and then click Properties.
  7. If you ran adprep /domainprep for Windows Server 2008 R2, confirm that the Revision attribute value is 5, and then click OK.If you ran adprep /domainprep for Windows Server 2008, confirm that the Revision attribute value is 3, and then click OK.

Verification END

  • Domain Group Policy Preparation

Like Domain preparation, you should upgrade the Group Policy structure, for that, like domain preparation, run the adprep /domainprep /gpprep

NB: If you run this command before adprep /domainprep, this will prepare the domain and the group policies. So you can just run the Adprep /domainprep /gpprep command and it will make both operations.

DONE!

Preparation is complete, now we can start migration 🙂

Migrate Active Directory 2008 R2 to Active Directory 2012 – Part2

Samir Farhat Uncategorized

Welcome to the part2 of the Migrate Active Directory 2008 R2 to Active Directory 2012 blog series. In this post, i will run some prerequisites and validation tests before proceeding with the migration. Tests are primordial because if the state of your current active directory is not good, migration may fail and you can encounter many errors and unexpected behavior during or after the migration.

In addition, you should review the following link, and see if your current environment is ready for migration aka upgrade

http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_UpgradeWorkflow

Before continuing : Connect to all your domain controllers, and clear the following event logs: System, DFS Replication, Directory services, DNS. Wait for more than 60 minutes before proceeding with this guide. Check your event logs and look for any AD related errors or warnings.

Steps

 

Important: Every step should be run on each domain controller. Logon to to the domain controller with a user member of the domain admins security group. From an elevated command prompt, run the following commands:

  1. ‘Dcdiag.exe /v’      or    Dcdiag.exe /v /f:Dcdiag.txt’   if you want that the command output be redirected to text file. take your time to focus on the results and try to investigate any error or problem before continuing.
  2. Repadmin /showreps’        This command will output you the replication status between the domain controllers. Verify that all the status are Successful
  3. Repadmin /replsum‘       This command let you see the replication stats and let you know if there’s any error.

Now, we have checked our current Active Directory platform and we are now ready for migration. Yesss!!

NB: The commands written before are not all the commands for diagnosing ADDS, there’s many other commands and tools

Migrate Active Directory 2008 R2 to Active Directory 2012 – Part1

Samir Farhat Uncategorized

In this post, i will start by describing the current Active Directory Domain services 2008 R2 SP1 environment.

The environment composed of :

– One single forest

-A root domain LAB.local

– A tree domain LABX.local

– A child domain of LAB.local named CHILDLAB.LAB.Local

– A two way trust between LAB.local and LABX.local is established

Image

The following picture describes the physical architecture of the lab platform

Image

So we have:

– 4 domain controllers

– One site

Forest and domain functional level are set to Windows Server 2008 R2

LAB.local

  • LAB-DC-01.lab.local :  (Schema master, Domain naming master, PDC, RID pool manager, Infrastructure master), DNS, Global Catalog
  • LAB-DC-02.lab.local:  Global Catalog, DNS

LABCHILD.local

  • LABCHILD-DC-01.Labchild.lab.local: (PDC, RID pool manager, Infrastructure master), DNS

LABX.local

  • LABX-DC-01.labx.local : (PDC, RID pool manager, Infrastructure master), DNS, GC

After describing the logical and physical architecture of the Windows 2008 R2 ADDS environment, let’s begin!

But before i begin, i need to explain the upgrade/migration process: SIDE BY SIDE UPGRADE

1- Checking the current environnemnt

2- Preparing the environment

3- Making a side by side coexistence of old and new domain controllers

4- Moving services from the old domain controller to the new one : FSMO roles, DNS

5- De-promoting old domain controllers