Virtualization-safe(r) Active Directory in VMware environments, Part 1

Reading Time: 3 minutes

When you check my list with virtualization platforms that support Virtualization-safe(r) Active Directory through the Microsoft backed VM-GenerationID capability, you’ll notice that VMware has been supporting it in their products for a while now: Both VMware Workstation and VMware ESXi support it towards Windows Server 2012 and Windows Server 2012 R2-based Virtual Machines (VMs).

Unfortunately, I haven’t come across a VMware environment in a while and, thus, didn’t have time to look into the way VMware has implemented the feature. Yesterday, for my presentation at the Dutch VMware User Group Conference, I did.

So, let me kick off this series in which I’ll be sharing what it feels like to virtualize and clone Active Directory Domain Controllers safely on both platforms, with a blogpost on finding out whether your virtual Domain Controllers may benefit from the VM-GenerationID on the VMware-based hypervisors and, thus, may be safely virtualized and cloned.

 

Finding the VM-GenerationID

Within a VMware environment, two ways exist to find out whether your Windows Server 2012 and Windows Server 2012 R2-based Virtual Machines (VMs) leverage the VM-GenerationID:

  • Listed in the Virtual Machine Configuration (*.vmx) file on the host
  • Listed as a system device in the guest.

 

From the Virtual Machine Configuration

When you have access to the files of a VMware-based Virtual Machine, you can check the Virtual Machine Configuration file (*.vmx) file. When you open this file with your favorite text editor (for instance, Notepad), you can search for the line that starts with  vm-genid:

Contents of the vmx file for a Virtual Machine running on a VM-GenerationID-capable VMware-based virtualization environment (Click for original screenshot)

 

Through the (hidden) system device

As part of the VM-GenerationID Whitepaper that was published and shared by Microsoft, a system device needs to be presented to each Virtual Machine. As we’ve seen before on a Virtual Machine running on XenServer 6.2.0, after running the VMware tools, this device can be found in Device Manager (devmgmt.msc).

VMware, however, has decided to make the Generation Counter device hidden from the default view in Device Manager (devmgmt.msc) in Virtual Machines (VMs) running on its VM-GenerationID-capable virtualization products.

To see the device, the option Show hidden devices from the View menu needs to be enabled, first:

Show hidden devices option in the View menu of Device Manager (click for original screenshot)

Then, as part of the list of System devices the Generation Counter device can be found:

The Microsoft Hyper-V Generation Counter in Device Manager in a VMware-based Virtual Windows Server 2012 installation (click for original screenshot)

I don’t know the exact reason why VMware has chosen to make the Microsoft Hyper-V Generation Counter device a hidden device on virtualized Windows Server 2012 installation. I can only imagine…

Perhaps the fact that every Windows Server 2012 and Windows Server 2012 R2-based Virtual Machine on every current VMware virtualization solution has a device with a name containing Hyper-V after the VMware Tools have installed, combined with the fact admins can’t disable this feature, is slightly embarrassing to VMware?

 

Concluding

You can find out whether your virtual Domain Controllers may benefit from the VM-GenerationID on the VMware-based hypervisors through the Virtual Machine Configuration (*.vmx) file on the virtualization host and/or from the (hidden) system device in the guest.

Related blogposts

List of Hypervisors supporting VM-GenerationID
Citrix XenServer joins the VM-GenerationID family
New features in AD DS in Windows Server 2012, Part 13: Domain Controller Cloning
New features in AD DS in Windows Server 2012, Part 12: Virtualization-safe Active Directory

Further reading

Cloning Windows Server 2012 Domain Controllers on vSphere 5
Windows Server 2012 VM-Generation ID Support in vSphere

One Response to Virtualization-safe(r) Active Directory in VMware environments, Part 1

  1.  

    Just Read your Post this has been on my list of things to look at for a year now and you post cleared things up for me in 1 minute…

    Many Thanks

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.