When you check my list with virtualization platforms that support Virtualization-safe(r) Active Directory through the Microsoft backed VM-GenerationID capability, you’ll notice that VMware has been supporting it in their products for a while now: Both VMware Workstation and VMware ESXi support it towards Windows Server 2012 and Windows Server 2012 R2-based Virtual Machines (VMs).
Unfortunately, I haven’t come across a VMware environment in a while and, thus, didn’t have time to look into the way VMware has implemented the feature. Yesterday, for my presentation at the Dutch VMware User Group Conference, I did.
So, let me kick off this series in which I’ll be sharing what it feels like to virtualize and clone Active Directory Domain Controllers safely on both platforms, with a blogpost on finding out whether your virtual Domain Controllers may benefit from the VM-GenerationID on the VMware-based hypervisors and, thus, may be safely virtualized and cloned.
Finding the VM-GenerationID
Within a VMware environment, two ways exist to find out whether your Windows Server 2012 and Windows Server 2012 R2-based Virtual Machines (VMs) leverage the VM-GenerationID:
- Listed in the Virtual Machine Configuration (*.vmx) file on the host
- Listed as a system device in the guest.
From the Virtual Machine Configuration
When you have access to the files of a VMware-based Virtual Machine, you can check the Virtual Machine Configuration file (*.vmx) file. When you open this file with your favorite text editor (for instance, Notepad), you can search for the line that starts with vm-genid:
Through the (hidden) system device
As part of the VM-GenerationID Whitepaper that was published and shared by Microsoft, a system device needs to be presented to each Virtual Machine. As we’ve seen before on a Virtual Machine running on XenServer 6.2.0, after running the VMware tools, this device can be found in Device Manager (devmgmt.msc).
VMware, however, has decided to make the Generation Counter device hidden from the default view in Device Manager (devmgmt.msc) in Virtual Machines (VMs) running on its VM-GenerationID-capable virtualization products.
To see the device, the option Show hidden devices from the View menu needs to be enabled, first:
Then, as part of the list of System devices the Generation Counter device can be found:
I don’t know the exact reason why VMware has chosen to make the Microsoft Hyper-V Generation Counter device a hidden device on virtualized Windows Server 2012 installation. I can only imagine…
Perhaps the fact that every Windows Server 2012 and Windows Server 2012 R2-based Virtual Machine on every current VMware virtualization solution has a device with a name containing Hyper-V after the VMware Tools have installed, combined with the fact admins can’t disable this feature, is slightly embarrassing to VMware?
You can find out whether your virtual Domain Controllers may benefit from the VM-GenerationID on the VMware-based hypervisors through the Virtual Machine Configuration (*.vmx) file on the virtualization host and/or from the (hidden) system device in the guest.
List of Hypervisors supporting VM-GenerationID
Citrix XenServer joins the VM-GenerationID family
New features in AD DS in Windows Server 2012, Part 13: Domain Controller Cloning
New features in AD DS in Windows Server 2012, Part 12: Virtualization-safe Active Directory