Category Archives: Virtualization
VMware vSphere 7.0 Update 1 introduces an interface for advanced time synchronization configuration
Back in July 2019, I wrote a blogpost on managing Active Directory Time Synchronization on VMware vSphere. This blogpost details how to configure time settings for Domain Controllers running as virtual machines on top of VMware vSphere. This blogpost introduced the concept of advanced time synchronization configuration. Now it’s time for an update; both for […]
Building a straight-forward vSphere delegation model for running virtual Domain Controllers safely
When Active Directory Domain Controllers run as virtual machines on top of VMware vSphere, virtualization, storage and backups admins may be considered equal to enterprise admins in Active Directory, because they have the equivalent of physical access to Domain Controllers. Admittingly, you don’t want everyone to use root or administrator@vsphere.local to manage the virtualization platform, […]
Domain Controller Cloning on VMware vSphere
After detailing Active Directory Virtualization Safeguards with VM-GenerationID in part 5 of this series on Virtualizing Domain Controllers on vSphere, it’s time to talk about the second Active Directory Domain Services feature that is enabled through the VM-GenerationID technology: Domain Controller cloning. About Domain Controller cloning Microsoft recommends not re-using Domain Controllers for other […]
HOWTO: Handle Windows Activation on non-domain-joined Web Application Proxies
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle Windows activation on non-domain-joined Web […]
HOWTO: Handle Time synchronization on non-domain-joined Web Application Proxies
Most Microsoft-based Hybrid Identity implementations use Active Directory Federation Services (AD FS) Servers, Web Application Proxies and Azure AD Connect installations. In this series, labeled Hardening Hybrid Identity, we’re looking at hardening these implementations, using recommended practices. In this part of the series, we’ll look at best practices to handle time synchronization on non-domain-joined Web […]
Active Directory Virtualization Safeguards with VM-GenerationID on VMware vSphere
Arriving at the fifth part of this series on Virtualizing Domain Controllers on vSphere, I managed to gather some feedback on these blogposts. One question that emerged after writing the last blogpost on Replication considerations for Domain Controllers running on VMware vSphere was: Isn’t Windows Server 2012 supposed to solve all these challenges with virtualizing […]
Replication considerations for Domain Controllers running on VMware vSphere
Active Directory utilizes a multi-master replication model. It’s great that each Domain Controller provides read and write access to the Active Directory database, but it comes with a big drawback: Domain Controllers need to be in sync to provide consistent data to clients, independent of the Domain Controller communicated to. A big question to ask […]
Managing Active Directory Time Synchronization on VMware vSphere
One of the hardest things to get right with virtual Domain Controllers is the time hierarchy in Active Directory. Recommended practices from Microsoft have been all over the place, but seem to have solidified in the last years, but the question remains: How do I manage Active Directory Time Synchronization on VMware vSphere? This is […]
Sizing Domain Controllers correctly on VMware vSphere
In the first part of this series, we discussed why we want to virtualize Domain Controllers. The first question people ask is: How do I properly size Domain Controllers on my virtualization platform? Specifically, for VMware vSphere, this is a good question, because there are a couple of areas of attention, beyond the recommended practices […]
Why virtualize Domain Controllers?
One of the questions I get asked a lot is: Why virtualize Domain Controllers? So, in this blogpost, I’m showing you reasons why virtualization for Domain Controllers and Active Directory is a good idea. I also know there are a lot of caveats when virtualization Domain Controllers, so this blogpost serves as a small part […]
Login