I have read a lot about how bad domain controller snaphots are due to possible inconsistencies being created. They all seem to be only related to the case of having multiple DCs, like you have in a medium to large company.
What I am not sure about:
- When I have only 1 DC (very small company), are there negative implications from reverting to snapshots?
- Do I get inconsistencies if I have only 1 DC, but made changes to AD (affecting other computers) since the snapshot was created? Can I somehow resync?
- I am running Hyper-V hosts newer than 2012, though I think the "new" USN mechanism is only for DC-DC synchronisation, so in my case (reverting to snapshot) it isn't an advantage, but also no disadvantage?
Many thanks!
And they all predate 2012 when this was fixed on an AD level.
It pretty much does not matter how small you are, you should have 2 DC.
But, what is your problem? With 1 DC you can not have inconsistencies to start with. An inconsistency is if one DC thinks the current AD structure looks different than others - which never happens with one.
To go to your point 2 - you also can not resync because there is nothing to resync. Computers you added will not be there after a rollback, all changes are undone.
Absolutely! Think about for example time synchronisation. Maybe some users changed their password? Maybe some DNS or DHCP changes took place in the meanwhile? You do NOT want to go back in time with a domain controller if there is no essential need to
I do not think there will be any inconsistencies to be created. But I don't see a good reason to create a snapshot for a domain controller. You'd better make sure you have a good backup. I'd only make a snapshot if you're going to do maintenance in evening hours. But then, I would just add another DC to failover and replicate.