For years, official and technical guidance has cautioned against using coming virtual processes such as taking snapshots of domain controllers. The reasons are sound: You run the risk of completely ruining your Active Directory environment. That’s pretty good motivation to follow the guidance.
From Microsoft: “Active Directory does not support other methods to roll back the contents of Active Directory. In particular, Active Directory does not support any method that restores a snapshot of the operating system or the volume the operating system resides on. This kind of method causes an update sequence number (USN) rollback. When a USN rollback occurs, the replication partners of the incorrectly restored domain controller may have inconsistent objects in their Active Directory databases. In this situation, you cannot make these objects consistent.”
Good news, though!
With Windows Server 8, this is no longer the case. In this version of Windows Server, the Active Directory role is virtualization aware. It leverages an ability that Microsoft has added to Hyper-V called Generation ID. This new feature allows a virtual domain controller to know whether or not it’s the latest version of AD. This same technology also enables administrators to clone virtual domain controllers, making the DC deployment process much easier.
Microsoft is working with other hypervisor vendors implement Gen ID in their own products to bring this capability to all users of virtual domain controllers.