Forum Discussion
New VM, old VHDs
Hi, Paul.
Not far off but not quite accurate, no.
You are correct in that the permissions are stored in the file system, but those are - in database language - foreign key references to either the local security database (aka SAM) or possibly the Active Directory database if it's a domain-joined machine - those being the primary keys as it were. So, there's two halves to the portability.
In the VHD, you'll have one half, but without the server to which the disk was attached, it is possible to lose the second half.
I say possible because it really relates specifically to the scenario where local groups have been created on that server and then in turn applied to the file system, or similarly for local accounts created on that server. If only built-in groups have been used, or only permissions from the domain (if that applies), then those permissions are "portable" and you have nothing to worry about.
If locally-defined groups or accounts have been used in the file permissions, you can still port the VHD across but any access control entries (ACEs or simply permissions) referencing those groups/users would still be present on the file system but entirely unusable by the new server, as it can't look them up in the relevant SAM. They'd show up in the permissions GUI as a SID rather than the user-friendly name.
Switching topics to the merit of cutting over from VHD to VHDX, I never committed all the advantages to memory but I'll speak to two:
- VHDX permits faster I/O as it's based on a SCSI implementation rather than the old and deliberately-limited IDE implementation;
- VHD is not a format that's catered to with respect to any new features/enhancements/what have you.
I would recommend cutting over as it's not a complex - particularly if you're using Server 2016 or later but that's just my opinion (not only based on the two points above, but they are worth considering.)
Here's some links you can have a read of. Note, I deliberately chose the Server 2016 versions of the PowerShell commandlets as that was the earliest version you mentioned.
Anyhow, best of luck with whichever approach you take.
Cheers,
Lain
Hyper-V Storage I/O Performance | Microsoft Docs
Hi, Paul.
Not far off but not quite accurate, no.
You are correct in that the permissions are stored in the file system, but those are - in database language - foreign key references to either the local security database (aka SAM) or possibly the Active Directory database if it's a domain-joined machine - those being the primary keys as it were. So, there's two halves to the portability.
In the VHD, you'll have one half, but without the server to which the disk was attached, it is possible to lose the second half.
I say possible because it really relates specifically to the scenario where local groups have been created on that server and then in turn applied to the file system, or similarly for local accounts created on that server. If only built-in groups have been used, or only permissions from the domain (if that applies), then those permissions are "portable" and you have nothing to worry about.
If locally-defined groups or accounts have been used in the file permissions, you can still port the VHD across but any access control entries (ACEs or simply permissions) referencing those groups/users would still be present on the file system but entirely unusable by the new server, as it can't look them up in the relevant SAM. They'd show up in the permissions GUI as a SID rather than the user-friendly name.
Switching topics to the merit of cutting over from VHD to VHDX, I never committed all the advantages to memory but I'll speak to two:
- VHDX permits faster I/O as it's based on a SCSI implementation rather than the old and deliberately-limited IDE implementation;
- VHD is not a format that's catered to with respect to any new features/enhancements/what have you.
I would recommend cutting over as it's not a complex - particularly if you're using Server 2016 or later but that's just my opinion (not only based on the two points above, but they are worth considering.)
Here's some links you can have a read of. Note, I deliberately chose the Server 2016 versions of the PowerShell commandlets as that was the earliest version you mentioned.
Anyhow, best of luck with whichever approach you take.
Cheers,
Lain
Hyper-V Storage I/O Performance | Microsoft Docs