Operations that cause a DC that is running on a VM to change it's place in time can cause replication to fail. These are operations like snapshot restore, or cloning. They will cause duplicate security objects to be created.
However, if a given hypervisor supports VM-Generation ID, then a change in the VM Generation ID will signal to AD that such a change has taken place, and AD can invalidate it's RID pool, and perform other tasks which will stop duplicate SIDs from being created and ensure proper replication.
So does RHEV support VM-Generation ID?