Solved

Active Directory on Virtual Machines

Posted on 2010-11-30
7
607 Views
Last Modified: 2012-05-10
We are considering installing Active Directory as a Guest on a virtual machine.

Is there any reason we should not do this?
0
Comment
Question by:Tony_Rhoades
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 100 total points
ID: 34241628
Read throught this artilce there are a few things you should not do.
Snaps shots and having the DC get its time from the hosts are two big ones.

http://support.microsoft.com/kb/888794
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 34241636
We run most of our DCs on VMWare (Hyper V is good too).  I'm all for virtualizing DCs and it is supported.  There was a recent thread about this that I was a part of

http://www.experts-exchange.com/Software/VMWare/Q_26571188.html

I don't feel like typing all that again so take a look at that thread and the links (the MS team had some blog entries that I also included)

Thanks

Mike
0
 
LVL 40

Assisted Solution

by:coolsport00
coolsport00 earned 100 total points
ID: 34241638
There have been many posts on this. Simple answer...no, no problems with doing so. Things to consider? Yes. See a recent previous EE post on the topic:
http://www.experts-exchange.com/Software/VMWare/Q_26571188.html?sfQueryTermInfo=1+10+30+activ+directori+virtual

http://www.experts-exchange.com/Software/VMWare/Q_26621071.html?sfQueryTermInfo=1+10+30+activ+directori+virtual

Regards,
~coolsport00
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 100 total points
ID: 34241639
Not disagreeing with KenMcF, but my perspective - don't do snapshots and don't make it your ONLY DC (that is, keep at least ONE physical DC).  Also, disable time sync between the VM and the host server.  (AD should keep itself up to date with an NTP server and syncing between guest and host on a DC can create problems).
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34241702
In our case we will be going to all virtual DCs but we have 16 hosts and a reliable SAN....and a separate data center with the same setup thousands of miles away so we are not putting all our eggs in one basket but generally I'd agree keep a physical DC if you don't have that sort of redundancy.

Thanks

Mike
0
 
LVL 23

Assisted Solution

by:Luciano Patrão
Luciano Patrão earned 100 total points
ID: 34242188
Hi

Like the rest of the EE inform, there is no problem. But i also agree that if you have a spar(even a old desktop/server) create a physical DC at least as a GC. If you have a good VMs backup(like Veeam) then you can restore quickly a DC, but if not, create a spare DC for any inconvenient with your VMware environment.

There is some documentation about this, read it.

http://www.vmware.com/resources/techresources/10029
http://www.vmworld.com/docs/DOC-2290
http://www.dabcc.com/article.aspx?id=13056

Jail
0
 

Author Closing Comment

by:Tony_Rhoades
ID: 34274422
Thank you to everyone who provided input on this one.  I am new to AD and all the input was very helpful
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Teach the user how to use vSphere Update Manager to update the VMware Tools and virtual machine hardware version Open vSphere Client: Review manual processes for updating VMware Tools and virtual hardware versions: Create a new baseline group in vSp…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question