Windows Server 2008 Domain Role Assignments with DC in HyperV VM

Posted on 2012-08-29
Medium Priority
Last Modified: 2012-08-30
Our current environment is this:

1. Single domain with three (3) DCs, all GC servers.

2. First DC is running Windows Server 2008 Standard SP2 32-bit. Machine is generic black box with P4 and 4GB of RAM.
3. Second DC is running Windows Server 2008 Standard SP2 32-bit. Machine is IBM System x3250 with dual core Xeon and mirrored 73GB drives.
4. Third DC is running Windows Server 2008 R2 Standard SP1 64-bit as a VM inside HyperV. 4GB allocated to it.

5. First DC is DNS and Print Server. (with GC)
6. Second DC is DNS and DHCP Server. (with GC)
7. Third DC is just DC (with GC) so far.

I have a separate VM that will be the new print server, so I intend to remove that first from the First DC.

Here are the current roles:
First DC - Schema Master, Domain Naming Master, Infrastructure Master
Second DC - PDC, RID Pool Manager

We have just these DCs. All servers in the organization are Windows Server 2008 or 2008 R2. All clients are Windows 7.  We have about 80 users - not a very big environment.

1. I intend to retire the First DC.  How should I split roles between Second DC and Third DC (VM) ?
2. I intend to install DNS on Third DC (VM).  Is 4GB and two virtual processors allocated to it sufficient to support DNS with additional roles suggested above ?

Thanks much.
Question by:lapavoni
LVL 18

Accepted Solution

Netflo earned 1000 total points
ID: 38349551
Hi Stephen,

In reply to your questions:

1. Just move the roles down, so 2nd DC takes over 1st DC roles. 3rd DC takes over 2nd DC roles.
2. Typically DC comes with DNS, especially on Server 2008. In reply to your question, yes 4GB RAM and 2 virtual processors will be sufficient.

Points to note:

1. Assuming you update your DHCP server to publish the primary DNS as your second DC and secondary DNS as your third DC. Your second DC will take the brunt of all requests. So you will not see much load applied to your VM.

2. You DC VM will have static RAM assigned not dynamic, the NIC card on the VM is synthetic for performance reasons too.

Hope that helps.
LVL 33

Assisted Solution

Exchange_Geek earned 600 total points
ID: 38349562
First DC - Schema Master, Domain Naming Master, Infrastructure Master
Second DC - PDC, RID Pool Manager

Move roles from First DC to second.

Second, convert both DCs (second and third to be GC)

Thirdly, convert DNS to be AD Integrated, introduce the third server as DNS and once the environment looks good, remove the first.

If you have DHCP setup, remove first server as primary DNS Server, promote the second server as primary DNS and third as secondary DNS Server.

Ensure, that you are not in a hurry to demote a DC, there are various issues where if you do not provide adequate time - causes a menace in the environment.

You're RAM is good enough.

LVL 42

Assisted Solution

kevinhsieh earned 400 total points
ID: 38350072
I say that 1 GB of RAM and 1 vCPU is sufficient. You can go a little higher on the RAM if you want, but the second vCPU is not needed and will probably have a slightly negative impact on performance. I run DCs under Hyper-V with 1 vCPU for my 600 user environment.

Author Closing Comment

ID: 38351164
Great suggestions. Exchange_Geek, it sounded like your suggestion is to move all roles to the second DC and leave them there. I'm thinking Netflo's might be better to split roles.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question