Domain Controller on a 2008 R2 Server host Hyper-V servers

Posted on 2013-01-09
Last Modified: 2016-11-23
Hi, we have several ( 4 with an additional spare ) new Dell servers that are all set up with Hyper-V and each is hosting several virtual machines on them. We have a 2003 AD and want to upgrade to 2008 AD and remove the 2003 64-bit domain controllers (older physical computers). Doing the research it looks like it is not recommended to put all of your DCs (or any according to some) on a virtual machine. Need some opinion on that, but also on if it is safe to make the actual hosting server a DC knowing that I can't reboot it without killing all of the VMs on that host. I rarely ever have to do a non-scheduled reboot of a DC so I'm anticipating the same once we go to 2008 DCs. Opinions requested for best way to go. I would like to add two DCs. Also, I have a remote location with a 2003 DC that I can't replace right now. Can it remain as a DC even though it is 2003 or do I have to remove that role from it?

Question by:OGDITAdmin

Accepted Solution

tpitch-ssemc earned 167 total points
ID: 38760122
I would recommend at least 1 physical DC. You can upgrade to 2008 and still keep your 2003 DC until such time you can replace it. Just don't upgrade your Forest to a 2008 only domain (which is a manual process). We just recently upgraded our DCs to 2008 and our forest; before we had a 2003 DC running.

As far as the virtual suggesstions, I've run DCs in a virtual environment. I had 2 virtual at our main location and a 3rd at a remote site that was physical. I know people that don't like to run DCs virtually, but I've never had a single issue. The only thing I would make sure that your DCs get their time from a public source at not the host server. Also, don't do any type of snapshotting for protection of the DCs- your objects in AD change very often and recovering from a snapshot will cause unexpected results.

And I would not recommend running your Hyper-V host box as a domain controller. That's just my recommendation.
LVL 26

Expert Comment

by:Leon Fester
ID: 38760998
Microsoft support 2008 and higher Domain Controllers on Hyper-V.

Have a read through the planning guide for DC virtualization.
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 166 total points
ID: 38761282
The only issue with all DC in virtual environment will be if you want to put the host servers in the same domain: you could end up unable to logon on the Hyper-V host servers if all DC are down.

I would recommend placing the Hyper-V servers on dedicated IP subnet and domain/workgroup. I am running two Hyper-V servers in a workgroup hosting my both domain controllers. In such configuration you do not depend on the DC to logon on the host servers. The only tricky part is configuring remote management with Hyper-V Manager but it works thanks to HVRemote and Unfortunately, we still don’t have a version of HVRemote that works with Hyper-V 2012 and Windows 8.

Assisted Solution

palicos earned 167 total points
ID: 38762273
I'm supposed to say something about best practices. Don't enable any other roles in the parent partition (i.e., the physical Hyper-V server), don't run any applications in the parent partition, have a second physical server for AD, etc.

Using separate physical drives like you are planning to do is a great idea.
For instance, suppose, if you have 32 GB of ram, make sure that you don't allocate more than 30 GB of ram to the running virtual machines. In your case, you need to hold back more than 2 GB of ram. Find the amount of ram used by a physical domain controller and add 2 GB to that to come up with your custom hold back amount.

Refer this link

Running your ONLY DCs as virtuals will work fine.  I run many small networks consiting of a single blade servers running Win2008R2 SP1 w/Hyper-V and all the resources are virtual servers and PCs on that same single blade.  When booting a blade from scratch the Hyper-V services start, I have my DC VMs set to autostart first with the rest delayed to give the DCs time to fully come up.

I may not be too clear but what i have experience I stated that.

Hope it helps you.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Map drive based on local server 5 36
Hyper v support 8 25
GPO not showing IE10 in GP Preferences 14 47
Do hyper-v and VMware clash 4 59
First I will try to share a design of a Veeam Backup Infrastructure without Direct NFS Access backup. Note: Direct NFS Access backup transport mechanism is only available in Veeam v9 In above I try to design the Veeam Backup flow between i…
Why should I virtualize?  It’s a question that’s asked often enough.  My response is usually “Why SHOULDN’T you virtualize?”
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question