Domain Controller on a 2008 R2 Server host Hyper-V servers

Hi, we have several ( 4 with an additional spare ) new Dell servers that are all set up with Hyper-V and each is hosting several virtual machines on them. We have a 2003 AD and want to upgrade to 2008 AD and remove the 2003 64-bit domain controllers (older physical computers). Doing the research it looks like it is not recommended to put all of your DCs (or any according to some) on a virtual machine. Need some opinion on that, but also on if it is safe to make the actual hosting server a DC knowing that I can't reboot it without killing all of the VMs on that host. I rarely ever have to do a non-scheduled reboot of a DC so I'm anticipating the same once we go to 2008 DCs. Opinions requested for best way to go. I would like to add two DCs. Also, I have a remote location with a 2003 DC that I can't replace right now. Can it remain as a DC even though it is 2003 or do I have to remove that role from it?

Thanks
OGDITAdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tpitch-ssemcCommented:
I would recommend at least 1 physical DC. You can upgrade to 2008 and still keep your 2003 DC until such time you can replace it. Just don't upgrade your Forest to a 2008 only domain (which is a manual process). We just recently upgraded our DCs to 2008 and our forest; before we had a 2003 DC running.

As far as the virtual suggesstions, I've run DCs in a virtual environment. I had 2 virtual at our main location and a 3rd at a remote site that was physical. I know people that don't like to run DCs virtually, but I've never had a single issue. The only thing I would make sure that your DCs get their time from a public source at not the host server. Also, don't do any type of snapshotting for protection of the DCs- your objects in AD change very often and recovering from a snapshot will cause unexpected results.

And I would not recommend running your Hyper-V host box as a domain controller. That's just my recommendation.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Leon FesterSenior Solutions ArchitectCommented:
Microsoft support 2008 and higher Domain Controllers on Hyper-V.

Have a read through the planning guide for DC virtualization.
http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=ws.10).aspx
0
Svet PaperovIT ManagerCommented:
The only issue with all DC in virtual environment will be if you want to put the host servers in the same domain: you could end up unable to logon on the Hyper-V host servers if all DC are down.

I would recommend placing the Hyper-V servers on dedicated IP subnet and domain/workgroup. I am running two Hyper-V servers in a workgroup hosting my both domain controllers. In such configuration you do not depend on the DC to logon on the host servers. The only tricky part is configuring remote management with Hyper-V Manager but it works thanks to HVRemote http://archive.msdn.microsoft.com/HVRemote and http://blogs.technet.com/b/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx. Unfortunately, we still don’t have a version of HVRemote that works with Hyper-V 2012 and Windows 8.
0
palicosCommented:
I'm supposed to say something about best practices. Don't enable any other roles in the parent partition (i.e., the physical Hyper-V server), don't run any applications in the parent partition, have a second physical server for AD, etc.

Using separate physical drives like you are planning to do is a great idea.
For instance, suppose, if you have 32 GB of ram, make sure that you don't allocate more than 30 GB of ram to the running virtual machines. In your case, you need to hold back more than 2 GB of ram. Find the amount of ram used by a physical domain controller and add 2 GB to that to come up with your custom hold back amount.

Refer this link

http://support.microsoft.com/kb/888794?wa=wsignin1.0

Running your ONLY DCs as virtuals will work fine.  I run many small networks consiting of a single blade servers running Win2008R2 SP1 w/Hyper-V and all the resources are virtual servers and PCs on that same single blade.  When booting a blade from scratch the Hyper-V services start, I have my DC VMs set to autostart first with the rest delayed to give the DCs time to fully come up.

I may not be too clear but what i have experience I stated that.

Hope it helps you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.