• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 274
  • Last Modified:

Domain Controller on a 2008 R2 Server host Hyper-V servers

Hi, we have several ( 4 with an additional spare ) new Dell servers that are all set up with Hyper-V and each is hosting several virtual machines on them. We have a 2003 AD and want to upgrade to 2008 AD and remove the 2003 64-bit domain controllers (older physical computers). Doing the research it looks like it is not recommended to put all of your DCs (or any according to some) on a virtual machine. Need some opinion on that, but also on if it is safe to make the actual hosting server a DC knowing that I can't reboot it without killing all of the VMs on that host. I rarely ever have to do a non-scheduled reboot of a DC so I'm anticipating the same once we go to 2008 DCs. Opinions requested for best way to go. I would like to add two DCs. Also, I have a remote location with a 2003 DC that I can't replace right now. Can it remain as a DC even though it is 2003 or do I have to remove that role from it?

3 Solutions
I would recommend at least 1 physical DC. You can upgrade to 2008 and still keep your 2003 DC until such time you can replace it. Just don't upgrade your Forest to a 2008 only domain (which is a manual process). We just recently upgraded our DCs to 2008 and our forest; before we had a 2003 DC running.

As far as the virtual suggesstions, I've run DCs in a virtual environment. I had 2 virtual at our main location and a 3rd at a remote site that was physical. I know people that don't like to run DCs virtually, but I've never had a single issue. The only thing I would make sure that your DCs get their time from a public source at not the host server. Also, don't do any type of snapshotting for protection of the DCs- your objects in AD change very often and recovering from a snapshot will cause unexpected results.

And I would not recommend running your Hyper-V host box as a domain controller. That's just my recommendation.
Leon FesterSenior Solutions ArchitectCommented:
Microsoft support 2008 and higher Domain Controllers on Hyper-V.

Have a read through the planning guide for DC virtualization.
Svet PaperovIT ManagerCommented:
The only issue with all DC in virtual environment will be if you want to put the host servers in the same domain: you could end up unable to logon on the Hyper-V host servers if all DC are down.

I would recommend placing the Hyper-V servers on dedicated IP subnet and domain/workgroup. I am running two Hyper-V servers in a workgroup hosting my both domain controllers. In such configuration you do not depend on the DC to logon on the host servers. The only tricky part is configuring remote management with Hyper-V Manager but it works thanks to HVRemote http://archive.msdn.microsoft.com/HVRemote and http://blogs.technet.com/b/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx. Unfortunately, we still don’t have a version of HVRemote that works with Hyper-V 2012 and Windows 8.
I'm supposed to say something about best practices. Don't enable any other roles in the parent partition (i.e., the physical Hyper-V server), don't run any applications in the parent partition, have a second physical server for AD, etc.

Using separate physical drives like you are planning to do is a great idea.
For instance, suppose, if you have 32 GB of ram, make sure that you don't allocate more than 30 GB of ram to the running virtual machines. In your case, you need to hold back more than 2 GB of ram. Find the amount of ram used by a physical domain controller and add 2 GB to that to come up with your custom hold back amount.

Refer this link


Running your ONLY DCs as virtuals will work fine.  I run many small networks consiting of a single blade servers running Win2008R2 SP1 w/Hyper-V and all the resources are virtual servers and PCs on that same single blade.  When booting a blade from scratch the Hyper-V services start, I have my DC VMs set to autostart first with the rest delayed to give the DCs time to fully come up.

I may not be too clear but what i have experience I stated that.

Hope it helps you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now