Domain Controller on a 2008 R2 Server host Hyper-V servers

Posted on 2013-01-09
Last Modified: 2016-11-23
Hi, we have several ( 4 with an additional spare ) new Dell servers that are all set up with Hyper-V and each is hosting several virtual machines on them. We have a 2003 AD and want to upgrade to 2008 AD and remove the 2003 64-bit domain controllers (older physical computers). Doing the research it looks like it is not recommended to put all of your DCs (or any according to some) on a virtual machine. Need some opinion on that, but also on if it is safe to make the actual hosting server a DC knowing that I can't reboot it without killing all of the VMs on that host. I rarely ever have to do a non-scheduled reboot of a DC so I'm anticipating the same once we go to 2008 DCs. Opinions requested for best way to go. I would like to add two DCs. Also, I have a remote location with a 2003 DC that I can't replace right now. Can it remain as a DC even though it is 2003 or do I have to remove that role from it?

Question by:OGDITAdmin

Accepted Solution

tpitch-ssemc earned 167 total points
ID: 38760122
I would recommend at least 1 physical DC. You can upgrade to 2008 and still keep your 2003 DC until such time you can replace it. Just don't upgrade your Forest to a 2008 only domain (which is a manual process). We just recently upgraded our DCs to 2008 and our forest; before we had a 2003 DC running.

As far as the virtual suggesstions, I've run DCs in a virtual environment. I had 2 virtual at our main location and a 3rd at a remote site that was physical. I know people that don't like to run DCs virtually, but I've never had a single issue. The only thing I would make sure that your DCs get their time from a public source at not the host server. Also, don't do any type of snapshotting for protection of the DCs- your objects in AD change very often and recovering from a snapshot will cause unexpected results.

And I would not recommend running your Hyper-V host box as a domain controller. That's just my recommendation.
LVL 26

Expert Comment

by:Leon Fester
ID: 38760998
Microsoft support 2008 and higher Domain Controllers on Hyper-V.

Have a read through the planning guide for DC virtualization.
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 166 total points
ID: 38761282
The only issue with all DC in virtual environment will be if you want to put the host servers in the same domain: you could end up unable to logon on the Hyper-V host servers if all DC are down.

I would recommend placing the Hyper-V servers on dedicated IP subnet and domain/workgroup. I am running two Hyper-V servers in a workgroup hosting my both domain controllers. In such configuration you do not depend on the DC to logon on the host servers. The only tricky part is configuring remote management with Hyper-V Manager but it works thanks to HVRemote and Unfortunately, we still don’t have a version of HVRemote that works with Hyper-V 2012 and Windows 8.

Assisted Solution

palicos earned 167 total points
ID: 38762273
I'm supposed to say something about best practices. Don't enable any other roles in the parent partition (i.e., the physical Hyper-V server), don't run any applications in the parent partition, have a second physical server for AD, etc.

Using separate physical drives like you are planning to do is a great idea.
For instance, suppose, if you have 32 GB of ram, make sure that you don't allocate more than 30 GB of ram to the running virtual machines. In your case, you need to hold back more than 2 GB of ram. Find the amount of ram used by a physical domain controller and add 2 GB to that to come up with your custom hold back amount.

Refer this link

Running your ONLY DCs as virtuals will work fine.  I run many small networks consiting of a single blade servers running Win2008R2 SP1 w/Hyper-V and all the resources are virtual servers and PCs on that same single blade.  When booting a blade from scratch the Hyper-V services start, I have my DC VMs set to autostart first with the rest delayed to give the DCs time to fully come up.

I may not be too clear but what i have experience I stated that.

Hope it helps you.

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question