Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Hyper-V host member of its VMs-domain?

Posted on 2014-02-11
Medium Priority
Last Modified: 2014-11-12

I'm planning a new domain (40 Users) and need advice what's the best way:

My plan:

- one physical Hyper-V Server2012  that hosts the Virtual Machines

- and a second physical host to which the first Hyper-V replicates its VMs.

There will be about 4 Virtual machines.

My question:

should those 2 hosts be a member of the internal domain?

Or should I create a new domain just for the 2 Hyper-V hosts?

I want those hosts to be in the same domain because I did not accomplish a replication of VMs between 2 hosts that are not in the same domain. (always getting certificate/FQDN errors)(I tried that before at home, no luck).
If they are in the same domain they can use kerberos.

(And of course I know that VM-Replication is no replacement for backup, all VMs are backed up to a external LTO-5 drive)



btw: there is no "Hyper-V" topic in the "Select Topics" list, am I right?
Question by:lenn0x
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 20

Expert Comment

by:Svet Paperov
ID: 39851079
The best practice is to put the Hyper-V hosts in a dedicated domain but also, they could be member of the internal domain, the one where your management PC resides – that will make the management of the servers easier. The only condition is to keep at least one domain controller out of them, preferably on a physical server.
LVL 59

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 39852038
If the DC(s) will all be running on one host then you really should leave it as a workgroup and not join it to the domain. Heck, I'm not even sure how you'd create a second domain "just" for the hosts without also running ADDS on the host, which will kill the 1+x licensing benefits and also breaks best practices of running Hyper-V alone. And if you create a new DC as a VM just for the hosts, well, you are back to the problem above where the host is dependent on a guest for domain authentication, etc. There is no difference between a separate domain for the hosts or just joining the hosts to the domain of the other VMs if the DC is a guest on that host. No benefit.

You really have three options.

Run multiple *live* (not just replicating) Hyper-V servers and have a DC VM on each so that a DC is available in case of a hardware failure on one hyper-v server. Then you can join the host to the domain just fine.

Run a physical DC alone. Something like an HP Microserver can hold this role. This is really a variation on the theme above where a DC remains available to the host. And again,  you wouldn't want the physical machine to be the only DC. A VM could step in for redundancy.

Or, suffer through getting replication working with certificates. It *can* work with both machines in a workgroup. It isn't easy. But once set up, it is pretty bullet-proof. And where you can't extend out your environment to meet either of the first two options, sometimes it is the only way to go, even with the pain.

LVL 39

Expert Comment

by:Philip Elder
ID: 39852149
I second Cliff.

We've been in enough harrowing situations where someone had joined the host to the domain, the DC was offline, and because authentication was not available we were not able to make any changes.

HVRemote by John Howard is the best tool for the job with excellent instructions provided to set up RSAT management of the workgroup host via a domain Windows desktop OS: http://bit.ly/13pOYph

When we have two Hyper-V hosts we run one DC on each host and then we join the hosts to the domain.

Besides AD redundancy we also set up DHCP Failover (2012+) on both DCs.

If you have one file services VM that would serve well to be replicated. Just be careful with database driven apps.


Author Comment

ID: 39855631
Thank you!

Ok, good points.

I will try again to get replication working with certificates.



Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
August and September have been big months for VMware—from VMworld last month to our new Course of the Month in VMware Professional - Data Center Virtualization. We reached out to Andrew Hancock, resident VMware vExpert, to have a more in-depth discu…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question