Hyper-V host member of its VMs-domain?

Posted on 2014-02-11
Medium Priority
Last Modified: 2014-11-12

I'm planning a new domain (40 Users) and need advice what's the best way:

My plan:

- one physical Hyper-V Server2012  that hosts the Virtual Machines

- and a second physical host to which the first Hyper-V replicates its VMs.

There will be about 4 Virtual machines.

My question:

should those 2 hosts be a member of the internal domain?

Or should I create a new domain just for the 2 Hyper-V hosts?

I want those hosts to be in the same domain because I did not accomplish a replication of VMs between 2 hosts that are not in the same domain. (always getting certificate/FQDN errors)(I tried that before at home, no luck).
If they are in the same domain they can use kerberos.

(And of course I know that VM-Replication is no replacement for backup, all VMs are backed up to a external LTO-5 drive)



btw: there is no "Hyper-V" topic in the "Select Topics" list, am I right?
Question by:lenn0x
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 20

Expert Comment

by:Svet Paperov
ID: 39851079
The best practice is to put the Hyper-V hosts in a dedicated domain but also, they could be member of the internal domain, the one where your management PC resides – that will make the management of the servers easier. The only condition is to keep at least one domain controller out of them, preferably on a physical server.
LVL 59

Accepted Solution

Cliff Galiher earned 2000 total points
ID: 39852038
If the DC(s) will all be running on one host then you really should leave it as a workgroup and not join it to the domain. Heck, I'm not even sure how you'd create a second domain "just" for the hosts without also running ADDS on the host, which will kill the 1+x licensing benefits and also breaks best practices of running Hyper-V alone. And if you create a new DC as a VM just for the hosts, well, you are back to the problem above where the host is dependent on a guest for domain authentication, etc. There is no difference between a separate domain for the hosts or just joining the hosts to the domain of the other VMs if the DC is a guest on that host. No benefit.

You really have three options.

Run multiple *live* (not just replicating) Hyper-V servers and have a DC VM on each so that a DC is available in case of a hardware failure on one hyper-v server. Then you can join the host to the domain just fine.

Run a physical DC alone. Something like an HP Microserver can hold this role. This is really a variation on the theme above where a DC remains available to the host. And again,  you wouldn't want the physical machine to be the only DC. A VM could step in for redundancy.

Or, suffer through getting replication working with certificates. It *can* work with both machines in a workgroup. It isn't easy. But once set up, it is pretty bullet-proof. And where you can't extend out your environment to meet either of the first two options, sometimes it is the only way to go, even with the pain.

LVL 39

Expert Comment

by:Philip Elder
ID: 39852149
I second Cliff.

We've been in enough harrowing situations where someone had joined the host to the domain, the DC was offline, and because authentication was not available we were not able to make any changes.

HVRemote by John Howard is the best tool for the job with excellent instructions provided to set up RSAT management of the workgroup host via a domain Windows desktop OS: http://bit.ly/13pOYph

When we have two Hyper-V hosts we run one DC on each host and then we join the hosts to the domain.

Besides AD redundancy we also set up DHCP Failover (2012+) on both DCs.

If you have one file services VM that would serve well to be replicated. Just be careful with database driven apps.


Author Comment

ID: 39855631
Thank you!

Ok, good points.

I will try again to get replication working with certificates.



Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question