Solved

Windows 2012 R2 Host

Posted on 2014-12-03
13
90 Views
Last Modified: 2014-12-10
We have setup a variety of W2012 R2 Host running Hyper-V that house various W2012 virtual clients. As part of our setup we always keep the Host on a workgroup and never join in to the local domain. In one particular setup we have been asked to join the Host to the domain

Can anyone provide a kb article as to whether or not it is a good practice to join a W2012 Host to a domain?
0
Comment
Question by:bnrtech
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 7

Accepted Solution

by:
Thomas Wheeler earned 250 total points
ID: 40480017
I don't have a specific kb but I join my hosts to the domain without issue.
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 40480019
Microsoft invested a lot of resources in making it safer to join hyper-V hosts to a domain in 2012 and beyond. I am unaware of any single KB article, but the various notes are spread across the "what's new" documents for various roles. It is considered by most to be a safe practice with 2012 and 2012 R2 now.
0
 

Author Comment

by:bnrtech
ID: 40480029
Thomas and Cliff - Thank you both. I am going to research a bit more as the site that this project applies to is asking us for documented confirmation.

Am I correct in thinking that your Hyper-V session to the virtual clients works in a normal fashion?

If it matters any....we already have the virtual clients up and running and now they are asking us to join the host to the domain
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40480048
Joining the host to the domain allows the server to be managed centrally, group policy, etc. It doesn't directly impact VMs on its own.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480062
Hey! I'm guessing you want more of the security aspect of it

http://www.altaro.com/hyper-v/7-keys-to-hyper-v-security/

Now here's a why it would be a bad idea for that windows 2012 r2 server to be a DC

http://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/

a different one -> http://www.altaro.com/hyper-v/demystifying-virtualized-domain-controllers-part-1-myths/

Here's one from Microsoft -> http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx

And finally one about windows 2012 having Active directory running on it - http://windowsitpro.com/identity-management/virtualization-safe-active-directory-windows-server-2012

:) let me know if this helped
0
 

Author Comment

by:bnrtech
ID: 40480066
Understood. In the morning I will see if I can get everyone on board with joining it to the domain and then report back. I searched quite a bit on the Internet and I cannot find any documentation that points to it being good or bad
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480075
http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx

This article by a Microsoft Engineers explains why it's a bad idea but it has to more with 2008 then 2012.

I would not make it a domain controller at first I would treat like a normal server and make sure it's set up correctly.
0
 

Author Comment

by:bnrtech
ID: 40480080
Francisco - Thank you for these details. In joining to the domain we would not make it a DC and will not be running DNS, DHCP, Exchange or SQL. Our plan is to add it only as a normal server.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480085
Sounds good. At my company we have a large number of virtual servers on domains, I would actually be more concerned about the firewall then the practice it's self.

There's even company's out there that have all there servers running virtually using Hypher-V, Xenserver or V sphere.

 One really good thing about having a server on a domain is being able to backup the VHDX hard drive and keep it on say a raid 1, good for diaster recovery scenario's.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40480086
@Francisco: I don't think the OP ever mentioned making the host a DC. There is a big difference between discussing joining an existing domain as a member server and adding a new role, such as ADDS. While what you've posted is in fact accurate, it is based on an inference I'm not seeing.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480092
@Cliff: My apologizes - I'm referencing the closest thing I found to a KB article from a Microsoft engineer "The Domain Controller Dilemma" - http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx - He discussed not adding a Hyper V server on to a domain particularly running as a DC"  I did take into consideration that it was written in 2008 so it may not 100% directly go with 2012 R2.

Most of the reference material I found directly go against having a Hyper-V server running as DC - Personally I'm not 100% agreeing with the data - I've seen tons of Virtual server running as DC. But he asked for a article so that's where I quoted that from.
0
 

Assisted Solution

by:bnrtech
bnrtech earned 0 total points
ID: 40482826
We joined to the domain and all looks good. It took a lot of searching but I finally did find this reference on the web....

http://technet.microsoft.com/en-us/library/ee941123%28v=ws.10%29.aspx
0
 

Author Closing Comment

by:bnrtech
ID: 40490915
my post notes a MS article as a reference for details
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows 2012 kms activation issue 3 32
ADFS Setup 4 40
Windows updates manual or  automatic 2 32
How to manage Hyper-V 2016 from Windows 7 Pro 2 43
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question