Solved

Windows 2012 R2 Host

Posted on 2014-12-03
13
91 Views
Last Modified: 2014-12-10
We have setup a variety of W2012 R2 Host running Hyper-V that house various W2012 virtual clients. As part of our setup we always keep the Host on a workgroup and never join in to the local domain. In one particular setup we have been asked to join the Host to the domain

Can anyone provide a kb article as to whether or not it is a good practice to join a W2012 Host to a domain?
0
Comment
Question by:bnrtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 7

Accepted Solution

by:
Thomas Wheeler earned 250 total points
ID: 40480017
I don't have a specific kb but I join my hosts to the domain without issue.
0
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 40480019
Microsoft invested a lot of resources in making it safer to join hyper-V hosts to a domain in 2012 and beyond. I am unaware of any single KB article, but the various notes are spread across the "what's new" documents for various roles. It is considered by most to be a safe practice with 2012 and 2012 R2 now.
0
 

Author Comment

by:bnrtech
ID: 40480029
Thomas and Cliff - Thank you both. I am going to research a bit more as the site that this project applies to is asking us for documented confirmation.

Am I correct in thinking that your Hyper-V session to the virtual clients works in a normal fashion?

If it matters any....we already have the virtual clients up and running and now they are asking us to join the host to the domain
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40480048
Joining the host to the domain allows the server to be managed centrally, group policy, etc. It doesn't directly impact VMs on its own.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480062
Hey! I'm guessing you want more of the security aspect of it

http://www.altaro.com/hyper-v/7-keys-to-hyper-v-security/

Now here's a why it would be a bad idea for that windows 2012 r2 server to be a DC

http://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/

a different one -> http://www.altaro.com/hyper-v/demystifying-virtualized-domain-controllers-part-1-myths/

Here's one from Microsoft -> http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx

And finally one about windows 2012 having Active directory running on it - http://windowsitpro.com/identity-management/virtualization-safe-active-directory-windows-server-2012

:) let me know if this helped
0
 

Author Comment

by:bnrtech
ID: 40480066
Understood. In the morning I will see if I can get everyone on board with joining it to the domain and then report back. I searched quite a bit on the Internet and I cannot find any documentation that points to it being good or bad
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480075
http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx

This article by a Microsoft Engineers explains why it's a bad idea but it has to more with 2008 then 2012.

I would not make it a domain controller at first I would treat like a normal server and make sure it's set up correctly.
0
 

Author Comment

by:bnrtech
ID: 40480080
Francisco - Thank you for these details. In joining to the domain we would not make it a DC and will not be running DNS, DHCP, Exchange or SQL. Our plan is to add it only as a normal server.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480085
Sounds good. At my company we have a large number of virtual servers on domains, I would actually be more concerned about the firewall then the practice it's self.

There's even company's out there that have all there servers running virtually using Hypher-V, Xenserver or V sphere.

 One really good thing about having a server on a domain is being able to backup the VHDX hard drive and keep it on say a raid 1, good for diaster recovery scenario's.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40480086
@Francisco: I don't think the OP ever mentioned making the host a DC. There is a big difference between discussing joining an existing domain as a member server and adding a new role, such as ADDS. While what you've posted is in fact accurate, it is based on an inference I'm not seeing.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480092
@Cliff: My apologizes - I'm referencing the closest thing I found to a KB article from a Microsoft engineer "The Domain Controller Dilemma" - http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx - He discussed not adding a Hyper V server on to a domain particularly running as a DC"  I did take into consideration that it was written in 2008 so it may not 100% directly go with 2012 R2.

Most of the reference material I found directly go against having a Hyper-V server running as DC - Personally I'm not 100% agreeing with the data - I've seen tons of Virtual server running as DC. But he asked for a article so that's where I quoted that from.
0
 

Assisted Solution

by:bnrtech
bnrtech earned 0 total points
ID: 40482826
We joined to the domain and all looks good. It took a lot of searching but I finally did find this reference on the web....

http://technet.microsoft.com/en-us/library/ee941123%28v=ws.10%29.aspx
0
 

Author Closing Comment

by:bnrtech
ID: 40490915
my post notes a MS article as a reference for details
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question