bnrtech
asked on
Windows 2012 R2 Host
We have setup a variety of W2012 R2 Host running Hyper-V that house various W2012 virtual clients. As part of our setup we always keep the Host on a workgroup and never join in to the local domain. In one particular setup we have been asked to join the Host to the domain
Can anyone provide a kb article as to whether or not it is a good practice to join a W2012 Host to a domain?
Can anyone provide a kb article as to whether or not it is a good practice to join a W2012 Host to a domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Joining the host to the domain allows the server to be managed centrally, group policy, etc. It doesn't directly impact VMs on its own.
Hey! I'm guessing you want more of the security aspect of it
http://www.altaro.com/hyper-v/7-keys-to-hyper-v-security/
Now here's a why it would be a bad idea for that windows 2012 r2 server to be a DC
http://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/
a different one -> http://www.altaro.com/hyper-v/demystifying-virtualized-domain-controllers-part-1-myths/
Here's one from Microsoft -> http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx
And finally one about windows 2012 having Active directory running on it - http://windowsitpro.com/identity-management/virtualization-safe-active-directory-windows-server-2012
:) let me know if this helped
http://www.altaro.com/hyper-v/7-keys-to-hyper-v-security/
Now here's a why it would be a bad idea for that windows 2012 r2 server to be a DC
http://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/
a different one -> http://www.altaro.com/hyper-v/demystifying-virtualized-domain-controllers-part-1-myths/
Here's one from Microsoft -> http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx
And finally one about windows 2012 having Active directory running on it - http://windowsitpro.com/identity-management/virtualization-safe-active-directory-windows-server-2012
:) let me know if this helped
ASKER
Understood. In the morning I will see if I can get everyone on board with joining it to the domain and then report back. I searched quite a bit on the Internet and I cannot find any documentation that points to it being good or bad
http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx
This article by a Microsoft Engineers explains why it's a bad idea but it has to more with 2008 then 2012.
I would not make it a domain controller at first I would treat like a normal server and make sure it's set up correctly.
This article by a Microsoft Engineers explains why it's a bad idea but it has to more with 2008 then 2012.
I would not make it a domain controller at first I would treat like a normal server and make sure it's set up correctly.
ASKER
Francisco - Thank you for these details. In joining to the domain we would not make it a DC and will not be running DNS, DHCP, Exchange or SQL. Our plan is to add it only as a normal server.
Sounds good. At my company we have a large number of virtual servers on domains, I would actually be more concerned about the firewall then the practice it's self.
There's even company's out there that have all there servers running virtually using Hypher-V, Xenserver or V sphere.
One really good thing about having a server on a domain is being able to backup the VHDX hard drive and keep it on say a raid 1, good for diaster recovery scenario's.
There's even company's out there that have all there servers running virtually using Hypher-V, Xenserver or V sphere.
One really good thing about having a server on a domain is being able to backup the VHDX hard drive and keep it on say a raid 1, good for diaster recovery scenario's.
@Francisco: I don't think the OP ever mentioned making the host a DC. There is a big difference between discussing joining an existing domain as a member server and adding a new role, such as ADDS. While what you've posted is in fact accurate, it is based on an inference I'm not seeing.
@Cliff: My apologizes - I'm referencing the closest thing I found to a KB article from a Microsoft engineer "The Domain Controller Dilemma" - http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx - He discussed not adding a Hyper V server on to a domain particularly running as a DC" I did take into consideration that it was written in 2008 so it may not 100% directly go with 2012 R2.
Most of the reference material I found directly go against having a Hyper-V server running as DC - Personally I'm not 100% agreeing with the data - I've seen tons of Virtual server running as DC. But he asked for a article so that's where I quoted that from.
Most of the reference material I found directly go against having a Hyper-V server running as DC - Personally I'm not 100% agreeing with the data - I've seen tons of Virtual server running as DC. But he asked for a article so that's where I quoted that from.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
my post notes a MS article as a reference for details
ASKER
Am I correct in thinking that your Hyper-V session to the virtual clients works in a normal fashion?
If it matters any....we already have the virtual clients up and running and now they are asking us to join the host to the domain