Solved

Windows 2012 R2 Host

Posted on 2014-12-03
13
81 Views
Last Modified: 2014-12-10
We have setup a variety of W2012 R2 Host running Hyper-V that house various W2012 virtual clients. As part of our setup we always keep the Host on a workgroup and never join in to the local domain. In one particular setup we have been asked to join the Host to the domain

Can anyone provide a kb article as to whether or not it is a good practice to join a W2012 Host to a domain?
0
Comment
Question by:bnrtech
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 6

Accepted Solution

by:
Thomas Wheeler earned 250 total points
ID: 40480017
I don't have a specific kb but I join my hosts to the domain without issue.
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 40480019
Microsoft invested a lot of resources in making it safer to join hyper-V hosts to a domain in 2012 and beyond. I am unaware of any single KB article, but the various notes are spread across the "what's new" documents for various roles. It is considered by most to be a safe practice with 2012 and 2012 R2 now.
0
 

Author Comment

by:bnrtech
ID: 40480029
Thomas and Cliff - Thank you both. I am going to research a bit more as the site that this project applies to is asking us for documented confirmation.

Am I correct in thinking that your Hyper-V session to the virtual clients works in a normal fashion?

If it matters any....we already have the virtual clients up and running and now they are asking us to join the host to the domain
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40480048
Joining the host to the domain allows the server to be managed centrally, group policy, etc. It doesn't directly impact VMs on its own.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480062
Hey! I'm guessing you want more of the security aspect of it

http://www.altaro.com/hyper-v/7-keys-to-hyper-v-security/

Now here's a why it would be a bad idea for that windows 2012 r2 server to be a DC

http://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/

a different one -> http://www.altaro.com/hyper-v/demystifying-virtualized-domain-controllers-part-1-myths/

Here's one from Microsoft -> http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx

And finally one about windows 2012 having Active directory running on it - http://windowsitpro.com/identity-management/virtualization-safe-active-directory-windows-server-2012

:) let me know if this helped
0
 

Author Comment

by:bnrtech
ID: 40480066
Understood. In the morning I will see if I can get everyone on board with joining it to the domain and then report back. I searched quite a bit on the Internet and I cannot find any documentation that points to it being good or bad
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 7

Expert Comment

by:Network Zero
ID: 40480075
http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx

This article by a Microsoft Engineers explains why it's a bad idea but it has to more with 2008 then 2012.

I would not make it a domain controller at first I would treat like a normal server and make sure it's set up correctly.
0
 

Author Comment

by:bnrtech
ID: 40480080
Francisco - Thank you for these details. In joining to the domain we would not make it a DC and will not be running DNS, DHCP, Exchange or SQL. Our plan is to add it only as a normal server.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480085
Sounds good. At my company we have a large number of virtual servers on domains, I would actually be more concerned about the firewall then the practice it's self.

There's even company's out there that have all there servers running virtually using Hypher-V, Xenserver or V sphere.

 One really good thing about having a server on a domain is being able to backup the VHDX hard drive and keep it on say a raid 1, good for diaster recovery scenario's.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40480086
@Francisco: I don't think the OP ever mentioned making the host a DC. There is a big difference between discussing joining an existing domain as a member server and adding a new role, such as ADDS. While what you've posted is in fact accurate, it is based on an inference I'm not seeing.
0
 
LVL 7

Expert Comment

by:Network Zero
ID: 40480092
@Cliff: My apologizes - I'm referencing the closest thing I found to a KB article from a Microsoft engineer "The Domain Controller Dilemma" - http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx - He discussed not adding a Hyper V server on to a domain particularly running as a DC"  I did take into consideration that it was written in 2008 so it may not 100% directly go with 2012 R2.

Most of the reference material I found directly go against having a Hyper-V server running as DC - Personally I'm not 100% agreeing with the data - I've seen tons of Virtual server running as DC. But he asked for a article so that's where I quoted that from.
0
 

Assisted Solution

by:bnrtech
bnrtech earned 0 total points
ID: 40482826
We joined to the domain and all looks good. It took a lot of searching but I finally did find this reference on the web....

http://technet.microsoft.com/en-us/library/ee941123%28v=ws.10%29.aspx
0
 

Author Closing Comment

by:bnrtech
ID: 40490915
my post notes a MS article as a reference for details
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now