Solved

is it a good idea to virtualize AD in 2012 R2 with Hyper V ?

Posted on 2015-01-28
10
93 Views
Last Modified: 2015-02-11
I will be migrating from SBS 2003 to Win 2012 R2 with Exchange 2013.
I will definetly virtulaize Exchange and the file server portion of SBS, but do I want to keep AD running on the host so it boots with AD and the host is part of the domain, and maybe have VM as BDC  or do I want the host to be a "stand alone" with virtualized AD server in the domain ?
Also is there a clear migrationpath writen for SBS 03 to Win 2012 R2 somewhere ?
0
Comment
Question by:JPD153
10 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 40575461
It is completely safe to run your domain controllers in a virtualized environment using 2012 domain controllers. There are however things to conciser and best practices to ensure that you are doing this correctly.

Hyper-v virtualized domain controllers 2012

Personally though i always like to keep at least one domain controller physical (if you can afford to) to ensure that i have domain controller outside of the virtual environment. If something happens to your Hyper-v hosts then you have lost all authentication in your domain.

I know that there are a lot of methods to migrated VM's seamlessly and load balance across multiple hosts but if your host are in the same physical enclosure or rack you need to conciser things like power network paths etc.

Maybe i am being a little over the top but I find more piece of mind if i have 1 physical DC.

Will.
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40575479
I agree with Will... Unless you're going to have two physical hyper-V hosts, I would definitely make one physical DC available in addition to the virtual.  That is, unless it's too cost prohibitive to operate two servers, in which case either configuration will work.  (If you only got one, you only got one.)

If you virtualize, make sure you have both a host level backup and a Guest level backup of the VM, so that if you need to in a pinch, you can recover the VM to another physical box if you get in a pinch.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 40575527
Leave the host as a GUI enabled server in a workgroup.  Your Microsoft licensing for Server 2012 R2 allows for 2 VMs PROVIDED that the host does NOTHING other than Hyper-V and supporting features - no other ROLES can be installed, including AD.  While you CAN make the host a member of the domain run by the VM, I wouldn't - there's little reason to if it's JUST your host and indeed it CAN be a little more secure that way.
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 40575546
The host should not be a DC. Hyper-V only. In standalone settings we leave the host in a workgroup since one can hit the chicken or the egg if the DC is offline and there are problems.

We have done a _lot_ of SBS to SBS (what we call our Small Business Solution) migrations from SBS 2003 through to 2011.

AD is fairly straightforward. One needs to watch out for the Kerberos Event ID 4 errors. There is a hotfox/KB on Microsoft's site for that.

Exchange is a two-step process. Temp VM with 2008 R2 up to date and Exchange 2010 SP3 UR8v2. Migrate the entire Exchange to 2010 then remove Exchange on SBS 2003.

From there migrate Ex10 to Ex13 CU7 following the online guides. They are pretty good. We have a lot of resources on our blog.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40575663
If you have TWO hyper-V hosts,  you can deploy 1 virtual DC each on both hosts so that you don't need physical server only for DC
With 2012 \ 2012 R2 MS has taken care of USN roll back issue which does exists in previous DC version (pre windows 2012)
U need to ensure that both DC ips are defined on clients as primary and secondary so that even if one Hyper-V host gone down, still clients will be able to connect to other DC
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 38

Expert Comment

by:Philip Elder
ID: 40575698
Where we have two hosts as Mahesh suggests we run two DCs. One on each. One will hold FSMO Roles and be domain time authority.

We set up the PDCe to poll one of the hosts for time as NTP.ORG will send a Kiss-o-Death packet if we poll too frequently.

We set up our PDCe using the following steps: Hyper-V: Preparing A High Load VM For Time Skew steps 4 through 8. If using the host then remove the reliable variable in the assignment step. You would also need to open NTP UDP 123 in the host's firewall.

EDIT: We would set up DHCP Failover on both DCs to keep things humming along if one DC goes offline.
0
 

Author Closing Comment

by:JPD153
ID: 40603960
Still trying to fiigure the best migration path from SBS 2003 to WInd 21012 R2
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 40604012
SBS 2003 would be migrated to the following at the minimum:
 + VM: DC
 + VM: Exchange 2013
 + VM: RDS
 + VM: LoB
0
 

Author Comment

by:JPD153
ID: 40604060
I was just think ig about 2 VMs : AD and Exch
What is LoB ?
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 40604602
LoB is Line of Business applications.

We put WSUS, database setups, and line of business application backends on this VM. RDS is self-explanatory. It gets RDSH, RD Gateway, and RemoteApp for remote delivery of the client's LoBs.

All of our clients utilize RDS.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now