Link to home
Start Free TrialLog in
Avatar of JPD153
JPD153Flag for United States of America

asked on

is it a good idea to virtualize AD in 2012 R2 with Hyper V ?

I will be migrating from SBS 2003 to Win 2012 R2 with Exchange 2013.
I will definetly virtulaize Exchange and the file server portion of SBS, but do I want to keep AD running on the host so it boots with AD and the host is part of the domain, and maybe have VM as BDC  or do I want the host to be a "stand alone" with virtualized AD server in the domain ?
Also is there a clear migrationpath writen for SBS 03 to Win 2012 R2 somewhere ?
ASKER CERTIFIED SOLUTION
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Trenton Knew
Trenton Knew

I agree with Will... Unless you're going to have two physical hyper-V hosts, I would definitely make one physical DC available in addition to the virtual.  That is, unless it's too cost prohibitive to operate two servers, in which case either configuration will work.  (If you only got one, you only got one.)

If you virtualize, make sure you have both a host level backup and a Guest level backup of the VM, so that if you need to in a pinch, you can recover the VM to another physical box if you get in a pinch.
Leave the host as a GUI enabled server in a workgroup.  Your Microsoft licensing for Server 2012 R2 allows for 2 VMs PROVIDED that the host does NOTHING other than Hyper-V and supporting features - no other ROLES can be installed, including AD.  While you CAN make the host a member of the domain run by the VM, I wouldn't - there's little reason to if it's JUST your host and indeed it CAN be a little more secure that way.
The host should not be a DC. Hyper-V only. In standalone settings we leave the host in a workgroup since one can hit the chicken or the egg if the DC is offline and there are problems.

We have done a _lot_ of SBS to SBS (what we call our Small Business Solution) migrations from SBS 2003 through to 2011.

AD is fairly straightforward. One needs to watch out for the Kerberos Event ID 4 errors. There is a hotfox/KB on Microsoft's site for that.

Exchange is a two-step process. Temp VM with 2008 R2 up to date and Exchange 2010 SP3 UR8v2. Migrate the entire Exchange to 2010 then remove Exchange on SBS 2003.

From there migrate Ex10 to Ex13 CU7 following the online guides. They are pretty good. We have a lot of resources on our blog.
If you have TWO hyper-V hosts,  you can deploy 1 virtual DC each on both hosts so that you don't need physical server only for DC
With 2012 \ 2012 R2 MS has taken care of USN roll back issue which does exists in previous DC version (pre windows 2012)
U need to ensure that both DC ips are defined on clients as primary and secondary so that even if one Hyper-V host gone down, still clients will be able to connect to other DC
Where we have two hosts as Mahesh suggests we run two DCs. One on each. One will hold FSMO Roles and be domain time authority.

We set up the PDCe to poll one of the hosts for time as NTP.ORG will send a Kiss-o-Death packet if we poll too frequently.

We set up our PDCe using the following steps: Hyper-V: Preparing A High Load VM For Time Skew steps 4 through 8. If using the host then remove the reliable variable in the assignment step. You would also need to open NTP UDP 123 in the host's firewall.

EDIT: We would set up DHCP Failover on both DCs to keep things humming along if one DC goes offline.
Avatar of JPD153

ASKER

Still trying to fiigure the best migration path from SBS 2003 to WInd 21012 R2
SBS 2003 would be migrated to the following at the minimum:
 + VM: DC
 + VM: Exchange 2013
 + VM: RDS
 + VM: LoB
Avatar of JPD153

ASKER

I was just think ig about 2 VMs : AD and Exch
What is LoB ?
LoB is Line of Business applications.

We put WSUS, database setups, and line of business application backends on this VM. RDS is self-explanatory. It gets RDSH, RD Gateway, and RemoteApp for remote delivery of the client's LoBs.

All of our clients utilize RDS.