Windows 2012 -- domain controller & file server on same VM ?

I have 2+ Windows licenses, therefore I am thinking about NO
longer having my domain controller & file server on same VM,
instead putting them on two different VMs.

I assume having them on two different VMs is recommended
by Microsoft/etc so you can easily upgrade/rename/etc a
DC later without effecting the file server ?
finance_teacherAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
If security matters (and it should :), of course the best practice is to use the DC for nothing else but the AD. Renaming and so on would not even be discussed, then.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Depends on the business size.  You ARE adding management costs for each VM you use.  If you're a larger business where a momentary disruption to your users will cause significant lost productivity, it may well be worth it... if it's an office of 10 people, it may not.  Often it could be better to move other resource intensive functionality on the second vM - like a SQL server or RDS server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
Security is a concern but in my view, file server on a DC is a minimal risk for most organizations with only one or two servers.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

McKnifeCommented:
I wouldn't easily agree. With the funny exploits that are out there, it is not too unrealistic that simple write access to a share would be able to somehow compromise the server. On DCs, there are file services installed by default, but no share offers write access to users.
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
With someone mentioning here about adding management costs which is not really an issue.  With virtualization, there is no real cost associated (with the exception of anti-virus license cost).  Separating them actually lowers risks and increases uptime for users (i.e. no users connection to the file and print server will be affected if maintenance is required on the DC, etc.).  It also lowers the surface attack area on the DC as there will be no shares on the DC as well as no printer drivers installed.
0
McKnifeCommented:
If you don't mind: No shares on your DC? I'd like to see that :-) sysvol is where, then?
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
I should have been clear in saying no additional shares.  Sysvol is shared, however, how many users have read/write privileges to Sysvol folder?
0
McKnifeCommented:
Still no users, like I noted in my comment before?
0
Mal OsborneAlpha GeekCommented:
My preference on smallish HyperV sites is to have a physical DC, and a second one as a VM.  The Physical DC need not be anything special, and old desktop PC is usually fine, particularly if you can install a second HDD for mirroring. A 5 year old  i3 with 2Gb RAM is more than enough.

Microsoft best practice is to not virtualize a PDC emulator, and to have at least two DCs.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.