Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Hyper-V host on the domain when DC is its guest

Posted on 2016-09-15
6
Medium Priority
?
117 Views
Last Modified: 2016-09-29
I only have one license of Windows server 2012 R2, and I am running 1 DC and 1 file server at a remote location.
Do I want to put this host on the domain whose DC is its guest?

It is a very small environment, so I really don't need 2 DCs. I am wondering if I leave the host as is (workgroup), or put it on the domain.
0
Comment
Question by:Member_2_7970390
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 332 total points
ID: 41800732
With 2012 and newer, both are options. I prefer joining to the domain as management is he really easier. But 2008 era folks still get nervous, so personal preference.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 332 total points
ID: 41801054
Agree with Cliff.  I literally just got home from setting up a system and I joined it to the domain.  But there's not of a difference either way.
0
 
LVL 39

Assisted Solution

by:Philip Elder
Philip Elder earned 332 total points
ID: 41801943
Our preference for standalone Hyper-V settings is to leave the host in a workgroup.

While not foolproof, it offers a bit of a security barrier between the production network and the host which is vital to that network's functioning.

Our primary reason though is it just works.

Management is done via RSAT, RDP inbound rules on the firewall, or Intel RMM/iDRAC Enterprise/iLO Advanced.

EDIT: RSAT method requires some changes via John Howard's HVRemote setup. We don't use RSAT we just log on. :)
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 2

Accepted Solution

by:
Tarmo Kabonen earned 1004 total points
ID: 41803115
It is a bad choice to add Hyper-V host to domain if there is no second DC out of the host itself. There is no good way to get updates from GPO when guest (DC host)  is down “yet” when system is restarting. Yes, it can be updated manually, but it is not a good solution to do it. If You have one extra DC outside of this host, then it is OK. I would recommend not to join host to domain and leave it as workgroup.
Other issue is time drift in the domain if guest is only DC and host is domain member. You HAVE to leave synchronization of system time inside of Hyper-V guest settings unchecked, it keeps whole domain system time steady.
0
 

Author Comment

by:Member_2_7970390
ID: 41806929
Dear all,
Thank you for your comments. First it seemed that it would be easier to manage if I put the hyper-v on the domain, but there may be potential issues like kapsionu pointed out. So I decided to leave it without joining the domain.

Now I just have to go through how to manage the host from another 2012 R2 machine. It sounds a bit complicated, but it is just one-time thing.
0
 
LVL 2

Assisted Solution

by:Tarmo Kabonen
Tarmo Kabonen earned 1004 total points
ID: 41807125
RDP and port forward is enough, RSAT is a little bit overkill if no vpn or dedicated connection between locations involved.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question