Solved

Hyper-V host on the domain when DC is its guest

Posted on 2016-09-15
6
103 Views
Last Modified: 2016-09-29
I only have one license of Windows server 2012 R2, and I am running 1 DC and 1 file server at a remote location.
Do I want to put this host on the domain whose DC is its guest?

It is a very small environment, so I really don't need 2 DCs. I am wondering if I leave the host as is (workgroup), or put it on the domain.
0
Comment
Question by:Member_2_7970390
6 Comments
 
LVL 58

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 83 total points
ID: 41800732
With 2012 and newer, both are options. I prefer joining to the domain as management is he really easier. But 2008 era folks still get nervous, so personal preference.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 83 total points
ID: 41801054
Agree with Cliff.  I literally just got home from setting up a system and I joined it to the domain.  But there's not of a difference either way.
0
 
LVL 38

Assisted Solution

by:Philip Elder
Philip Elder earned 83 total points
ID: 41801943
Our preference for standalone Hyper-V settings is to leave the host in a workgroup.

While not foolproof, it offers a bit of a security barrier between the production network and the host which is vital to that network's functioning.

Our primary reason though is it just works.

Management is done via RSAT, RDP inbound rules on the firewall, or Intel RMM/iDRAC Enterprise/iLO Advanced.

EDIT: RSAT method requires some changes via John Howard's HVRemote setup. We don't use RSAT we just log on. :)
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 2

Accepted Solution

by:
kapsionu earned 251 total points
ID: 41803115
It is a bad choice to add Hyper-V host to domain if there is no second DC out of the host itself. There is no good way to get updates from GPO when guest (DC host)  is down “yet” when system is restarting. Yes, it can be updated manually, but it is not a good solution to do it. If You have one extra DC outside of this host, then it is OK. I would recommend not to join host to domain and leave it as workgroup.
Other issue is time drift in the domain if guest is only DC and host is domain member. You HAVE to leave synchronization of system time inside of Hyper-V guest settings unchecked, it keeps whole domain system time steady.
0
 

Author Comment

by:Member_2_7970390
ID: 41806929
Dear all,
Thank you for your comments. First it seemed that it would be easier to manage if I put the hyper-v on the domain, but there may be potential issues like kapsionu pointed out. So I decided to leave it without joining the domain.

Now I just have to go through how to manage the host from another 2012 R2 machine. It sounds a bit complicated, but it is just one-time thing.
0
 
LVL 2

Assisted Solution

by:kapsionu
kapsionu earned 251 total points
ID: 41807125
RDP and port forward is enough, RSAT is a little bit overkill if no vpn or dedicated connection between locations involved.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question