Virtualising Windows Domain controllers?

[NathanE]

As OC says, why would you want/need a host to be a member of a domain?.

I don't know but it just seemed "wrong" to leave them off the domain.

That's how I have them at the moment and it sounds like I may well be leaving them that way. Which is fine as at least some people here agree having circular dependencies is bad

 

[zetec452]

At my last work place I virtualized both DC's but had one DC on local storage on a ESX server and the other on the redundant SAN storage. The DC's were never on the same ESX server (different clusters). At least if the SAN dies AD is still alive.

So you could have something like this:
Server 1 physical (host) - Non domain
-- Server 2 virtual (client) DC - SAN storage
-- Server 3

Server 4 physical (host) - Non domain
-- Server 5 virtual (client) DC - Local disk storage
-- Server 6

Gives you a little redundancy for the DC's and you are not playing with fire in having a virtual host as a member server or DC.

 

[oddjob62]

Just a note, the hosts will need to be on the domain if you want to cluster them.

 

[zetec452]

Just a note, the hosts will need to be on the domain if you want to cluster them.

That sucks a little. So essentially you need to have a physical DC outside of the virtual environment.

 

[CraigN]

I always keep one physical domain controller just for easy of a fast shutdown. After experiencing issues when doing a full shutdown only to find was unable to get onto our virtual management server due to the AD integration

 

[zetec452]

yeah, that's never good. .

IMO this is where Hyper-V loses to the likes of VMWare. Personally I feel that the virtual clusters should be completely dependant of any central authentication scheme, i.e AD. I know VMWare uses AD for auth, but even if AD is down you can still run a VMWare cluster.

 

[madman045]

This is a good series on the subject

http://www.virtualizationadmin.com/...ns-virtualizing-domain-controllers-part1.html