Virtualization of a AD and Exchange on the same Server [closed]
Solution 1:
The recommendation to have a physical DC is not a security recommendation, it is an availability one. In the event of a catastrophic hypervisor failure (bug, exploit, whatever) if your virtualization solution is offline, you still want at least one DC outside of that environment to provide directory services.
Of course, it is entirely possible to go 100% virtual. Instead of keeping a physical host around, some people will have a separate management cluster so that DCs can be run there as well as the production data cluster, which offers some diversity. If an organization does something like vSphere in production and Hyper-V in DR, then they may keep a hot DC in DR and have platform diversity that way. The MS party line is still to keep one physical DC, but there are other ways to accomplish the spirit of that recommendation and be 100% virtual.
Solution 2:
Originally I think this recommendation came from the problems hypervisors had with accurate time (needed for AD for Kerberos authentication). It's also easy to end up with an unintended single point of failure (the physical host, the SAN) if you are in a mid sized environment.
Now days I think the biggest concern is what will you do if you can't login to vCenter