I have a dilemma about how to proceed with new AD / Hyper-V installation and would appreciate your views, experience and advice.

Situation: we are a small company with single site (25 users) and few virtualized servers (Websense, SQL, Linux mail server, ISS, app server, ...), all running as VM guests on 2008 R2 Hyper-V host that has also Fileserver, Fax server, DNS and AD roles installed (I am aware this is not recommended). None of those servers is under heavy load, but we need all of them due to the nature of our business. This configuration was running ok for years.

We've now decided to move to a new hardware and Hyper-V version 2012 r2. Options of what to install on top of what with related questions:

1) Keep the same approach --> Physical server has Hyper-V, File server, AD, DNS roles installed, everything else virtualized

  • I am aware of the fact this setup is not recommended by Ms, but it was running fine for years with 2008 r2 version. Disadvantage is also that servers are HW dependent.

2) Have only Hyper-V role on physical server, everything else virtualized, including AD

  • I have mixed feelings about this approach. It seems "clean" and attractive, but: shall Hyper-V be a domain member? If so, what happens to logins on cold starts if AD VM fails to start? Are there any disadvantages of Hyper-V not being a domain member?

Note: I'd like to avoid having additional physical server for second AD server, we are a small site. Everything is backed up properly so I can do fast restores if needed.

I did search the net, including serverfault, but can't get a clear idea.Some links:

  • http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx
  • HyperV on Domain Controller or DC on HyperV?

What would you do in our situation?


Solution 1:

  1. My suggestion would be to install only the Hyper-V role on the host and to virtualize all of the other roles (DC, DNS, File, etc.).

  2. For now with a single host I don't see a great need to join the host to the same domain as the virtual machines. If you get a second host in the future and want to create a failover cluster then you can join the hosts to the domain.

  3. The AD requirements for failover clustering that required an active DC have been largely remediated in Windows Server 2012 and Windows Server 2012 R2. You need an active DC to create a failover cluster but a failover cluster can operate without the presence of an active DC so there's no "chicken or the egg" scenario when the hosts have to restart at the same time that the virtual DC is starting. See the note at the link below about AD-less cluster bootstrapping.

http://blogs.technet.com/b/wincat/archive/2012/08/29/windows-server-2012-failover-cluster-enhanced-integration-with-active-directory-ad.aspx