Proper FSMO / Role placement in a virtual environment?
-
Saturday, September 22, 2012 12:11 PM
(Because this touches on a few different things FSMO, HyperV, Failover Cluster I thought I'd post this here first.)
Can anyone link me to white papers or info on FSMO and role (particularly DNS and DHCP) placement in a virtual environment?
My situation is that we have set up a HyperV cluster. We've been experiencing problems with it (machines running slow, going into a paused or stopped state). One of the techs said that this is because of two things, First is that the “Enable Persistent Mode” is on for the highly available Vms and the other is that all the FSMO roles, Primary DNS, and DHCP are on a 2008 R2 VM. We currently have two physical servers running 2008 Enterprise, both are in the domain as member servers. We still have an old physical running as the secondary DC / DNS.
Things had been running and filing over fine of a week or two, but I was told to turn off the Persistent Mode and move the DSMO roles, DNS, and DHCP to a physical box outside of the cluster which I have done.
I'm just looking for best practices, white-papers, or just general reference material so I can make sure that we are running the best we can be.
- Edited by pwjohnston79 Saturday, September 22, 2012 12:13 PM
All Replies
-
Saturday, September 22, 2012 1:43 PM
Hi ,
It's recommended to have a active directory installed in physical machine and hold all FSMO roles.
Please look at this link ,it offers you good links which can help you :
Running Active Directory in Virtual Environment
Best regards Bourbita Thameur Microsoft Certified Technology Specialist: Windows Server 2008 R2,Server Virtualizaton
-
Saturday, September 22, 2012 2:00 PM
Hello,
for starting see recommendations in http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv%28v=ws.10%29.aspx
We run some domains complete as VMs and also have domains with only the DCs as VM and there is no problem with that. If you have a large environemt with prerformance problems on some VM hosts, then you may run the FSMO roles on a dedicated physical machine.
For Hyper-V configuration details you may ask also in http://social.technet.microsoft.com/Forums/en/winserverhyperv/threads
DHCP should NOT run on DCs, as this requires permissions with DNS registration for record updates and therefore DHCP should always run on domain member servers.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
- Proposed As Answer by Santosh BhandarkarMicrosoft Community Contributor, Moderator Saturday, September 22, 2012 8:13 PM
- Marked As Answer by Andy QiMicrosoft Contingent Staff, Moderator Friday, September 28, 2012 1:31 AM
-
Monday, September 24, 2012 3:45 PMModerator
Hi,
I agree with Meinolf, he has provided the right suggestion to the issue. We could refer to the articles he provided to troubleshoot the issue. Regarding FSMO placement, we could refer to the article below.
FSMO placement and optimization on Active Directory domain controllers
http://support.microsoft.com/kb/223346
Regarding Hyper-V cluster related issue, as Meinolf suggested, we’d better ask in the Hyper-V forum.
Regards,
Andy
- Marked As Answer by Andy QiMicrosoft Contingent Staff, Moderator Friday, September 28, 2012 1:31 AM
-
Monday, September 24, 2012 3:57 PM
I agree that there should be a domain controller outside the virtual environment in case you loose that the forest won't be lost. We currently run our DC in virtual. I have my DHCP server on a seperate server. Since I only have two DC's I have the FSMO roles on one.
norman mattox
.png)
