none
Hyper-v vs Domain Services

    Question

  • Server 2012

    Pretty sure I had the Hyper-v role installed on my server.

    Last night I installed the Active Directory Services role. On reboot, neither role is installed. Not sure what happened, but maybe someone can comment.

    ALSO...

    What is the preferred arrangement:

    1. Hyper-v and DC running on same local host

    2. Hyper-v with DC running on VM

    3. Separate DC on designated physical server

    4. Other best practice

    My intention is to use the hyper-v manager server for virtual environments;  to help with application development on different server environments. I want a Domain Controller because I need a practice environment for testing domain services.

    Regards,

    Saturday, April 13, 2019 8:49 PM

All replies

  • Option 2.

    Better to install Hyper-V role only on host and stand up guests for various roles or application. Also if you install other roles on host this consumes one virtualization right.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Saturday, April 13, 2019 9:31 PM
  • Hi,

    I would also leave the Hyper-V host clean and run the Domain Controller (DC) on a virtual machine (VM), it's usually better to keep the Hyper-V host for itself and have no additional roles on it.

    And as Dave mentioned above, using other roles on the host will consume a virtualization right.

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Saturday, April 13, 2019 9:49 PM
  • You guys rule.

    Sunday, April 14, 2019 4:30 AM
  • Hi,

    Just want to confirm the current situation.

    I agree with Dave and Leon, we can refer to this docs (https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/best-practices-analyzer/hyper-v-should-be-the-only-enabled-role ),

    The Hyper-V role should be the only role enabled on a server. This best practice helps keep the host operating system free of roles, features, and applications that aren't required to run Hyper-V.

    So, In most cases, it's not a good idea to install other roles on a server running the Hyper-V role.

    Furthermore, the standard recommendation for DCs is to run nothing at all on a DC except AD. Here’s an article discussed the reasons not to make Hyper-V as a DC for your reference.

    https://www.altaro.com/hyper-v/reasons-not-to-make-hyper-v-a-domain-controller/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Reference thread,

    https://social.technet.microsoft.com/Forums/en-US/097c4798-49d7-4f30-ac24-942733a0615b/running-hyper-v-on-domain-controller?forum=winserverhyperv

    Hope above information can help you.  If you have any question or concern, please feel free to let me know.

    Have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 15, 2019 8:13 AM
    Moderator
  • Hi,

    the Hyper-v role should be the only role enabled on a server. This best practice helps keep the host operating system free of roles, features, and applications that aren't required to run Hyper-V.

    I would have one hardware DC in each Datacenter and ore DC as VMs.

    Take a look at:

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/virtualized-domain-controllers-hyper-v

    Avoid creating single points of failure

    You should attempt to avoid creating potential single points of failure when you plan your virtual domain controller deployment. You can avoid introducing potential single points of failure by implementing system redundancy. For example, consider the following recommendations while keeping in mind the potential for increases in the cost of administration:

    1. Run at least two virtualized domain controllers per domain on different virtualization hosts, which reduces the risk of losing all domain controllers if a single virtualization host fails.
    2. As recommended for other technologies, diversify the hardware (using different CPUs, motherboards, network adapters, or other hardware) on which the domain controllers are running. Hardware diversification limits the damage that might be caused by a malfunction that is specific to a vendor configuration, a driver, or a single piece or type of hardware.
    3. If possible, domain controllers should be running on hardware that is located in different regions of the world. This helps to reduce the impact of a disaster or failure that affects a site at which the domain controllers are hosted.
    4. Maintain physical domain controllers in each of your domains. This mitigates the risk of a virtualization platform malfunction that affects all host systems that use that platform.

    Regards,

    Guido

    Tuesday, April 16, 2019 4:53 PM
  • Hi,

    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, April 17, 2019 2:20 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, April 18, 2019 8:04 AM
    Moderator