Join Log in
Score:3
dog_1 avatar Server

Virtual active directory on disk storage - good practice

li flag
dog_1

I have come here to ask a question that is bothering me. What is the best way to virtualize Active Directory when I have two physical servers and a disk array. I know that I need at least two domain controllers. To achieve this, I need to put two virtual servers on hyper-v.Then i can to do: Run both virtuals on a disk array where the hyper-v service is in a failover cluster? Should I put these VMs outside the failover cluster, put one on node1 and the next on node2? Maybe there is some other better way? For me, scenario, when AD has been on disk storage is week option. Storage get faulty and AD is lost. Please give your opinion.

70
3 + 3
cn flag
Greg Askew
Active Directory does not support failover clustering.
0
Reply
dog_1 avatar
li flag
dog_1
@GregAskew I wonder why Microsoft doesn't program such an option. This would save on the licenses needed to run two VMs exclusively for Active Directory.
0
Reply
cn flag
Greg Askew
Most organizations don't have this problem. "Active Directory" usually provides enough services such as DNS/DHCP/Certificates that two servers are merited. Also for a physical Windows Hyper-V host, that includes licensing for two Windows server guests (Standard) or unlimited guests (Enterprise).
0
Reply
Score:5
Net Runner avatar Server
jp flag
Net Runner

Having a DC as a VM on cluster shared volume inside the cluster is not the best idea since sometimes a cluster cannot be started if the domain controller that is located on the clustered resource is unavailable. The unavailability of the DC may cause connection or authorization issues, which makes it impossible to get the cluster working. There is a vicious circle, which takes a lot of time to break it.

Deploying Active Directory services alongside Hyper-V and Microsoft Failover Cluster roles is not recommended, but the situation described above can be avoided if the DC is deployed as a local virtual machine that is located on directly attached storage alongside the host OS.

Here are some related vendor-specific recommendations and more details by Microsoft that might help as well.

+ 0
Score:4
BaronSamedi1958 avatar Server
kz flag
BaronSamedi1958
  1. You virtualize your Domain Controller (DC). Virtual DCs is a standard practice blessed by Microsoft since at least 2012 (10+ years in a row).

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/virtualized-domain-controllers-hyper-v

  1. You HA your DC. It has built-in replication mechanism you need to configure to avoid your Domain Controller turning AWOL with its physical host going down for whatever reason (planned downtime, BSOD, fire etc).

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/replication/active-directory-replication-concepts

  1. You never mix up DC role with anything else on the same machine, physical or virtual - doesn't matter! It's nothing but begging for troubles.

https://www.hyper-v.io/combining-hyper-v-dc-role-server-bad-idea/

+ 0
Score:0
avatar Server
cn flag
TomTom

Here is what I do: I run the critical AD controllers on multiple of my VM servers - on a separate SSD.

Rule one for AD: NO SINGLE POINT OF FAILURE.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.