I am in the proccess of setting up a few virtual servers and i decided that our active directory server has the most free resources currently but when i started the install it returned a warning saying that it is not a good idea installing vmware server on an Active directory.
Does anyone have any insight on why this could be a bad thing?
I've done this and regretted it. As Zoredache says, the extra network interfaces that VMWare creates get put in the DNS against the name of the server, then PCs on the network start having problems connecting to the server. It also broke intersite replication as the other DCs tried to replicate to the VMWare IP addresses. Even if you untick the "Register this connections in DNS" box in the TCP/IP setup for the VMWare networks the damn thing insisted on adding them to the zone file. I never did find a way round this.
I have put Hyper-V on a DC. This is OK provided you have more than one NIC and can keep one that isn't configured as a Hyper-V network. You simply disable all the extra synthetic Hyper-V NICs on the DC. Because Hyper-V uses paravirtualisation, disabling the synthetic NICs on the DC does not affect any VMs running on it.
If your server only has one NIC you can still use Hyper-V, but note that you won't be able to run the DHCP Server on the server as it won't bind to the synthetic NIC.
John Rennie
I also think so... Because you are increasing the opportunity/probability of a failure.
AD server is a critical resource and used by the every user. If you are installing a virtual server on it and some thing goes wrong (Ex: Software Crash, Abnormal CPU usage etc), all the users will be affected.
So I think "Keeping the AD server Alone" would be better.
UPDATE And another thing : I have seen some occasions that the Virtual machines cause the troubles with Network adapters of the Physical server. That means while auto configuring the Virtual machine's network, it makes some troubles with Physical machines network connections as well. I don't know the reason/trouble but I have seen that. So why would we put unnecessary troubles on a critical resource?
The biggest problem you will have is Domain Controllers have the disk write cache disabled. That will drag your VM performance down substantially, depending of course on how often your VMs write to disk.
To turn your situation on its head - if this is a secondary DC (i.e. doesn't hold any major FSMO roles), why not demote to a member server, install VMWare, and create a virtual DC in its place?
I thought DCs and virtuals wouldn't mix well, but I've been running a DC on hyper V for a few months now without a hitch. In addition, I've brought it up during a couple of calls I put in to MS for VM related issues, and they don't really recommend against virtualizing a DC. (obviously I wouldn't have both DCs as virtuals on the same box - definitely defeats the purpose)
To address a point raised above, your host OS should ALWAYS have a NIC separate from the one(s) used by the virtual network(s). That would avoid any possible network oddness from a shared NIC.
My theory is this. When Vmware installed it sets up a couple virtual interfaces for NAT and Host networking. The addresses associated with these interfaces get would published to the DNS server and screw things up. I have never tried it to see what happens though.
This is not a particularly good idea from a security perspective. The best practice is to isolate functionality like you wouldn't make your public web server also be your central AD server. Active Directory is a core function of a Microsoft based environment, if your AD is compromised then basically your entire network is open to the attacker.
There are compromises of VMWare allowing code execution on the Host OS from a guest environment, as an example CVE-2009-1244 (cve.mitre.org) is a recorded vulnerability.