Given a resource limited setup consisting of 2 host machines (HyperV-01 and HyperV-02), is it OK to put the domain controllers in parent partition, instead of their own VM?
The main reason is that if the DCs go into a child partition, starting from cold on both machines could lead to a bit of an issue, as there'd be no DCs around until well after both parents have booted. I'm guessing this might cause undesirable effects.
Am I correct to be worried about joining the host systems to a domain that's only on VMs?
The biggest drawback I've heard so far is that if AD gets heavily used, its resources could cut into HyperV's. I'm not concerned about that for this deployment.
Any other suggestions? (Besides finding a 3rd machine and running AD on it.)
While not a Hyper-V shop, our VMware environment has both DCs virtualized. We have cold-start issues even in this environment because DNS lives on the DCs and as such, management features like VirtualCenter have issues when DNS dies.
I would strongly recommend keeping a single hardware based DC outside of your virtual environment. As you mentioned, there can be a variety of issues that while workable, cause unnecessary headaches when you least need them (cold start, disaster recovery, etc).
It's recommended that you have at least one DC on a physical box, and one that's not also hosting the only other DC. We've got one physical DC (on extremely minimal hardware) and one hosted in Hyper V with no issues whatsoever.
I think that, given your constraints, what you've outlined is the optimal setup.
If you have multiple DC's of which any are virtualized there can be issues around replication due to time syncing between the VM and the host.
http://blogs.technet.com/janelewis/archive/2008/04/02/recommendations-for-running-a-domain-controller-virtualized-environment-using-virtual-server.aspx
Why not put the Hyper V host in a separate domain/forest and then your DC and other server VMs in another domain/forest (the production domain)?
Personally though, I kept it simple and did not put my Hyper V host on the domain.
Due to minimal available hardware is tried to Host VM on a Server tht is also a physical (!) DC. I need 1 DC (physically) an some VM . All for testing and studying.
I read that a DC disables write caching to its harddisk ( To be sure that in case of failure NO data is in cache (which results in that case in dataloss)) There for this will affect the VM hosts in a negative way.
For the ones that understand DUTCH (:-)) read : http://blogs.microsoft.nl/blogs/itprocommunity/archive/2009/05/25/active-directory-in-hyper-v-omgevingen-deel-3.aspx
It's simple advice : keep one piece of hardware for DC purposes others can be virtualised ( if more are needed.)
Guys keep doing the good work and share our thoughts and advices ... Yeahhhhhhhhhhhhhhhh.. (Then i can learn More :-) )
Couple things you need to remember (this said from someone who manages 4 domains with ALL domain controllers virtualized, plus other non-virtualized domains)..
This is a BIG problem:
http://www.bitshop.com/Blogs/tabid/95/EntryId/64/Hyper-V-Domain-Controllers-Virtualized-Space-Time-Continuum-a-warning-about-virtualization-complexities.aspx
Next: Don't save state / snapshot / anything similar - you can be in for a nightmare.
Third: If you get into a situation where your Hyper-V host requires you to log in, yet your domain controller is down, you can end up locked out of starting the domain controller - I haven't seen this on Hyper-V but we had a panic right before we cut over our BitShop corporate domain to virtualized years ago (Virtual Server 2005) - The server couldn't reach the domain controller after a reboot and wouldn't let us log in to start the domain controller virtual instance - We had to use the local administrator account.
So DO keep your local administrator account.
I never run Hyper-V nor Virtual Server on domain controllers, so no experience with that aspect.
Most importantly though the time issue can cause massive confusion on the domain and loss of control of your domain.