My company is looking to try and virtualize all our servers, and we are trying to figure out if virtualizing active directory is a good idea. Is it even something that can be done, and if so are there any drawbacks to having it setup this way. My network is setup with multiple physical servers, multiple virtual servers, and a SAN.
If you need any more information, please let me know.
Microsoft recommends maintaining at least one physical domain controller in each domain.
For most environments, this doesn't need to be very much of a server. Even a 64-bit dual-core rackmount Atom server, consuming 25 watts of power and costing less than $500 when configured with 4GB of RAM and a pair of 2.5" hard drives in RAID1, can provide a very serviceable physical domain controller/DNS/DHCP server running Server 2008 R2.
The main real-world benefit of always maintaining a physical domain controller is to prevent "cold start" issues when restarting your virtualized environment after updates/upgrades, power outages, etc. This is especially relevant if you use Hyper-V servers as virtualization hosts, as these machines will expect to be able to find a domain controller at startup.
The main problem I've seen with virtualized Active Directory (DC) Domain Controller (DC) computers relates to time synchronization issues. AD is very reliant on good time sync between your DCs so make sure that your hypervisors configured per the manufacturer's specifications to allow the guest VMs to have solid time sync.
Beyond time sync I don't have any bad experiences with virtualized DCs to report. Don't do anything with them that you wouldn't do with physical domain controllers. Be sure that you're not rolling DC VMs back using features like snapshots because you could cause database replication issues (equivalent to restoring an old backup of a physical DC). Don't clone DC VMs (equivalent to disk-imaging physical DCs).
Edit:
I strongly recommend keeping at least one physical DC around, as well, to echo @MilesErickson's answer. I'd go so far as to say that you need one physical DC in each location where you're hosting server computers to allow those machines to be able to be "cold started" when WAN connectivity is down.
Awhile back we virtualized Domain Controllers for AD/Server 2003. It worked well except for when one of the machines had an older version of it's VM started in place of the latest version. This caused a SERIOUS problem - and made it so the AD Server stopped replicating and trusting the other servers.
What I later found out was triggered was a USN Rollback - It's very unpleasant to fix. http://support.microsoft.com/kb/885875
I was able to correct the problem and we continued our virtualization. However - this time around I just had a ready-made VM on standy in the event a Domain-Controller host failed I would just join the standy to the domain as a new Domain Controller - this worked well.
This is more updated and may be useful: http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(WS.10).aspx