I am currently planning a high available Windows Server 2012 R2 environment within a Hyper-V-Cluster with two nodes. I am not sure about how to deploy the virtual domain controller for the work domain, to keep the forest available when a node goes down.
I see two options:
Create one virtual machine with the domain services and configure the vm as a cluster resource in the failover cluster. Let the cluster worry about the availability of the virtual machine (domain controller).
Create one VM on Hyper-V-Node 1. Create a second VM on Hyper-V-Node 2. VMs are not configured as a cluster resource (no redundancy per VM). Install domain services on both VMs. Let the domain controllers worry about offering the domain services, if a node and therefore one VM goes down.
My Questions are:
- Is there a preferred method?
- What advantages and disadvantages do both methods have?
I appreciate high quality answers, please back up your responses with sources.
Creating a single, clustered Domain Controller isn't creating highly available AD services. It's creating a highly available VM, regardless of the services that VM is serving. If you lose the VM (OS failure, data corruption, etc.) then you've lost the services that VM was serving, so those services were not highly available to begin with.
Don't confuse a clustered, highly available VM with a clustered, highly available service. A clustered, highly available VM makes the VM highly available and indirectly makes the services on the VM highly available BUT only so long as the VM itself is up and running. if the VM itself is down, so are the services it provides. Clustered VM's protect against HOST failures, not VM or service level failures.
The proper course of action would be to create two Domain Controllers. Place them where you wish and cluster them if you want to. If it were me, I'd create two and place them as you've suggested (one DC on each host) and I'd cluster them as well. There's no reason to have one of them be unavailable if one of the hosts goes down. Clustering them allows both to continue serving clients regardless of which host is up or down.
Domain controllers and failover clusters are mutually exclusive.
"It is not supported to combine the Active Directory Domain Services role and the Failover Cluster feature on Windows Server 2012"
"It is not recommend to combine the Active Directory Domain Services role and the Failover Cluster feature on Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2"
http://support.microsoft.com/kb/281662
Whatever you are doing with Active Directory, it needs to do what a Windows client would do. Find an available domain controller and use it, and if it has an issue with a domain controller, find the next available domain controller and use it.
Assuming you actually read the entire article, it is really a cautionary tale. The message is "don't do it".
I would suggest creating two Domain Controllers, one on each host. Do not make these part of the cluster. Windows Clusters require authentication by a domain controller in order to start. If both Domain Controllers are part of the cluster, and the cluster goes offline for some reason, it will not be possible to start your cluster because the Domain Controllers required to authenticate the cluster will not be online.