Q. I'm virtualizing my environment onto a small number of Hyper-V servers that are clustered to offer a highly available service. Where should I place my virtual domain controllers (DCs)?

A. A Windows Failover Cluster relies on Active Directory (AD) being available to offer services. You need to make sure that you don't place the virtual DCs in such a way that the virtuals can't start without the cluster being available, which in turn can't start without AD being available.

My advice is to place the configuration and virtual hard disks for at least two DCs on either local storage of each node or, if on a SAN, on storage that is not cluster storage. Your DCs should be on at least two separate physical servers, so place one virtual DC on each of two Hyper-V servers. Don't place the DC resources on Cluster Shared Volumes (CSVs), because CSVs aren't available without the cluster, which isn't available without AD. Don't make the DCs cluster resources.

The DCs should be local virtual machines and you should always have at least two DCs in any environment for redundancy, in the event that one DC becomes unavailable or corrupt. You can then virtualize the other servers in your environment on CSV storage, but you've ensured that if a single node fails or if the cluster can't make quorum, at least one DC is always available as a local resource. An example of this setup is shown here.

Another option is to have at least one additional DC on a physical box or as a virtual on another Hyper-V server that isn't part of the cluster. Just make sure you don't place all your DCs in one basket when that basket is part of a single failover cluster. You can obviously add additional DCs, and these could be on cluster storage.

Related Reading:

Videos:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.

Comments

Plain text