My dual domain controller plan

[Eric]

I will like two domain controllers for domain protection should one ever go down. I'd like to setup two physical Windows Server 2012 machines. Each machine will virtualize a domain controller instance and another test instance. I'm thinking two machines so if one machine goes down the other domain controller will pick up. Right now I plan having both machines log into their own workgroup. Is there any benefit to having them try to log into the virtualized domain controller?

Also, if I ever plan on using Hyper-V clustering as a way to shift all the vms to the other machine is it possible with only two machines. I think an SMB 3.0 file share is needed so would this require a third Windows Server 2012 machine, and to implement hyper-v clustering will I require then 3 windows server 2012 licenses to have a third machine act as a SMB 3.0 file share and witness?

 

[Jeggs101]

How many clients is this for?

 

[dba]

I know that Microsoft supports having the Hyper-V hosts as a standalone systems (workgroup members) or as domain members. In other docs, they also say that you should not have *all* of your domain controllers virtualized. I also remember that if you cluster, the Hyper-V hosts must be domain members. So if clustering is in your future, make the Hyper-V hosts domain members, but have at least one non-virtual domain controller on your network.

By the way, I tried virtualizing my domain controllers. It worked, but there were so many caveats and gotchas (http://technet.microsoft.com/en-us/...ontroller_virtualization_hyperv(v=ws.10).aspx that I gave up and made my Hyper-V hosts themselves domain controllers. Microsoft warns against this for conceptual reasons ("one host, one role") and for performance reasons (since promoting a sever to a DC disables write-back caching on the disk holding the database files). My DCs see very little traffic and I keep the boot drive separate, so I ignored their recommendations and I like the results. I now have four DCs and really would not care if one went down. In fact, I sometimes boot up only one or two of my Hyper-V hosts/DCs and everything works perfectly.

 

[Mike]

I think active directory can handle the failure of an instance quite fine by itself. No need for complex clustering just for that.

 

[Eric]

Thanks for the feedback guys, I'm thinking of doing the two standalone machines, no clustering as an smb 3.0 file share will then just become the single point of failure and another expense. I will then enable Replica of the vms from one machine to the other.

 

[nitrobass24]

I have been running two VMs as my DCs for 5 years now. Both have ADDS, DNS & DHCP roles.
For DHCP I just use a split scope so i dont overrun the other.

Its active/active so i don't have to deal with clustering or failover or any other BS.

 

[Eric]

Do you know if Windows Server 2012 has anything new to manage DHCP so you don't have issues with two servers both running the service?

 

[dba]

Yes. You used to cluster Windows DHCP, which was annoying, but now in 2012 it has built-in failover abilities, either active-standby or active-active.

Do you know if Windows Server 2012 has anything new to manage DHCP so you don't have issues with two servers both running the service?

 

[Eric]

Oh, very nice. Thanks for sharing that.

Yes. You used to cluster Windows DHCP, which was annoying, but now in 2012 it has built-in failover abilities, either active-standby or active-active.

 

[alex1002]

Why don't you do split scope dhcp and two DNS server. Have two gc. No need for cluster. Unless you what failover for fileshares too on a San device.

 

[NetWise]

Because if you're going to run 2012 may as well use the DHCP 'clustering'. It's no hater at all but active active on two nodes by way of the app/service being aware, not Windows itself. Much better than split scopes!

 

[mrkrad]

so each dhcp node is a MASTER? failure of a PDC for instance dhcp will still fire up?

 

[NetWise]

Not fire up - never goes down. Active/active, mirrors the DB on the back end no split scope hassles. Works across sites as well. Lets you have local dhcp's replicated to a central one so if a branch office dhcp goes down it just uses central office. Also you can do all your admin from the central site in a single console.

http://blog.ittoby.com/2013/05/windows-server-2012-superfeature-dhcp.html?m=1

 

[alex1002]

Have they made any improvements in windows 2012 r2? When it comes to the features op looking for?

 

[NetWise]

I don't know specifically.

He's looking to do a few things:
* Either use a 3rd node for SMB 3.0 storage for the HyperV cluster or do local storage only and shared nothing live migrations from time to time.
* Configure his Hyper-V hosts to be domain members, of the DC/Domain that is hosted on their VM's.

Both are doable in 2012. R2 might have some incremental improvements, but it's not required for success.