Hyper- V as a domain controller = Mistake

rickbaker · 2015-04-02T16:38:38.000Z

I made a rookie mistake and did not use best practices. I installed hyper-v, promoted to a AD/DC and created several VM’s.

Found out this would be a problem and not supported so I demoted the Host and cannot access the VM’s any longer.

Any help out there for me?

I try to import the VM’s and I am getting a permission error.

brianlittlejohn · 2015-04-02T16:42:46.000Z

Login in to host, take ownership of the vm files, then try to import again.

Edit: Typo

smooney · 2015-04-02T16:43:19.000Z

What happens if you log in locally into to hyper-v host? and openthe Hyper-V manager?

ssurles · 2015-04-02T16:46:04.000Z

Did you join the host to that domain?

michaelmason6027 · 2015-04-02T16:46:50.000Z

Remove the role from the box.

Add the role to one of the VMs.

netnerd · 2015-04-02T16:49:14.000Z

I clicked on this thread because just yesterday I added a Hyper-V VM to my AD/DC. Are you saying that is an issue and is not supported, or did you have your AD/DC on a VM? I’m a bit concerned. Do I need to modify my setup? Sorry I’m no help in fixing your issue.

brianlittlejohn · 2015-04-02T16:51:07.000Z

Its not supported from Microsoft to have the Hyper-V Host as a DC. VM’s can without any issue.

brianlittlejohn · 2015-04-02T16:51:31.000Z

Also it is most likely against licensing agreement to do it

rickbaker · 2015-04-02T16:51:41.000Z

i did

rickbaker · 2015-04-02T16:52:45.000Z

I made my HOST the AD / DC, the VM was a member

ssurles · 2015-04-02T16:54:43.000Z

Assuming that when you demoted the DC it also destroyed the domain unless you have other DC’s in your enviornment, and the hyper-v host still looking to authenticated against the domain its going to have issues. Unjoin it from the domain and just into a workgroup, then login locally and start your VM’s

brianlittlejohn · 2015-04-02T16:55:15.000Z

You can try to create a new VM and attatch the VHD’s to the new machine.

ssurles · 2015-04-02T16:55:30.000Z

ah…lol that’s right, so is the Hyper-V host just in a workgroup now?

Gary-D-Williams · 2015-04-02T16:55:37.000Z

Do you have more than one DC?

If not, when you removed the one and only DC you would have reverted a bunch of permissions.

You’ll need to logon to the hyper-v box as a local admin

briancesario5114 · 2015-04-02T16:58:58.000Z

ouch, yeah the solution depends on whether or not the DC/VM Host was the ONLY DC in the domain.

I’m hoping it wasn’t but it sounds like it may have been…!

Like others have said, you’ll have to login to the machine with local admin account to do anything with it.

smooney · 2015-04-02T17:31:18.000Z

Need to enble “winrm qc” and then add the hyper-v to TrustedHosts and connect to it remotely?

dreid007 · 2015-04-03T01:25:56.000Z

Problem is actually that hyper-v creates a service account for each vm. These are local accounts except if you are running on a domain controller where they become domain accounts. So, when you demoted that host you effectively deleted the local account.

I would recommend copying the .VHD/.VHDX files to a new location and create a new vm using the copied files. Then when it’s running delete the old vm. If that fails it will give you an access error in the event log that you can use to track down the files (typically under c:\ProgramData).

dreid007 · 2015-04-07T01:15:43.000Z

Actually came across the blog that helped me when I ran into this when I moved a machine between domains. Archived MSDN and TechNet Blogs | Microsoft Learn

da-schmoo · 2015-04-07T01:32:47.000Z

OP - Listen to Don007 - he’s on the right track to help you. You horked the permissions.