1

In the middle of setting up a new domain and arrived at an issue. Using 2016 Core for the first time and boy is it a new adventure.

I have three physical servers. I planned on running two virtual servers on two of them and use the third server for replication fail-over but, continue to run into issues due to them not being joined to a domain. I assumed not to join these hosts to the domain since if the VM DC is down then they would have issues but, I continue having issues trying to manage them remotely. I do see hosts domain joined on some form posts and on most videos I’ve seen the hosts are domain joined but, I’ve been told it’s not a good idea by a previous co-worker.

So i’m at a cross road. Do I configure the Hyper-V hosts on the domain and risk something weird happening because they’d obviously turn on before the DC-VM. Do i create a mini domain just for the Hosts but, then i’d be running a domain within a domain…or is there better way?

17 Spice ups
2

Microsoft recommends they’re domain-joined:

We have one DC per host and make sure to only reboot one host at a time. Going on 6 years without any issues.

7 Spice ups
3

Ok, do you also have the DC’s setup for DHCP fail over after a couple minutes?

4

Working in Hyper-V, I’ve always noticed that its a bit quirky in the 2016 environments. I have had issues with them communicating properly before, but we never ran the hosts on a domain - just locally authenticated. As long as all the VM’s are on the domain, you should be fine but the V-Hosts don’t necessarily HAVE to be on the domain.

By my experience, its almost as if MS was directing people to have the hosts be joined to the domain - especially with the server manager interaction. I know that we had to go through a lot of tinkering with server manager to get everything to see each other properly, hope that helps.

(MrCodeMonkey) 5

You’re speaking of Server manager from one of your Host Hyper-V’s correct? Also did you setup Hyper-V Replication?

6

An hour. But our leases are 6 days, and maintenance is only done outside of business hours. All servers have static addresses.

2 Spice ups
7

Ok was reading the link you sent me. They way Microsoft showed it was a domain VM hosting a separate domain for the Hosts. Is that what you’ve done or just added the hosts to the same domain?

8

Agree with Big Green Man.

As a variation on same never shut all the DC’s down at same time theme. I have two sites with a common AD. HyperV servers are domain joined but they get their primary DNS from an off site DC as do the DC VM’s. Other site does same. If power goes out for a week I can just fire up the hosts and they get what they need over the vpn.

9

Do you have your hyperv hosts on the same domain as your users or do you have a separate domain?

10

As per others, multiple DCs and Hyper-V hosts all in the same domain. Hyper-V hosts use the IP addresses of the DCs NOT in their site for primary and secondary DNS. I always make sure at least one DC is up at all times during patching.

11

Were you asking me or the OP? We are small 2 HV servers per site, just a single domain so I can shuffle stuff around easier.

12

You, I’m. Still trying to understand if I need to setup two more DCs with a new domain for my two hyper V host servers or if I should just join them to the same domain I have my VM servers on.

13

If I’m reading this correctly. You have two DCs setup on a domain for the hyper V host servers. Then another two DCs setup for a different domain that you use for your VM servers along for the users.

14

Same is fine. There is some benefit for a more complicated AD Forest in a much larger infrastructure where there was say a data center or COLO with a lot of hosts. More for internal security or systems management convenience than any technical benefit.

15

I domain join them because of the Kerberos authentication that happens as part of the Hyper v replication process and because it’s less credentials to manage

1 Spice up
16

as per others, my VM hosts are on the same domain as the vDCs. One of my VM hosts is the machine hosting one of the 2 vDCs that we have

My personal setup is that my vDCs are set to service different VLANS (one does DHCP for x.x.20.x with static devices set on x.x.2.x and the other serves x.x.10.x and x.x.1.x). The DCs themselves look to each other for DNS first, and all servers have static IPs with both DCs as DNS entries

I reboot all servers including VM hosts regularly once a month. Always leave one DC up until the other is live. Never had an issue personally

17

As with everyone else, same domain.

18

We join our Hyper-V hosts to our domain. You’ll find (especially with Core installs) that it is much more difficult to manage the host if they are not on the domain. We also run a physical DC along with the virtual ones. We actually have 2 physical ones since we put one in a colocation data center on the other end of our campus recently.

19

Join them to the domain. Server 2016 knows how to handle it when a host boots before the virtual DC. I have managed a Server 2012 host not doman joined because my boss (at the time) was old school and always claiming “it won’t work! You will F yourself!”. Humbug I say. I did it and it worked fine. No issues. I did NOT F myself. :slight_smile:

20

Domain joined here to the same domain. Makes for easy management. Hyper-V is meant to be domain joined. Leaving them in a workgroup adds a level of complexity you don’t need or want, especially if you’re running Hyper-V server vs Windows Server with the Hyper-V role.