User Tools

Site Tools


virtualization:domain-controllers

Virtualizing Domain Controllers

When discussing the virtualization of domain controllers, one often sees the advice to keep at least one physical domain controller “just in case.” This advice flows from good intentions as practices, but is a faulty application.

The core good advice that's being advocated is that there should be more than one Domain Controller for a Windows domain. So if one were to consolidate one's workloads onto a single server, it would make sense to leave at least one DC outside of that virtualization host. What faulty is the idea that the DC should be on bare metal and not virtualized. There's nothing wrong with having a workload on a separate host to prevent the domain controller going down as a single point of failure for the environment. However, putting that workload on a different virtualization host would be fine.

Even if the hosts are in the same management domain, hypervisors have tools to keep them from being moved to the same host (for example, anti-affinity rules in VMware).

It's fine to have all the Domain Controllers virtualized, as long as you have them on more than a single host.

virtualization/domain-controllers.txt · Last modified: 2014/09/29 00:31 (external edit)