Hyper-V host and domain joining

[skdmaster]

I would like some input if in a small office of 5-10 computers running a hyper-v server with a DC and file/app server guests do you join the host to the DC domain? I typically leave the host in a workgroup but I also read a lot that says that you should join it. Just curious what others would do.

 

[YeOldeStonecat]

I always leave it in workgroup mode.

Even though Windows should always be able to do a "cached credentials login" (like a laptop does when you take it out of the office)...I seen a case one where it gave an error about "Couldn't contact domain" when trying to log in. Figured, I never...ever...want to be stuck out of Hyper-V. And couldn't think of a reason to join the domain....never gonna push GPOs or anything domain driven to a hyper-V host.

 

[Moltuae]

For a single host server, I'd probably say workgroup mode. For multiple hosts though, especially if any of the hosts are running the Hyper-V Server (core) OS, I would put them on the domain. It just makes things like server grouping, managing and VM live migrations much easier to configure.

 

[Microbolt]

You can join the host to a domain with minimal side effects if any. But what you want to make sure you never do is let the host be the domain controller. It sounds good at first on paper but it will wreak havoc in performance as being a domain controller disables caching on the machine.

 

[Moltuae]

But what you want to make sure you never do is let the host be the domain controller.

Agreed, that would be bad.

Just to add that you can however (perhaps somewhat surprisingly) use a virtual server as a domain controller, even if the virtual server's host is a member of that very same domain. It seems like a catch-22 situation that shouldn't work, yet it does (in Server 2012 R2, at least that is. I've never tried it in anything earlier). I'd still recommend having a second DC though, one that isn't hosted on the same server, even if that's also virtual.

 

[MarkSTS]

At our church, we joined ours to the domain and have a virtual DC. Budget didn't allow at the time for a second physical DC but we were donated two HP boxes and have upgraded the RAM in them and are going to create a physical DC on that box with replication. You can also get a 1U Dell R320 from their outlet site for under $1000 if you don't have an old one laying around.