4

As a small shop (~10 PCs), we have only one physical server machine. This physical server machine runs the following two virtual machines:

  • one AD domain controller and
  • one "production server" (file server, database server, etc.).

Now, all best practice guides out there tell me that having a second AD domain controller (a "backup DC") is highly recommended.

Putting it on the same physical machine as the primary DC seems pretty pointless, so I thought of putting it as a VM on one of the stronger workstations which usually runs 24-7 anyways. Since it's just a backup DC, I'd give it very little CPU/RAM resources, so it should not affect the user too much.

Does this sound like a good plan or are there any pitfalls that I should be aware of?

Heinzi
  • 2,217
  • 5
  • 32
  • 52
  • 1
    `1.` No best practice guides call it a backup Domain Controller because there's no such thing as a backup Domain Controller. `2.` No, don't run this as a VM in a Type 2 hypervisor on a workstation. – joeqwerty Dec 22 '16 at 17:31
  • 1
    @joeqwerty: Please mentally substitute BDC with "DC with no FSMO role". I'm aware that the PDC/BDC distinction no longer exists and deliberately put "backup DC" in quotes. – Heinzi Dec 22 '16 at 17:48
  • 4
    Once you start thinking about adding a second DC because your shop up-time is valuable enough to warrant it. It's also time to start calculating the cost for a second server and have whoever pays the bills decide whether or not it's worth the cost. Adding a complex, untested and uncommon environment for a second DC, when your second DC is meant to provide you with some peace of mind, sounds counter-intuitive. I don't have a proper answer for your question, but my opinion is: if you need the safety of a second DC, make it a clean safe DC. – Reaces Dec 22 '16 at 17:55
  • 1
    I'm not going to substitute BDC with "DC with no FSMO role", because that isn't how we should refer to Domain Controllers. It's also not correct to call a Domain Controller a "Backup" Domain Controller. It may seem that I'm being pedantic, and I am. Part of being a professional in the IT field is using correct and technically accurate terminology. Now you and I may know what you mean but someone who doesn't know may find this question and may develop a false understanding as a result. It doesn't serve this community or the greater IT community to use incorrect terminology, phraseology, etc. – joeqwerty Dec 22 '16 at 18:19
  • @joeqwerty: Well, being pedantic is a good thing, so let's see if we can find a solution for this. In general, when I want to say "a foo, which I can use when the foo I usually use is unavailable for some reason", I prefix it with the adjective "backup", such as "a backup car", "a backup phone", "a backup workstation". English is not my main language, so I might be using it wrong. What alternative wording do you suggest for "a DC which I don't install for purposes of load balancing but solely to have another one available when the main one fails"? – Heinzi Dec 22 '16 at 20:37

4 Answers4

4

I believe the general consensus is "no", especially when you plan to host the second DC as a VM with a workstation host.

The reasons you use two DCs is that one going down will not bring your network down to its knees, and in larger environments to provide more resources performing the tasks of the DC.

If you place one of the DCs as a VM in a dedicated hypervisor in your server closet with static IPs all around you will not substantially harm the fault-tolerance of the system. And Windows Server 2016 in particular addresses many of the issues with DCs in a virtual environment such as authoritative records, backups and restores, and the like.

But, if you place the DC as a VM on a workstation the DC VM is dependent on the connectivity of the host computer, which negates most of the benefits of redundancy.

If the primary physical DC goes down, your workstation host loses its connectivity, and therefore the backup DC does too: Worthless.

The only redundancy you'd be gaining is if the VM DC goes down, in which case the physical DC would keep running and providing the network's needs.

In other words: There is no benefit.

UPDATE: An Option

With licensing being what it is, you could for the price of a bit of hardware and a single Standard license of Windows Server, stand up a Hypervisor (might I suggest Nano?) and run 2 VM servers on it. Run one as your second DC, and the other as a standard service-providing server.

This solves most of the problems for a little amount of cash, I think.

  • You get two DCs running on discrete hardware
  • You only consume one license of Server (which I assume you have considering you were planning to install it as a VM on a workstation)
  • You're doing all this on server-class hardware (which really is better at helping you sleep at night)
  • You have an available virtual server which can be used to upgrade/migrate/expand/make people happy/etc.

The assumption is that the hypervisor and VMs running on it are all going to be static IP systems, network interruptions are less likely to effect them.

Server-class hypervisor software will also be less likely to need reboots after patching (hence my Nano recommendation), meaning the hypervisor won't be needing reboots as often as as common desktop.

It's just a better all-around solution and for not a whole lot more moneys.

music2myear
  • 1,905
  • 3
  • 27
  • 51
  • 1
    "*If the primary physical DC goes down, your workstation host loses its connectivity, ...*" Why? – Heinzi Dec 22 '16 at 17:45
  • It does depend on what services are running on which DC. A small shop will possibly have DNS and DHCP running on the primary DC, which could result in a loss of general connectivity for all DHCP-requiring systems across the shop including, in this case, the desktop "hypervisor". – music2myear Dec 22 '16 at 18:05
  • But really, a 10 PC shop doesn't really need a second DC, in my opinion. Lots of best-practice guides tell you to get one, but a 10 PC network simply isn't big enough either network-wise or likely budget-wise to need a second DC. You don't gain any real redundancy by placing it in a workstation hypervisor, and you're certainly not stressing the original DC load-wise. Just take good care of the primary, and make sure you know how to bring it back if it does go down. – music2myear Dec 22 '16 at 18:07
  • 2
    `If the primary physical DC goes down, your workstation host loses its connectivity, and therefore the backup DC does too` - That's not technically correct. DHCP clients with a valid, non-expiring lease will continue to use their existing IP address configuration. They'll certainly lose DNS resolution but they won't lose network connectivity in general. Additionally, the VM network connectivity isn't dependent upon the IP addressing of the host hypervisor, except in NAT mode. – joeqwerty Dec 22 '16 at 18:28
  • "connectivity" used in a general sense. Once you cannot resolve DNS names on your network, for machines relying on DNS the difference between connected and disconnected is a matter of semantics. Important to the admin diagnosing, but not for the fact that things aren't working. – music2myear Dec 22 '16 at 18:31
  • @music2myear Without knowing more about the business, stating that two domain controllers for a 10 machine shop is overkill is silly. I've worked in shops that had 3 machines, all connected to appliances that needed to be up and running 24/7 and had redundant domain controllers with good reason. The value of the workstation's up-time is entirely up to whoever pays the wages. – Reaces Dec 22 '16 at 18:50
  • 1
    That's why I said "in my opinion". If their opinion is different, if their cost/benefit inputs are different, their answer could be different. OP doesn't seem to know besides to say "all best practices guides" which do nearly all say you ALWAYS need a 2nd DC. A 2nd DC is complexity, additional backup needs, additional consideration when patching the host machine. It's not a zero-sum "hey let's add a 2nd DC". You have to look at how it works in YOUR environment and make that decision for yourself, not simply based on best practice recommendations and guides by people who don't know you. – music2myear Dec 22 '16 at 18:55
  • @music2myear Alright, if your statement was meant to be more nuanced it totally flew over my head. Apologies :) – Reaces Dec 22 '16 at 18:59
  • Which means I wasn't clear enough. Thank you for pointing out that it was being misunderstood. – music2myear Dec 22 '16 at 19:01
  • Your arguments make sense. I guess I'll stay with one DC for the time being and consider adding a second physical server at a later time. – Heinzi Dec 22 '16 at 19:18
1

I don't like the idea. On the workstation, you would be running some kind of free Hypervisor with Server 20xx and the AD role.

You must own a unique Windows Server 20xx license that you would install on that machine and if you are going that far, I'd recommend buing a dedicated machine or scavenging up something.

In your situation AD requires very little resources, so something with 4GB of RAM and a 120GB SATA HDD would work. I'd like to see 2 cores at a minimum. Maybe look for a used server on an auction site.

Dacid Salin
  • 204
  • 4
  • 12
  • I'd use a Windows 10 Hyper-V host, and the Microsoft Action Pack is [quite generous with Windows Server 2016 licenses](https://assets.microsoft.com/es-co/mpn-maps-software-iur-license-table.pdf). – Heinzi Dec 22 '16 at 17:51
0

Back in time, we have done something similar to this, in a small business environment. Bust instead of having a second DC in a workstation. I just installed a Hyper-V server on that computer and created a replica of our PDC VM. In those rare cases when we lost our PDC (the physical hypervisor server was somewhat unstable), we just manually started the replica server on the second machine. This can be easily adjusted with powershell scripts and scheduled tasks to automate it.

This was far form the ideal solution, when de PDC went down, when i was outside of the office network (e.g.: at home), it was very painful (but feasible) to get myself into the secondary machine to start the replica, but it definitely worked, however i can't recommend it in production environment.

Later this workstation PC died and i just don't bothered to revive it. Installed a second DC in a new virtual machine on an another hypervisor server. Now nobody needs to care about the PDC's issues, the second DC remains fully functional, except if we have networking issues, but then the DC is not our biggest problem.

This is a working solution too (for us at least), but as always if you runs a DC on a VM and the hypervisor is the member of the same domain, you need to take care of few things (time sync especially).

P.S.: we are not using DHCP on this network, just static addresses.

Skyne
  • 54
  • 3
-2

It is recommend to run DC on physical server not in virtual host. You can keep ADC on virtual host

In case of any issues or required restart on vm host server. Might be get issues with domain authentication

user391649
  • 11
  • 1
  • Is that still the case with Windows Server 2016? Since it's also recommended not to mix DC with other services, this would mean that every small business with AD and a file server would need two physical machines... – Heinzi Dec 22 '16 at 19:33
  • Server 2016 has features that specifically address the issues of a virtualized DC, but it's still generally accepted that you need one physical DC and then additional ones can be virtualized. It's generally OK to run DNS/DHCP and other core functions with a DC, but the strongest advice is not to run it alongside file and applications services. – music2myear Dec 22 '16 at 23:59