One of the more contentious topics in Windows administration is whether to virtualize Active Directory domain controllers (ADDCs). I believe virtualizing ADDCs should be fully embraced, and that they can be 100% virtualized under the right conditions.

If all ADDCs are running as virtual machines, a few key safeguards need to be met. Primarily, a single domain of failure (or region of failure) cannot be the virtual environment. This means that in VMware vSphere configurations, one cluster, set of ESXi hosts, and shared storage resources should not contain all of the ADDCs.

There are a couple of ways to spread all of the ADDCs across multiple ESXi hosts to ensure that one domain of failure is not limited to the vSphere cluster. One option is to have one or more ESXi hosts provisioned to different storage resources and management realms (like a vCenter Server) that contain additional domain controllers. This may mean putting a few production ADDCs within a development vSphere cluster that has the virtual machines running on different hosts, different storage, and a different management realm than the production virtual machine workloads. This can be a development vCenter Server or even an unmanaged ESXi host or Hyper-V host.

The management software, such as vCenter Server or System Center Virtual Machine Manager, may need Active Directory to start the required services for management. If the management services can’t start, the virtualized ADDCs may not be able to start either. You can see how the situation can be complicated if Active Directory is not available for the management stack.

Another trick you can employ is to have an ADDC leveraging local storage on an ESXi or Hyper-V host. While local storage isn’t ideal in terms of availability compared to that of a SAN or a NAS resource, it can be a way to extend the failure to another storage resource to reach the goal of having all of the ADDCs virtualized.

In addition, splitting out the FSMO roles across a number of virtualized ADDCs that are distributed across different domains of failure in the virtualized infrastructure will mitigate risk. In that sense, a role seizure would be more desirable if a single virtualized ADDC becomes unavailable.

These considerations are only a primer to the bigger decision of virtualizing ADDCs; the key takeaway is to ensure that virtualized infrastructure is capable of accommodating limited failure.

What design principles have you employed to virtualize your ADDCs? Share your tips with the TechRepublic community.