Active Directory in Hyper-V environments, Part 3

Designing and implementing a virtual environment on top of Hyper-V can be challenging. Placement of Active Directory Domain Controllers require additional consideration, especially in some Hyper-V scenario's where Active Directory membership is strictly needed.

In the scenarios below the Hyper-V parent partitions ("Virtual Hosts") need to have Active Directory membership:

  • Clustering
    When you want to build a Hyper-V Failover cluster you will need to make your Hyper-V parent partitions (the "Virtual Hosts") members of an Active Directory domain. It isn't a good idea to make the parent partitions Active Directory Domain Controllers. The Domain Controller role isn't designed to be clustered.
  • System Center Virtual Machine Manager
    When you want to use System Center Virtual Machine Manager 2008 (SCVMM 2008) with Hyper-V you need to make your parent partitions member of an Active Directory domain. The System Center Virtual Machine Manager 2008 FAQ is pretty clear about that.
  • Delegation in large Hyper-V environments
    Hyper-V uses an authorization model which is based on Windows Authorization Manager (AzMan). AzMan provides a flexible framework for integrating role-based access control into applications. It enables administrators who use those applications to provide access through assigned user roles that relate to job functions.Authorization Manager applications store authorization policy in the form of authorization stores that are stored in Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), XML files, or SQL databases. In large Hyper-V environments Active Directory is the store to hang out with.


While in other scenarios Active Directory membership is not strictly needed you might find Active Directory membership for the Hyper-V parent partitions useful. Through Active Directory Group Policy Objects (GPOs) you will be able to manage loads of Hyper-V servers more easily than you would in a workgroup environment.

Further reading

Windows 2000 and Windows Server 2003 cluster nodes as domain controllers
Active Directory domain controllers are not supported as Exchange Server cluster nodes
Support policy for Microsoft software running in non-Microsoft virtualization software
[DOC] Hyper-V Planning and Deployment Guide
System Center Virtual Machine Manager 2008 FAQ
Dung's space: Delegation Model in Hyper-V – Part 1
Microsoft TechNet: Authorization Manager
Increased functionality and virtual machine control in the Windows Server 2008 Failover Cluster Management console for the Hyper-V role
Windows Server 2008 Hyper-V Failover Clustering Options
Hyper-V Clustering Step-by-Step Guide
Review: System Center Virtual Machine Manager 2008 (VMM 2008) – first impression

One Response to Active Directory in Hyper-V environments, Part 3


    A minute saved is a minute earnd, and this saved hours!

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.