One domain controller configured in a failover cluster? Or two DCs, one on each cluster node?

active-directory domain-controller windows-server-2012-r2
12,821

Solution 1

Creating a single, clustered Domain Controller isn't creating highly available AD services. It's creating a highly available VM, regardless of the services that VM is serving. If you lose the VM (OS failure, data corruption, etc.) then you've lost the services that VM was serving, so those services were not highly available to begin with.

Don't confuse a clustered, highly available VM with a clustered, highly available service. A clustered, highly available VM makes the VM highly available and indirectly makes the services on the VM highly available BUT only so long as the VM itself is up and running. if the VM itself is down, so are the services it provides. Clustered VM's protect against HOST failures, not VM or service level failures.

The proper course of action would be to create two Domain Controllers. Place them where you wish and cluster them if you want to. If it were me, I'd create two and place them as you've suggested (one DC on each host) and I'd cluster them as well. There's no reason to have one of them be unavailable if one of the hosts goes down. Clustering them allows both to continue serving clients regardless of which host is up or down.

Solution 2

Domain controllers and failover clusters are mutually exclusive.

"It is not supported to combine the Active Directory Domain Services role and the Failover Cluster feature on Windows Server 2012"

"It is not recommend to combine the Active Directory Domain Services role and the Failover Cluster feature on Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2"

http://support.microsoft.com/kb/281662

Whatever you are doing with Active Directory, it needs to do what a Windows client would do. Find an available domain controller and use it, and if it has an issue with a domain controller, find the next available domain controller and use it.

Assuming you actually read the entire article, it is really a cautionary tale. The message is "don't do it".

Share:
12,821

Related videos on Youtube

Daniel
Author by

Daniel

░░░░░░░░░░████████████░░░░░░░░░░ ░░░░░░██████▓▓░░░░▓▓██████░░░░░░ ░░░░████▓▓▓▓▓▓░░░░▓▓▓▓▓▓████░░░░ ░░████░░▓▓▓▓░░░░░░░░▓▓▓▓░░████░░ ░░██▓▓░░░░░░░░░░░░░░░░░░░░▓▓██░░ ████▓▓▓▓░░░░▓▓▓▓▓▓▓▓░░░░▓▓▓▓████ ██▓▓▓▓▓▓░░▓▓▓▓▓▓▓▓▓▓▓▓░░▓▓▓▓▓▓██ ██▓▓▓▓▓▓░░▓▓▓▓▓▓▓▓▓▓▓▓░░▓▓▓▓▓▓██ ██▓▓▓▓░░░░▓▓▓▓▓▓▓▓▓▓▓▓░░░░▓▓▓▓██ ██░░░░░░░░░░▓▓▓▓▓▓▓▓░░░░░░░░░░██ ██░░░░████████████████████░░░░██ ████████░░░░██░░░░██░░░░████████ ░░████░░░░░░██░░░░██░░░░░░████░░ ░░░░██░░░░░░░░░░░░░░░░░░░░██░░░░ ░░░░████░░░░░░░░░░░░░░░░████░░░░ ░░░░░░████████████████████░░░░░░

Updated on September 18, 2022

Comments

  • Daniel
    Daniel over 1 year

    I am currently planning a high available Windows Server 2012 R2 environment within a Hyper-V-Cluster with two nodes. I am not sure about how to deploy the virtual domain controller for the work domain, to keep the forest available when a node goes down.

    I see two options:

    1. Create one virtual machine with the domain services and configure the vm as a cluster resource in the failover cluster. Let the cluster worry about the availability of the virtual machine (domain controller).

    2. Create one VM on Hyper-V-Node 1. Create a second VM on Hyper-V-Node 2. VMs are not configured as a cluster resource (no redundancy per VM). Install domain services on both VMs. Let the domain controllers worry about offering the domain services, if a node and therefore one VM goes down.

    My Questions are:

    • Is there a preferred method?
    • What advantages and disadvantages do both methods have?

    I appreciate high quality answers, please back up your responses with sources.

    • Matt
      Matt about 9 years
      Domain Controllers are inherently highly available anyway, you don't need to cluster them (nor should you). Microsoft's guidance is to place at least two domain controllers per Active Directory site; this is enough and is what you should be doing.
  • krisFR
    krisFR about 9 years
    I appreciate high quality answers, please back up your responses with sources Where are sources ? (i am kidding)
  • Daniel
    Daniel about 9 years
    Reading your response I realise that my question was ambiguous. I know domain services on cluster nodes are not supported. I do not want to install domain services on the cluster nodes, but put a VM on each node and not configuring them as cluster resources. See my edited question for details. I hope it's clearer now. Still, your answer is not wrong, so have an upvote :)
  • Daniel
    Daniel about 9 years
    You addressed some important points, having a VM that is highly available but not protected against faults in the OS.
  • Greg Askew
    Greg Askew about 9 years
    You need a minimum of two domain controllers, so option 2.
  • joeqwerty
    joeqwerty over 8 years
    This is incorrect. AD-less cluster bootstrapping in Windows Server 2012 and forward allow a failover cluster to bootstrap without a DC. - blogs.technet.com/b/wincat/archive/2012/08/29/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Adding a second tree domain to AD forest (2012 R2)
All options greyed out when trying to configure Active Directory Domain Services Windows Server 2012 R2
Cannot start workstation service on DC
dcpromo prerequisites for Active Directory preparation failed
Cannot promote Windows Server 2012 R2 to Domain Controller at a new site. "The wizard cannot gain access to the list of domains in the forest."
Is it possible to change the NetBIOS Uppercase and Lowercase letters?
Adding client computers to an active directory domain controller
No domain controller can be contacted when domain joining a server
Must the root domain name be registered when creating a new forest in Active Directory?
The requested operation requires elevation