Re: #1 - Fair point. Re: #2 - It adds attack surface area, beyond just services that need to be patched.
Re: #3 - Again, fair enough point, but it does take longer to start up a DC, and this has an impact on when other services get started up. It probably complicates a few DR scenarios as well. :) And you have to pay more attention to how the DC is configured, as such a system will likely be multi-homed. I do it at home today, but would caution that care was taken in going this route -- not a rejection, but not an endorsement either. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Aug 25, 2011 at 9:40 AM, Crawford, Scott <crawfo...@evangel.edu>wrote: > I’m curious why not. The more I think about it, the more it seems like a > good idea.**** > > ** ** > > **1. **It completely negates the issue of virtualizing a DC or > having a separate physical DC**** > > **2. **Second, a potential problem with running services on the host > is that it could starve the guests for resources, but if any service NEEDS > resources, what better than AD?**** > > **3. **If you have virtualized DCs, the hosts should be the most > protected servers in your environment since a compromise there can easily > lead to a compromise of any guest – including a DC. So, if that host is > already well protected, since it is in fact as critical as a DC, why not run > AD on it?**** > > ** ** > > One possible reason against running extra services on the host is he > possibility for needing more reboots due to patching, but it should be a > fairly insignificant difference, especially if running Server Core.**** > > ** ** > > *From:* Sean Rector [mailto:sean.rec...@vaopera.org] > *Sent:* Thursday, August 25, 2011 8:27 AM > > *To:* NT System Admin Issues > *Subject:* RE: [Microsoft support] Is it me...**** > > ** ** > > I thought it was a no-no.**** > > ** ** > > Sean Rector, MCSE**** > > ** ** > > *From:* Brian Desmond [mailto:br...@briandesmond.com] > *Sent:* Wednesday, August 24, 2011 6:11 PM > *To:* NT System Admin Issues > *Subject:* RE: [Microsoft support] Is it me...**** > > ** ** > > *Right – I’m missing what’s not best practice about it. ***** > > * ***** > > *Thanks,***** > > *Brian Desmond***** > > *br...@briandesmond.com* <br...@briandesmond.com>**** > > * ***** > > *c – 312.731.3132***** > > * ***** > > *From:* Sean Rector [mailto:sean.rec...@vaopera.org] > *Sent:* Wednesday, August 24, 2011 1:33 PM > *To:* NT System Admin Issues > *Subject:* RE: [Microsoft support] Is it me...**** > > **** > > In my environment – nothing. It’s working like a champ.**** > > **** > > Sean Rector, MCSE**** > > **** > > *From:* Brian Desmond [mailto:br...@briandesmond.com] > *Sent:* Wednesday, August 24, 2011 1:29 PM > *To:* NT System Admin Issues > *Subject:* RE: [Microsoft support] Is it me...**** > > **** > > *What’s wrong with that? ***** > > * ***** > > *Thanks,***** > > *Brian Desmond***** > > *br...@briandesmond.com* <br...@briandesmond.com>**** > > * ***** > > *c – 312.731.3132***** > > * ***** > > *From:* Sean Rector [mailto:sean.rec...@vaopera.org] > *Sent:* Wednesday, August 24, 2011 6:14 AM > *To:* NT System Admin Issues > *Subject:* RE: [Microsoft support] Is it me...**** > > **** > > I *know* I'm not following best practice, but my Hyper-V hosts are running > Datacenter Ed. and *are* my DCs.**** > > **** > > Sean Rector, MCSE **** > > Information Technology Manager**** > > Virginia Opera Association**** > > **** > > E-Mail: sean.rec...@vaopera.org**** > > Phone: (757) 213-4548 (direct line)**** > > **** > ------------------------------ > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Tue 8/23/2011 7:29 PM > *To:* NT System Admin Issues > *Subject:* RE: [Microsoft support] Is it me...**** > > If you are down, you call them and tell them you are down and that it is a > “business critical” event. I don’t know what the fee for that is, but you > are supposed to get a callback in 30 minutes 24x7x365.**** > > **** > > Regards,**** > > **** > > Michael B. Smith**** > > Consultant and Exchange MVP**** > > http://TheEssentialExchange.com**** > > **** > > *From:* David Lum [mailto:david....@nwea.org] > *Sent:* Tuesday, August 23, 2011 7:20 PM > *To:* NT System Admin Issues > *Subject:* [Microsoft support] Is it me...**** > > **** > > ..or is there no 24x7 pay per incident number for support on Microsoft > Servers? I keep getting to this page (2008 R2) and choosing “Virtualization” > and “Other” I get support times of 6a-6pm. > > https://support.microsoft.com/oas/default.aspx?st=1&as=1&iid=1059&iguid=d535992c-b4dd-49a7-b4a8-2b14e5649525_1_1&x=10&y=17&c1=508&sd=gn&c=SMC&ln=en-us&prid=13020&gsaid=582847 > **** > > **** > > I had a situation the other night where I thought I was going to have to > call them because I uh…have a Hyper-V host that’s a domain member and it was > requiring connection to a DC to start a guest VM, and the guest VM was the > DC it needed to talk to!**** > > **** > > Invoking some DR steps I got back in business, but still…do you need to > have some kind of support contract to have them available 24x7?**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > **** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin