Our dit is only 300 meg so having it in memory isn't that big of a deal, but I seem to recall joe and other on the AD list basically recommending that you should have enough RAM to have the entire dit in memory anyway. So, if you've got the full thing cached, why would it matter if that was in host or guest ram? Obviously, if you don't want to load the full dit for some reason, this wouldn't apply.
I guess I'm just viewing AD as a well behaved app and that if it needs the RAM to cache the dit or CPU to handle its load, I want to give it everything it needs and if the VMs are getting starved, then the host is underpowered. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, August 25, 2011 11:21 AM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... AD, like Exchange, will expand to fill the available memory (up to approximately the size of the ntds.dit). Now, also like Exchange, if memory pressure occurs, AD should release this memory over time. However, it takes time (real wall clock time - measured in minutes) for the ESE database engine to respond to memory pressure (in order to validate that it isn't a transient issue) and this can cause VM startups and moves to fail due to a lack of available memory. Processor is a different kind of resource - but if the root partition is consuming all available processor resources, then the VMs will get starved, regardless of how they are configured. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Crawford, Scott [mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]> Sent: Thursday, August 25, 2011 12:08 PM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... Are you saying that AD can over-consume the resources on a box beyond what it truly needs? If so, then that's definitely a counter to my second point. From: Michael B. Smith [mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]> Sent: Thursday, August 25, 2011 11:00 AM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... Because of memory and processor loading. For a VM, you can identify what and how much memory it gets and how many processors are allocated to it and at what priority. For the root partition, you cannot. In the case of AD, it's a critical business function that can, depending on your environment, consume significant amounts of memory and processor resources. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Crawford, Scott [mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]> Sent: Thursday, August 25, 2011 11:40 AM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... Yeah, 48 hours ago, I woulda said the exact same thing. I'm just trying to explore the reasons for that mindset. From: David Lum [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> Sent: Thursday, August 25, 2011 9:11 AM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... I've been of the mindset that the Hyper-V host should do basically nothing else but host, and if they can be server core then even better. I run one full OS Hyper-V host and all other hosts are server core. Interesting discussion here though. I love this list. Dave From: Crawford, Scott [mailto:crawfo...@evangel.edu]<mailto:[mailto:crawfo...@evangel.edu]> Sent: Thursday, August 25, 2011 6:40 AM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... I'm curious why not. The more I think about it, the more it seems like a good idea. 1. It completely negates the issue of virtualizing a DC or having a separate physical DC 2. Second, a potential problem with running services on the host is that it could starve the guests for resources, but if any service NEEDS resources, what better than AD? 3. If you have virtualized DCs, the hosts should be the most protected servers in your environment since a compromise there can easily lead to a compromise of any guest - including a DC. So, if that host is already well protected, since it is in fact as critical as a DC, why not run AD on it? One possible reason against running extra services on the host is he possibility for needing more reboots due to patching, but it should be a fairly insignificant difference, especially if running Server Core. From: Sean Rector [mailto:sean.rec...@vaopera.org]<mailto:[mailto:sean.rec...@vaopera.org]> Sent: Thursday, August 25, 2011 8:27 AM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... I thought it was a no-no. Sean Rector, MCSE From: Brian Desmond [mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]> Sent: Wednesday, August 24, 2011 6:11 PM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... Right - I'm missing what's not best practice about it. Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Sean Rector [mailto:sean.rec...@vaopera.org]<mailto:[mailto:sean.rec...@vaopera.org]> Sent: Wednesday, August 24, 2011 1:33 PM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... In my environment - nothing. It's working like a champ. Sean Rector, MCSE From: Brian Desmond [mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]> Sent: Wednesday, August 24, 2011 1:29 PM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... What's wrong with that? Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> c - 312.731.3132 From: Sean Rector [mailto:sean.rec...@vaopera.org]<mailto:[mailto:sean.rec...@vaopera.org]> Sent: Wednesday, August 24, 2011 6:14 AM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... I know I'm not following best practice, but my Hyper-V hosts are running Datacenter Ed. and are my DCs. Sean Rector, MCSE Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org> Phone: (757) 213-4548 (direct line) ________________________________ From: Michael B. Smith [mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]> Sent: Tue 8/23/2011 7:29 PM To: NT System Admin Issues Subject: RE: [Microsoft support] Is it me... If you are down, you call them and tell them you are down and that it is a "business critical" event. I don't know what the fee for that is, but you are supposed to get a callback in 30 minutes 24x7x365. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david....@nwea.org]<mailto:[mailto:david....@nwea.org]> Sent: Tuesday, August 23, 2011 7:20 PM To: NT System Admin Issues Subject: [Microsoft support] Is it me... ..or is there no 24x7 pay per incident number for support on Microsoft Servers? I keep getting to this page (2008 R2) and choosing "Virtualization" and "Other" I get support times of 6a-6pm. https://support.microsoft.com/oas/default.aspx?st=1&as=1&iid=1059&iguid=d535992c-b4dd-49a7-b4a8-2b14e5649525_1_1&x=10&y=17&c1=508&sd=gn&c=SMC&ln=en-us&prid=13020&gsaid=582847 I had a situation the other night where I thought I was going to have to call them because I uh...have a Hyper-V host that's a domain member and it was requiring connection to a DC to start a guest VM, and the guest VM was the DC it needed to talk to! Invoking some DR steps I got back in business, but still...do you need to have some kind of support contract to have them available 24x7? David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin Information Technology Manager Virginia Opera Association E-Mail: sean.rec...@vaopera.org<mailto:sean.rec...@vaopera.org> Phone: (757) 213-4548 (direct line) {+} Tickets and Subscriptions On Sale Now! Aida | Hansel And Gretel | Orphée | The Mikado Visit us online at www.VaOpera.org<http://www.vaopera.org/> or call 1-866-OPERA-VA Experience the Beauty, Power & Passion of Virginia Opera. ________________________________ This e-mail and any attached files are confidential and intended solely for the intended recipient(s). Unless otherwise specified, persons unnamed as recipients may not read, distribute, copy or alter this e-mail. Any views or opinions expressed in this e-mail belong to the author and may not necessarily represent those of Virginia Opera. Although precautions have been taken to ensure no viruses are present, Virginia Opera cannot accept responsibility for any loss or damage that may arise from the use of this e-mail or attachments. {*} ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin