|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
09-22-2009
| #1 (permalink) |
| | Host as member of AD? Is it supported to have the host joined to a domain when the AD is on a child vm? Originally, I had no plans to join the host to the domain but we are looking at Microsoft's Data Protection Manager, which requires the server to be a member of a domain. Our environment is a single physical server running Windows 2008 with Hyper-V with a 2008 DC as a child. thanks, |
My System Specs |
|
09-22-2009
| #2 (permalink) |
| | Re: Host as member of AD? If you do join the host to the domain, disable Time Sync for all VM domain members. ---GNH "CourtK" <noreply@newsgroup> wrote in message news:34BCB965-5EA2-4934-85A9-A96748E35264@newsgroup Quote: > Is it supported to have the host joined to a domain when the AD is on a > child vm? Originally, I had no plans to join the host to the domain but > we are looking at Microsoft's Data Protection Manager, which requires the > server to be a member of a domain. Our environment is a single physical > server running Windows 2008 with Hyper-V with a 2008 DC as a child. > > thanks, |
| My System Specs |
|
09-22-2009
| #3 (permalink) |
| | Re: Host as member of AD? On Tue, 22 Sep 2009 13:08:02 -0700, "CourtK" <noreply@newsgroup> wrote: Quote: >Is it supported to have the host joined to a domain when the AD is on a >child vm? Originally, I had no plans to join the host to the domain but we >are looking at Microsoft's Data Protection Manager, which requires the >server to be a member of a domain. Our environment is a single physical >server running Windows 2008 with Hyper-V with a 2008 DC as a child. > >thanks, unless you have another physical AD controller. You can run into troubles with your host being on the AD when there is no way to validate the AD login. -- Cheers, Steve Jain, Virtual Machine MVP http://vpc.essjae.com/ |
| My System Specs |
|
09-23-2009
| #4 (permalink) |
| | Re: Host as member of AD? Thanks for the response. Does Microsoft have documentation saying this? My boss would rather see this in writing. I can't find documentation supporting or refuting this anywhere and I see other posts on technet forums that suggest otherwise. -courtk "Steve Jain [MVP]" <noreply.-@-.essjae.com> wrote in message news:e8jib5t9uf58uo5k3v38a40ms6o9b8455q@newsgroup Quote: > On Tue, 22 Sep 2009 13:08:02 -0700, "CourtK" <noreply@newsgroup> > wrote: > Quote: >>Is it supported to have the host joined to a domain when the AD is on a >>child vm? Originally, I had no plans to join the host to the domain but >>we >>are looking at Microsoft's Data Protection Manager, which requires the >>server to be a member of a domain. Our environment is a single physical >>server running Windows 2008 with Hyper-V with a 2008 DC as a child. >> >>thanks, > No, it's not supported and is actually recommended not to do this > unless you have another physical AD controller. > > You can run into troubles with your host being on the AD when there is > no way to validate the AD login. > > -- > Cheers, > Steve Jain, Virtual Machine MVP > http://vpc.essjae.com/ |
| My System Specs |
|
09-24-2009
| #5 (permalink) |
| | Re: Host as member of AD? On Wed, 23 Sep 2009 09:47:43 -0700, "CourtK" <noreply@newsgroup> wrote: Quote: >"Steve Jain [MVP]" <noreply.-@-.essjae.com> wrote in message >news:e8jib5t9uf58uo5k3v38a40ms6o9b8455q@newsgroup Quote: >> On Tue, 22 Sep 2009 13:08:02 -0700, "CourtK" <noreply@newsgroup> >> wrote: >> Quote: >>>Is it supported to have the host joined to a domain when the AD is on a >>>child vm? Originally, I had no plans to join the host to the domain but >>>we >>>are looking at Microsoft's Data Protection Manager, which requires the >>>server to be a member of a domain. Our environment is a single physical >>>server running Windows 2008 with Hyper-V with a 2008 DC as a child. >>> >>>thanks, >> No, it's not supported and is actually recommended not to do this >> unless you have another physical AD controller. >> >> You can run into troubles with your host being on the AD when there is >> no way to validate the AD login. >> Quote: >Thanks for the response. Does Microsoft have documentation saying this? My >boss would rather see this in writing. I can't find documentation >supporting or refuting this anywhere and I see other posts on technet forums >that suggest otherwise. > >-courtk > 1) You start a server (your virtualization host) that belongs to an AD domain managed by a PDC, which is your guest 2) The server needs to authenticate with AD 3) The AD parent server (the guest) is not running 4) Authentication fails (of course) So now the server runs without authentication (at best). 5) Now you want to log on to manage the server (to start the guest) 6) So you are asked for your credentials 7) These are now checked against AD, but PDC is not running so it fails 8) You are refused login because you cannot be verified ==> Deadlock! Not so hard to get, right? -- Bo Berglund (Sweden) |
| My System Specs |
|
09-24-2009
| #6 (permalink) |
| | Re: Host as member of AD? How about this one. http://technet.microsoft.com/en-us/l...99(WS.10).aspx "Bo Berglund" <boberglund@newsgroup> wrote in message news:9kslb5tslr6hmpkppqf6694499uqb39u45@newsgroup Quote: > On Wed, 23 Sep 2009 09:47:43 -0700, "CourtK" <noreply@newsgroup> > wrote: Quote: >>"Steve Jain [MVP]" <noreply.-@-.essjae.com> wrote in message >>news:e8jib5t9uf58uo5k3v38a40ms6o9b8455q@newsgroup Quote: >>> On Tue, 22 Sep 2009 13:08:02 -0700, "CourtK" <noreply@newsgroup> >>> wrote: >>> >>>>Is it supported to have the host joined to a domain when the AD is on a >>>>child vm? Originally, I had no plans to join the host to the domain but >>>>we >>>>are looking at Microsoft's Data Protection Manager, which requires the >>>>server to be a member of a domain. Our environment is a single physical >>>>server running Windows 2008 with Hyper-V with a 2008 DC as a child. >>>> >>>>thanks, >>> >>> No, it's not supported and is actually recommended not to do this >>> unless you have another physical AD controller. >>> >>> You can run into troubles with your host being on the AD when there is >>> no way to validate the AD login. >>> Quote: >>Thanks for the response. Does Microsoft have documentation saying this? >>My >>boss would rather see this in writing. I can't find documentation >>supporting or refuting this anywhere and I see other posts on technet >>forums >>that suggest otherwise. >> >>-courtk >> > 1) You start a server (your virtualization host) that belongs to an AD > domain managed by a PDC, which is your guest > 2) The server needs to authenticate with AD > 3) The AD parent server (the guest) is not running > 4) Authentication fails (of course) > > So now the server runs without authentication (at best). > > 5) Now you want to log on to manage the server (to start the guest) > 6) So you are asked for your credentials > 7) These are now checked against AD, but PDC is not running so it > fails > 8) You are refused login because you cannot be verified > > ==> Deadlock! > > Not so hard to get, right? > > -- > > Bo Berglund (Sweden) |
| My System Specs |
|
09-24-2009
| #7 (permalink) |
| | Re: Host as member of AD? 9) Cached credentials 10) Log on locally 11) Setup VM's to start automatically I know there are ways to get this to work but I just needed the MS docs to say whether it was supported or not. -courtk "Bo Berglund" <boberglund@newsgroup> wrote in message news:9kslb5tslr6hmpkppqf6694499uqb39u45@newsgroup Quote: > On Wed, 23 Sep 2009 09:47:43 -0700, "CourtK" <noreply@newsgroup> > wrote: Quote: >>"Steve Jain [MVP]" <noreply.-@-.essjae.com> wrote in message >>news:e8jib5t9uf58uo5k3v38a40ms6o9b8455q@newsgroup Quote: >>> On Tue, 22 Sep 2009 13:08:02 -0700, "CourtK" <noreply@newsgroup> >>> wrote: >>> >>>>Is it supported to have the host joined to a domain when the AD is on a >>>>child vm? Originally, I had no plans to join the host to the domain but >>>>we >>>>are looking at Microsoft's Data Protection Manager, which requires the >>>>server to be a member of a domain. Our environment is a single physical >>>>server running Windows 2008 with Hyper-V with a 2008 DC as a child. >>>> >>>>thanks, >>> >>> No, it's not supported and is actually recommended not to do this >>> unless you have another physical AD controller. >>> >>> You can run into troubles with your host being on the AD when there is >>> no way to validate the AD login. >>> Quote: >>Thanks for the response. Does Microsoft have documentation saying this? >>My >>boss would rather see this in writing. I can't find documentation >>supporting or refuting this anywhere and I see other posts on technet >>forums >>that suggest otherwise. >> >>-courtk >> > 1) You start a server (your virtualization host) that belongs to an AD > domain managed by a PDC, which is your guest > 2) The server needs to authenticate with AD > 3) The AD parent server (the guest) is not running > 4) Authentication fails (of course) > > So now the server runs without authentication (at best). > > 5) Now you want to log on to manage the server (to start the guest) > 6) So you are asked for your credentials > 7) These are now checked against AD, but PDC is not running so it > fails > 8) You are refused login because you cannot be verified > > ==> Deadlock! > > Not so hard to get, right? > > -- > > Bo Berglund (Sweden) |
| My System Specs |
|
09-25-2009
| #8 (permalink) |
| | Re: Host as member of AD? Yes, there are workarounds but they are not supported. If something goes wrong, you are on your own. Spell that out to your boss. "CourtK" <noreply@newsgroup> wrote in message news:8BDBEF9E-4254-48AF-ABC1-F955E71CEE17@newsgroup Quote: > 9) Cached credentials > 10) Log on locally > 11) Setup VM's to start automatically > > I know there are ways to get this to work but I just needed the MS docs to > say whether it was supported or not. > > -courtk > > "Bo Berglund" <boberglund@newsgroup> wrote in message > news:9kslb5tslr6hmpkppqf6694499uqb39u45@newsgroup Quote: >> On Wed, 23 Sep 2009 09:47:43 -0700, "CourtK" <noreply@newsgroup> >> wrote: Quote: >>>"Steve Jain [MVP]" <noreply.-@-.essjae.com> wrote in message >>>news:e8jib5t9uf58uo5k3v38a40ms6o9b8455q@newsgroup >>>> On Tue, 22 Sep 2009 13:08:02 -0700, "CourtK" <noreply@newsgroup> >>>> wrote: >>>> >>>>>Is it supported to have the host joined to a domain when the AD is on a >>>>>child vm? Originally, I had no plans to join the host to the domain >>>>>but >>>>>we >>>>>are looking at Microsoft's Data Protection Manager, which requires the >>>>>server to be a member of a domain. Our environment is a single >>>>>physical >>>>>server running Windows 2008 with Hyper-V with a 2008 DC as a child. >>>>> >>>>>thanks, >>>> >>>> No, it's not supported and is actually recommended not to do this >>>> unless you have another physical AD controller. >>>> >>>> You can run into troubles with your host being on the AD when there is >>>> no way to validate the AD login. >>>> Quote: >>>Thanks for the response. Does Microsoft have documentation saying this? >>>My >>>boss would rather see this in writing. I can't find documentation >>>supporting or refuting this anywhere and I see other posts on technet >>>forums >>>that suggest otherwise. >>> >>>-courtk >>> >> 1) You start a server (your virtualization host) that belongs to an AD >> domain managed by a PDC, which is your guest >> 2) The server needs to authenticate with AD >> 3) The AD parent server (the guest) is not running >> 4) Authentication fails (of course) >> >> So now the server runs without authentication (at best). >> >> 5) Now you want to log on to manage the server (to start the guest) >> 6) So you are asked for your credentials >> 7) These are now checked against AD, but PDC is not running so it >> fails >> 8) You are refused login because you cannot be verified >> >> ==> Deadlock! >> >> Not so hard to get, right? >> >> -- >> >> Bo Berglund (Sweden) |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Re: Hiding the Host OS when startng MS VPC with host | Virtual PC | |||
| Add-Member not Adding a member | PowerShell | |||
| New member | General Discussion | |||
| VirtualPC VM created in XP host hangs in Vista host | Virtual PC | |||
| Read-Host issue, won't store to variable when using multiple read-host lines | PowerShell | |||
