Should I still have a physical DC, even post-Server 2012?

Solution 1:

One rationale for retaining one physical DC per domain is if there is a major incident that affects the host or trashes the frame storage for the virtualized DC's, you would have at least one physical DC with local storage to perform recovery and maintain continuity. Microsoft continues to perform this check and make this recommendation during Active Directory RAPs (Risk Assessment and Planning).

"Maintain physical domain controllers in each of your domains. This mitigates the risk of a virtualization platform malfunction that affects all host systems that use that platform."

Solution 2:

I too wouldn't make the Hyper-V host a DC.

As for whether or not you should have a physical DC, my opinion is that with the changes Microsoft has implemented regarding virtualized Domain Controllers in general and DC-less cluster bootstrapping specifically, I don't personally see the need for, nor do I advocate having a physical DC. Maintaining a physical DC seems counterintuitive to the nature of moving your infrastructure to a virtualization platform. Virtualize my entire infrastructure but it all hinges on a single physical DC being available? What's the point in that?

There are ways to limit your "exposure" while still virtualizing your Domain Controllers. One way would be to deploy multiple DC's on different hosts in your cluster and use anti-affinity to keep them separated in the event of a host failure (dependent upon how many hosts are in the cluster).

While Greg's answer includes a link to some MS recommendations, that article is nonetheless two years old and addresses Windows Server 2008 and 2008 R2. I wouldn't consider that article to be the current best practice in relation to Windows Server 2012 and 2012 R2. I can't find an official MS document, but this guy is considered a leading authority on Hyper-V -

Solution 3:

I feel like you're looking for a one line answer, so here it is:

You should have a physical DC if you do not trust your virtual environment's ability to withstand failure.

We could wax on about the peculiarities and exceptions with each scenario, but I think this strikes the root of the question.

Solution 4:

Let's take clusters out the equation and focus on the one line in your question that makes me shudder.

Should I still be considering having a physical DC along-side my single, non-clustered 2012/2012R2 Hyper-V host that has a single virtualised DC on it?

Why, why, why, would you want a single DC? In any given environment we try to avoid having single points of failure for any given infrastructure. DCs are your bread and butter - they provide DNS, the backbone of Active Directory. Seriously, rebuild a Windows 7 Desktop PC on 2008R2 and promote it. There is always a strong case for a physical DC.

Hyper-V with AD DS? No, just no. Firstly, Microsoft doesn't support this. Secondly, as you mentioned, handling backups will become a pain dependent on your disk configuration. Not to mention - the beauty of virtualization is the ability to retire physical hosts as quickly as we can build them (and I appreciate a dcpromo isn't a huge deal (depending on the size of your environment)) and hosting AD DS just complicates matters. You also introduce another Windows Time complexity.

Personally I leave my stand-alone Hyper-V hosts off the domain, but in reality, I have no real argument for either configuration.