Hyper-V Host - Member of the domain or not
-
Joining the domain will make everything easier, faster, and smoother. There's not really many reasons not to in typical SMB environments.
-
Right, always join to the domain if you have one in the environment already. There is no downside.
If one does not exist, do not make one just for it.
-
Let me add another question to this. Do you setup a local admin on the host, just in case AD is inaccessible for any reason?
-
@nerdydad said in Hyper-V Host - Member of the domain or not:
Let me add another question to this. Do you setup a local admin on the host, just in case AD is inaccessible for any reason?
Let me answer you by asking this. How do you not have a local admin?
-
I enable the local admin and set a secure password for everything here as sometimes machines quit responding to the Windows domain controller and I have to have a way to reset things.
-
Since I have all my systems in AD, I just join them to the domain.
-
@jmoore said in Hyper-V Host - Member of the domain or not:
I enable the local admin and set a secure password for everything here as sometimes machines quit responding to the Windows domain controller and I have to have a way to reset things.
By stating that you enable local admin, I want to know how it was disabled in the first place.
-
@jaredbusch said in Hyper-V Host - Member of the domain or not:
@jmoore said in Hyper-V Host - Member of the domain or not:
I enable the local admin and set a secure password for everything here as sometimes machines quit responding to the Windows domain controller and I have to have a way to reset things.
By stating that you enable local admin, I want to know how it was disabled in the first place.
I don't know what the issue is here.
When you install Hyper-V Server, you can't log in any way other than local admin. Maybe after you join it to the domain you can disable the local admin account, which is weird to do...
-
@tim_g said in Hyper-V Host - Member of the domain or not:
@jaredbusch said in Hyper-V Host - Member of the domain or not:
@jmoore said in Hyper-V Host - Member of the domain or not:
I enable the local admin and set a secure password for everything here as sometimes machines quit responding to the Windows domain controller and I have to have a way to reset things.
By stating that you enable local admin, I want to know how it was disabled in the first place.
I don't know what the issue is here.
When you install Hyper-V Server, you can't log in any way other than local admin. Maybe after you join it to the domain you can disable the local admin account, which is weird to do...
That is entirely my point.
-
What if you don't have Hyper-V and you don't have a domain but you are getting ready to move to Hyper-V and create a domain? I do have a Linux box with KVM on it that I could put the first domain controller on temporarily and then move it to Hyper-V later, or would it be better to just configure the domain controller on one of the hyper-v hosts first then join the hosts to the domain?
-
@penguinwrangler said in Hyper-V Host - Member of the domain or not:
What if you don't have Hyper-V and you don't have a domain but you are getting ready to move to Hyper-V and create a domain? I do have a Linux box with KVM on it that I could put the first domain controller on temporarily and then move it to Hyper-V later, or would it be better to just configure the domain controller on one of the hyper-v hosts first then join the hosts to the domain?
I would first setup the host, then the DC VM. Once the DC is setup within the VM, then I would join the host to the domain.
-
@jaredbusch said in Hyper-V Host - Member of the domain or not:
@tim_g said in Hyper-V Host - Member of the domain or not:
@jaredbusch said in Hyper-V Host - Member of the domain or not:
@jmoore said in Hyper-V Host - Member of the domain or not:
I enable the local admin and set a secure password for everything here as sometimes machines quit responding to the Windows domain controller and I have to have a way to reset things.
By stating that you enable local admin, I want to know how it was disabled in the first place.
I don't know what the issue is here.
When you install Hyper-V Server, you can't log in any way other than local admin. Maybe after you join it to the domain you can disable the local admin account, which is weird to do...
That is entirely my point.
This was supposed to be more of a "Best Practices" question. I really don't have a problem situation in front of me, but wanted to better understand best practices when setting up a Hyper-V host.
I have setup a number of Windows 10 client devices and noticed that the local admin is disabled. I assumed (though never experienced) that the situation would be the same for a Hyper-V host.
-
@nerdydad said in Hyper-V Host - Member of the domain or not:
@jaredbusch said in Hyper-V Host - Member of the domain or not:
@tim_g said in Hyper-V Host - Member of the domain or not:
@jaredbusch said in Hyper-V Host - Member of the domain or not:
@jmoore said in Hyper-V Host - Member of the domain or not:
I enable the local admin and set a secure password for everything here as sometimes machines quit responding to the Windows domain controller and I have to have a way to reset things.
By stating that you enable local admin, I want to know how it was disabled in the first place.
I don't know what the issue is here.
When you install Hyper-V Server, you can't log in any way other than local admin. Maybe after you join it to the domain you can disable the local admin account, which is weird to do...
That is entirely my point.
This was supposed to be more of a "Best Practices" question. I really don't have a problem situation in front of me, but wanted to better understand best practices when setting up a Hyper-V host.
I have setup a number of Windows 10 client devices and noticed that the local admin is disabled. I assumed (though never experienced) that the situation would be the same for a Hyper-V host.
Local Administrator account in Windows Servers and Hyper-V is enabled by default. Windows desktops has the local administrator account disabled by default.
