A. Jay Hurt of Intrawest Colorado sent in this question:

"We're about to replace our two domain controllers and we want to run them as VMs. But we're getting a lot of resistance from our corporate IT team. They insist that we run the DCs on physical servers. Is this a good idea? Are there best practices associated with running domain controllers as virtual machines?"

In fact, there are. Plenty of companies today have moved portions of their Active Directory processing to virtual machines (VMs). Because DC processing tends to involve relatively light resource use in small- and medium-sized environments, DCs can be a great candidate for virtualization.

Jay tells me that his two DCs are two in a forest of many others. For environments of this size, I tend to advise people to virtualize, but keep an eye on your performance. Never snapshot a DC (never, never!). And always keep at least one physical DC per site.

Keeping at least one physical DC per site prevents you from getting into the circular problem where your virtual environment relies on your DC while your DC relies on your virtual environment. Should your virtual environment experience a problem, you'll still have that physical DC around to respond to requests.

Monitoring performance is also critical, though today's well-managed virtual hardware tends to give you enough horsepower for the job. While DC processing needs for smaller environments tend to be low, Exchange and other services will increase that load.

Check out the Microsoft article "Things to Consider When You Host Active Directory domain controllers in virtual hosting environments." It has a few more thoughtful suggestions for virtualizing your DCs.

Need answers? Submit your own questions!