Can a cluster node act as the domain controller for the cluster?

Discussion in 'Clustering' started by Peter Steele, Aug 20, 2004.

  1. Peter Steele

    Peter Steele Guest

    We want to set up a N-node cluster and we need to have a domain controller
    for this cluster. One option is to use the corporate domain controller but
    we would prefer to keep the cluster on a private domain. This means we
    either have to set up a separate domain controller (actually a pair of them
    for redundancy) and use this for the cluster. We have wondered though if we
    can use two of the nodes in the cluster itself as domain controllers for the
    cluster? Is this a reasonable practice or should we set up separate domain
    controllers?
     
    Peter Steele, Aug 20, 2004
    #1
    1. Advertisements

  2. Rodney R. Fournier [MVP], Aug 20, 2004
    #2
    1. Advertisements

  3. Needing a separate domain for the cluster is an odd requirement. What
    justifies that?
     
    Rich Raffenetti, Aug 20, 2004
    #3
  4. Peter Steele

    Peter Steele Guest

    Well, the main reason is that the product we're developing will be inserted
    into a company's network and we cannot make the assumption that they will
    let us join their corporate domain. Plus, our product will theoretically
    work in Unix only networks and in that case there will be no domain to join.
    So we have to plan for supporting our own domain controller, at least in
    some scenarios.

    Peter
     
    Peter Steele, Aug 20, 2004
    #4
  5. Well I run a corporate Active Directory and I think it would be very unusual
    to run a product on a separate domain in my forest. You probably mean a
    separate forest. There's a huge overhead to maintaining another forest or
    even domain! The product should be very very valuable to take on that
    overhead! Have you talked to customers about that? Is that what they want?
    We have implemented many products in our domain and have benefitted from
    that integration of authentication, etc. Of course you are not telling us
    what the product is - I'm sure that is confidential.

    In the Unix environment you have no choice.

    Yes, require two domain controllers for redundancy.
     
    Rich Raffenetti, Aug 21, 2004
    #5
  6. Peter Steele

    Peter Steele Guest

    Well, we wouldn't be running Exchange in our case, just a very minimal AD
    and DNS. I've been using this exact setup in a test cluster of three nodes,
    where one of them is a domain controller for the cluster as well as a member
    of the cluster. It seems to be working fine in this limited test
    environment. Not sure if this is how we'd want to go for a real deployment.
     
    Peter Steele, Aug 23, 2004
    #6
  7. It really isn't a matter of whether it works as much as whether it is in a
    supported configuration. There are many things that I can make work, but
    Microsoft won't support.
     
    Russ Kaufmann [MCT], Aug 23, 2004
    #7
  8. Rodney R. Fournier [MVP], Aug 23, 2004
    #8
  9. Peter Steele

    Peter Steele Guest

    I agree that this is an important consideration, but my impression from this
    article

    http://support.microsoft.com/default.aspx?scid=kb;en-us;281662

    is that Microsoft *does* support this configuration. Are you saying that in
    fact Microsoft does not? Remember that in our case we would be making
    minimal use of the domain controllers. They would only be used to service
    the cluster and nothing more, and they would not be running Exchange or
    anything like that.
     
    Peter Steele, Aug 24, 2004
    #9
  10. This article is for clusters in general. The article that Rod pointed out is
    for Exchange clusters specifically. The later article supercedes the former.
    The specific article supercedes the general.
     
    Russ Kaufmann [MCT], Aug 24, 2004
    #10
  11. Peter Steele

    Peter Steele Guest

    I agree that this is an important consideration, but my impression from
    Actually, the article I included in my posting is the same link the Rod
    referred to in his posting. Is there another article? There is a couple of
    references to Exchange in this article but it certainly isn't specially
    about Exchange.

    In any event though, I take it that Microsoft does not officially support
    the use of cluster nodes as domain controllers for the cluster?

    Peter
     
    Peter Steele, Aug 24, 2004
    #11
  12. Rodney R. Fournier [MVP], Aug 24, 2004
    #12
  13. File/Print/WINS/DFS/Cluster - supported, but not a good idea

    I guess you were referring at File/Print/WINS/DFS/Cluster/DC

    ^^^
     
    Ramon Jiménez, Aug 24, 2004
    #13
  14. Peter Steele

    Peter Steele Guest

    File/Print/WINS/DFS/Cluster - supported, but not a good idea.

    Just how bad an idea is this? There is a compelling reason for us to do this
    since we may have to deploy our product in a UNIX-only environment where
    there will be no DC. For marketing reasons we would prefer to put the DC on
    the cluster nodes themselves. For example, if we were to ship a two node
    cluster, we would in fact have to ship *four* PCs, two for the cluster and
    two for the DCs. We'd rather ship just two PCs obviously.
     
    Peter Steele, Aug 25, 2004
    #14
  15. Rodney R. Fournier [MVP], Aug 25, 2004
    #15
  16. In general, it's a really bad idea, mostly because of the Microsoft
    recommendations. But also because MOST don't need to do it. With 2 DC's you
    have availability. With AD Integrated DNS, you have availability to DNS.
    These are probably the reasons to cluster in the first place, to gain
    availability.

    In your case, I would indeed Cluster my DC's to reduce cost and complexity,
    and for no other reasons.

    Cheers,

    Rod

    MVP - Windows Server - Clustering
    http://www.nw-america.com - Clustering
     
    Rodney R. Fournier [MVP], Aug 25, 2004
    #16
  17. I agree. However, he needs to keep in mind that he might have support
    concerns.
     
    Russ Kaufmann [MCT], Aug 25, 2004
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.