Running a Windows domain in Skytap
It is common practice to run a Windows domain inside an environment within Skytap. When building a Windows domain in Skytap, consider using a manual network. The difference between an automatic network and a manual network is that automatic networks are managed by Skytap (Skytap provides DHCP, DNS, etc.). With a manual network, Skytap does not attempt to manage anything (other than providing a gateway out). Manual networking will thus allow you to setup one or more networks in your environment that Skytap will NOT attempt to manage. You can then provide DHCP and DNS from your own domain controller.
For more information about creating manual networks, see Creating a manual network. For information about running your own DNS server on a manual network, see Manually configuring domain name servers.
For both automatic and manual networks, the following should be considered:
Best practices for running a Windows domain inside Skytap
- Ensure that each VM has its own unique identifier (or SID). Please see Resolving “duplicate SID” errors in a Windows domain.
- Make sure you correctly configure your environment’s network with domain name, IP address space, and subnet prior to building or importing your domain controller.
- Decide on the correct computer and host name for the domain controller prior to assigning it to the domain controller role.
- Give the domain controller an IP address that is higher than .1 (for example, on a 192.168.0.0 subnet, make your DC a 192.168.0.100)
- When you boot the server that is going to be the domain controller, give it a static IP. Assign it the appropriate FQDN as well as the appropriate gateway. The gateway IP address of the network (in an automatic network) defaults to the last IP address of a subnet. For example, the gateway of 192.168.0.0 for a 255.255.255.0 subnet would default to 192.168.0.254. You can define the IP address off the Skytap gateway from the Network Settings page.
- After you assign the machine to the domain controller role, power it down and make a template of it.
- After booting up the domain controller for the first time, make sure to make its DNS setting 127.0.0.1.
- The Skytap shared drive relies on Skytap DNS. Please see the following article on how to access the shared drive with a custom DNS server in place: Using the shared drive with a custom DNS server.
- Make sure the DNS for the domain controller is configured for dynamic updates.
Domain controllers are sensitive to name and network changes
Adding a domain controller to an environment
Once your domain controller is completely configured and saved as a template, you can add it to other environments. You have to be careful when you do this. For instance:
- Make sure the target environment has a matching or non-conflicting network.
- Make sure there isn’t a machine with a conflicting name.
Do not change the domain controller computer name, or let Skytap Helper change the computer name. Name changes can break a domain controller. This is non-recoverable outside of restoring from a template, or restoring from a backup domain controller. If you are running Skytap Helper, you should disable it; Skytap Helper will try to reboot the machine to sync the machine’s computer name with its hostname. For more information about disabling Skytap Helper, see Managing Windows hostnames with Skytap Helper.
Other domain controller considerations:
- To enable the auto-suspend feature for the domain members but still keep the domain controller running full time, use Inter-Configuration Network Routing (ICNR). For more information, see Networking between environments and Automatically suspend inactive environments.
- Review Avoiding restricted subnets and IP addresses.