We are in the beginning stages of converting from VMware to Hyper-v. Reading the Best practices I need to join my data LIF's to AD. At issue is the current Storage vlan is an isolated network with no routing because and only hosts NFS and iSCSI traffic. We are planning to use SMB for Hyper-v. I have configured AD pass-through in this cluster and it is working to my nodes. There is no AD, DNS or layer 3 on the storage vlan (VMware and NFS does not have this requirement) Is there a way to create a pass-through for AD to my SVM or do I need to put a Domain Controller on this network? cDOT 8.3.1
No, pass-through works only for administrative access to cluster. Just add another LIFs to SVM that are able to contact domain controller. You can also restrict data protocols through these LIFs if this is security concern.
Thank you for the reply, it confirms what I have come to understand about the pass-through, but been unable to find in print. I like the thought of adding another LIF to join AD; which I do for other SVM's, however cDOT Hyper-v documentation specifically stats that the DATA LIFs be set up as the CIFS server and the name has to be different than the SVM name. My understanding is that AD can only have one SID per system/machine. Since this is two data ports from the same SVM if I join the AD domain using the management LIF I cannot join the DOMAIN a second time from the DATA LIF correct? At this point we are looking into this: multi-homing one of the secondary DNS/domain controllers.
Sorry for the long delay and I appreciate the quick response, I was busy configuring. I think I am all set. I did use the management port to join CIFS. When I read the doc and the Microsoft consultant read doc and the VMware admin read the doc we all thought that the DATA LIF had to be be joined to AD. I used the managment LIF to join AD. I do not know if it is a issue , using the management LIF, but that is what I did.