Manualshelf

Reference Guide

ManualsBrandsDell ManualsAX NodesEMC XC Series XC640 Appliance
3456789101112
Active Directory and DNS best practices
12 Dell EMC XC Series Appliances and XC Core Systems Best Practices for Running Windows Server 2016 with
Hyper-V | A01
4 Active Directory and DNS best practices
4.1 Active Directory, Organizational Units (OUs), and Group Policy
Objects (GPOs)
To minimize misapplication of GPOs and other policies to the XC Series hosts configured to run Hyper-V, Dell
EMC recommends placing the XC Series hosts in to their own OU and linking only specific GPOs to that OU.
By default, when adding to Active Directory, the Nutanix cluster nodes are added to the computer’s
Computers OU. Any GPOs assigned to the Computers OU will be applied to the nodes. The nodes should be
moved to their own OU and group policy reapplied. Leaving them in the Computers OU potentially exposes
the nodes to enforcement of policies and security settings that are not ideal for a production Hyper-V node,
yet perfectly suitable for a desktops running Windows.
When adding a node to a cluster, the same behavior is also observed. It is important to move any added node
into the same OU that contains the other cluster nodes.
4.2 Disjointed domain and DNS namespace
A disjointed namespace occurs when one or more domain member computers have a primary Domain Name
Service (DNS) suffix that does not match the DNS name of the Active Directory domain of which the
computers are members.
An example of disjointed namespace is a member computer with a primary DNS suffix of
corp.company.com in an Active Directory domain named xyz.corp.company.com.
While not a strictly prohibited configuration, environments configured with a disjointed namespace introduce
additional challenges and considerations for both Nutanix clusters running on Hyper-V and other tools reliant
upon DNS. Whenever possible, Dell EMC recommends having a single Active Directory Domain and DNS
namespace.
A disjointed namespace causes an error to be reported in Nutanix Cluster Check (NCC) stating the AOS
cluster computer object is not configured correctly in Active Directory.
In addition to Nutanix issues, other tools, like System Center will require additional configuration steps
.