Setup-KCD.ps1 powershell script to setup Kerberos Constrained Delegation for Hyper-V


One of the really nice features of Hyper-V is the ability to live-migrate virtual machines from one physical Hyper-V host to another while the VM is running. VMWare calls this feature vMotion. VMware’s vMotion was a bit ahead of Microsoft’s live-Migration until the release of Server 2012 and now 2012 R2. In my opinion Live Migration leaves nothing to be desired and has exceeded many features in vMotion (compared to ESXi 5.5). The script can be downloaded from the Microsoft TechNet Gallery.

Setup-KCD

Live migration has few requirements including:

  1. Active Directory domain: all Hyper-V hosts must be in an AD domain (either same domain or domains with two-way trust relationships)
  2. Kerberos Constrained Delegation

See this Technet article for more details.

KDC can be setup manually in AD Administrative Center. In an environment with a large number of Hyper-V hosts this can get tedious. The following script automates the task of setting KDC between a group of HyperV Servers.

Confirm changes by looking up Host properties in AD Administrative Center:

KCD2Finally test live-migration:

move1

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s