Setup-KCD.ps1 powershell script to setup Kerberos Constrained Delegation for Hyper-V

One of the really nice features of Hyper-V is the ability to live-migrate virtual machines from one physical Hyper-V host to another while the VM is running. VMWare calls this feature vMotion. VMware’s vMotion was a bit ahead of Microsoft’s live-Migration until the release of Server 2012 and now 2012 R2. In my opinion Live Migration leaves nothing to be desired and has exceeded many features in vMotion (compared to ESXi 5.5). The script can be downloaded from the Microsoft TechNet Gallery.

Live migration has few requirements including:

1. Active Directory domain: all Hyper-V hosts must be in an AD domain (either same domain or domains with two-way trust relationships)
2. Kerberos Constrained Delegation

See this Technet article for more details.

KDC can be setup manually in AD Administrative Center. In an environment with a large number of Hyper-V hosts this can get tedious. The following script automates the task of setting KDC between a group of HyperV Servers.

Confirm changes by looking up Host properties in AD Administrative Center:

Finally test live-migration:

June 4, 2014 | Categories: Hyper-V, Powershell | Tags: Constrained Delegation, Hyper-V, Kerberos Constrained Delegation, Live Migration, Powershell, Server 2012 R2 | Leave a comment