Please DON’T !
I see so many questions around that, which means that some folks still do not understand:
Simple as that DO NOT ADD OTHER ROLES IF ADDING HYPER-V ROLE.
When the Hyper-V role is installed, the host OS becomes the Parent Partition, and the Hypervisor partition is placed between the parent partition and the hardware.
When you have the Hyper-V role installed keep it as a dedicated Hyper-V host server. Other roles and features not directly related to supporting the Hyper-V role are not supported on the parent partition and that includes DOMAIN CONTROLLER.
The only Roles and Features supported to be installed on the physical host (hyper-V) are:
- File and Storage Services (installed and part of Hyper-V support)
- Failover Cluster Manager (if host will become part of a cluster)
- Multipath I/O (if host will be connecting to an iSCSI SAN, Spaces and/or Fibre Channel)
- Remote Desktop Services (if VDI will be used on the host)
Plus:
Also, when possible, choose the Server Core installation to reduce OS overhead, reduce potential attack surface, and to minimize reboots (due to fewer software updates).
Ensure hosts are up-to-date with recommended Microsoft updates, to ensure critical patches and updates – addressing security concerns or fixes to the core OS – are applied.
Host should be domain joined, unless security standards dictate otherwise. Doing so makes it possible to centralize the management of policies for identity, security, and auditing. Additionally, hosts must be domain joined before you can create a Hyper-V High-Availability Cluster.
Anti-virus software should exclude Hyper-V specific files using the Hyper-V: Antivirus Exclusions for Hyper-V Hosts article
