Yes, Foggy is correct.
Another method would be to build a running new DC on that cluster which would mean you have an additional DC that can do authentication and so on. Especially if you only have one DC that certainly should be an option to think about. Then you still have the possibility to backup and/or replicate one or more DC's. That would give you a nice layered defense.
If one DC goes down, there is still another one running that can do authentication/ GPO/ DNS (if that is on the same machine) and maybe even DHCP.
In worst case scenario, you can still recover from the replica or the backup
My 2 cents