Install Domain Controller, Active Directory, RemoteApps on Single Server?

Have a server that I want to experiment with RemoteApps. Documentation I have read state you need to have a Domain Controller setup with AD on one server, and have a second server to install all the RemoteApps requirements. Is this true or can
this all be done on one server.
If I need a separate server for the Domain Controller and Active Directory, can I assume that a low end server would be sufficient? Or would using Hyper-V with a single hardware server and create two virtual machines: one as the DC/AD, and the other
to run Remote Apps be a possible solution. Any advice?

it really depends to be honest. I'd probably go something like this though:
One Small physical server to act as a domain controller - you could put DHCP on this too
One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined.
Then for your VM's create the following:
1 x additional domain controller
For remote desktop services:
1 x Remote Desktop Session Host
1 x Connection Broker
1 x Gateway and web server
For additional services
1 or 2 x Exchange
1 x sharepoint
1 x IIS
but it really depends what you want to achieve.
The benefit from Virtual machines is that you can keep separate virtual servers for separate applications.
If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance.
Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn:

Similar Messages

Provision Search in SharePoint Foundation 2013 without Domain Controller / Active Directory - Domain accounts

Hi,
I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller
When I run Farm configuration wizard to provision search service application, I get an error:
ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
The log file logged the details of this error as:
ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
that cannot be translated."
After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
I got some pointer from the below thread
https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
However, the above thread doesn't state that the solution worked.
I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
Thanks in advance.
Himanshu

Microsoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

NTLM Authentication with a domain controller/active directory

Hi,
I have a requirement to do an NTLM authentication with the MS active directory.
I am aware that JNDI doesn't support this protocol to communicate with the AD.
I have looked into couple of online solutions available but that doesn't seem to meet my requirement. Most of the solutions like (Apache commons NTLMScheme/NTCredentials and java.net.Authenticator etc...) are used for only NTLM proxy authentication (where both username, password is sent to the proxy server which does the actual NTLM authentication with the Active Directory.)
What I need is a solution in Java where I can directly contact Active directory for negotiation of challenge/response mechanism.
Can any of you guys suggest any alternative to achieve this ?

it really depends to be honest. I'd probably go something like this though:
One Small physical server to act as a domain controller - you could put DHCP on this too
One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined.
Then for your VM's create the following:
1 x additional domain controller
For remote desktop services:
1 x Remote Desktop Session Host
1 x Connection Broker
1 x Gateway and web server
For additional services
1 or 2 x Exchange
1 x sharepoint
1 x IIS
but it really depends what you want to achieve.
The benefit from Virtual machines is that you can keep separate virtual servers for separate applications.
If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance.
Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn:

Cannot install Windows Azure Active Directory Sync tool on Server 2012 w/ SQL Server 2012

I went to change a user password on the server today and after changing the password I logged into the SQL server to run “Import-module dirsync” & “Start-onlinecoexistencesync” in powershell in order to sync the new password with Exchange Online. After
waiting ten minutes I tried setting up the email on the user’s PC but the new password was not being accepted. I logged into Office 365 and I got the following warning.
"Warning: Last synced more than 3 days ago | Troubleshoot"
So I pressed troubleshoot and the site installed a tool on the server to try and find out what the issue was. After the tool ran it told me that the version of dirsync.exe was out of date and that I should download the new one and install it. So I downloaded
the new dirsync.exe (version 7020 I believe) and tried installing it. I kept getting error after error, different ones to boot.
First it told me I wasn’t part of the FIMSyncAdmins group (so I added myself), then it told me that it could not connect to MIIS server, so I tried starting it and windows said that there was a problem with the sign on used by the service so I had
to reset the password for the local user named “AAD_bfd1d6f0cef7” which was being used by that service. The service started successfully and when I went to install it told me I could not and if the problem persisted I should uninstall the old version and reinstall.
Looking in the log file, before I even install the software I see the following Information...
Level: Information
Date: 2015-03-24 12:49:17 PM
Source: Directory Synchronization
Event ID: 0
Task Category: None
"The current configuration of the Windows Azure Active Directory Sync tool is invalid. Please reinstall the Windows Azure Active Directory Sync tool."
So I tried to reinstall (i even manually uninstalled the old version and removed the folder in C:\Program Files\ called "Windows Azure Active Directory Sync") and on reinstall I get as far as "Installing Components" and then after a little
while it errors out with the error "The install was unable to setup a required component. Check the event logs for more information. Please try the installation again and if the error persists, contact Technical Support. "
Looking at the log file there are a bunch of new entries, created by the installer. There's over 300 new entries and I can not post them all here due to character count restriction. you can find the log file here...
www.clarkfreightways.com/wp-content/uploads/2015/03/dirsync_log.txt
Can anyone tell me what is going on, I've been looking through the log files and I can see errors but I'm not sure what to do to fix it.

Greetings!
Wanted to know if you've hosted the DirSync tool (latest version) on a VM? Also, if this is deployed in a Production or Lab environment? If it's a lab setup, you may
try installing the DirSync on a new VM / Server (suspecting that it could be some machine related issues).
Here's a Support KB helping with different errors:
http://support.microsoft.com/en-us/kb/2684395
If its a production environment, would suggest to raise a
Technical Support Ticket for assisting further with break-fix.
Thank you,
Arvind

How to configure multiple domains in Active directory

HI,
How can I configure multiple domains on Active Directory. When I installed AD it asked for a domain name, there I gave ravigupta.com as domain name. But now I find no way of creating another domain.
I am a java developer and my task is to write a programme which returns all the domains available in LDAP server.
To start with ,I tried to create few domains in LDAP server ( AD ) but stuck up ,as i found there could exist only one domain.
Please tell me how to configure multiple domains in LDAP server ( Active Directory).
I skiped DNS configuration while AD installation.
-ravi

I'm sorry, but you should be asking on a different forum. This has nothing to do with Java.

Installing Domain Controller certificates remotely - private key remains on local server!

Using a 3rd party CA (Entrust), I have successfully requested and installed Domain Controller certificates via the Certificates MMC snap-in.
I did this from one Domain Controller, and then just used the (right click) "Connect to another computer" option to do the rest. Everything looks absolutely fine, the certificates look ok.... certificate chain is complete, and valid (all
CA certs are installed) and the certificates say "You have the private key that corresponds to this certificate".
If I do a LDAPS bind using LDP.exe, it works fine on the first DC.
Do this on the next and I get the error:
Cannot open connection
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to DCHostname.
After some checking I looked in the folder C:\ProgramData\Microsoft\Crypto\Keys
This contains a lot of files on the DC I was logged onto when installing the certs, and no files on any of the other DCs. I am guessing this is the private key file and it has stored all of them on the local machine I was running MMC from rather than
on the machines I connected to from MMC.
Is there any way to get these keys onto the correct DCs now - or will I have to re-request all of the others. The private key was not exportable.
I figured copying and pasting them was probably not going to work with a private key, but I tried it anyway just to be sure!
It is pretty annoying as no clue was given during the process of requesting and installing the certificates, and there is no error when you look at the certificate - they all think they have the private key associated to them, even though it rather looks
like they don't!
It's a bit painful requesting certificates here, so any help in avoiding this would be appreciated! Thank you

Thank you Elke,
So I copied the key files across from the server where they were all generated to the server I remotely connected to (which had no key files at all). Copied all just to be sure, though I’m
pretty sure which one actually relates to that server as I did them all in order - reflected by the time stamps.
Ensured all the permissions were the same, and that they were marked as ‘system’ files.
Ran the command
certutil -repairstore my [SerialNumber of cert]as
you suggested, but no luck unfortunately.
So firstly, I get the same error message:
Cannot find the certificate and private key for decryption.
CertUtil: -repairstore command FAILED: 0x80090010 (-2146893808)
And then I get:
CertUtil: Access denied.
Not sure why the access denied, I am running elevated with full local and domain administration rights.
Toby

Microsoft Exchange Server 2013 Cumulative Update 7 Setup - Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error - Set-SharedConfigDC

What am I trying to do?
I have tried installing Microsoft Exchange Server 2013 Cumulative Update 7 Setup on a fresh install of Windows Server 2012 R2 but it gets stuck when running the setup exe on Step 8 of 14 “Mailbox Transport Service” I have included full
error logs at the bottom of the page but the basics are in order it will throw which loop around are:
[01/20/2015 17:13:20.0084] [2] Beginning processing Set-SharedConfigDC
[01/20/2015 17:13:20.0178] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers
Found in Forest mydomain.com Site Default-First-Site and connected Sites..
[01/20/2015 17:13:20.0178] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites.
Exchange is currently running in the envirmonet on 2010 Sp3 I am installing 2013 CU7 fresh so I can migrate the databases over.
What am I running?
2 X DC on domain and forest functional level 2008R2 both writable
1 X fresh install of Windows 2012 R2 which is domain joined
What have I tried?
Checked Ipv6 is enabled on all DC NICS and Existing Exchange Servers
Rebooted every server
Run setup as Administrator
My account is part of the domain Enterprise Admin group
Tried adding "Exchange Server" or "Exchange Enterprise Servers" to the group policy and doing the relevant gpupdate /force and reboot :
Computer Configuration Windows Settings
Security Settings + Local Policies
User Rights Assignment Mange auditing and security log
Turned off firewall on DC and Exchange Server even stopped the service
Turned off all AV on the DC and Exchange Server
Checked I could telnet to global catalog servers on port 3268 which I can
Checked the global catalog records existed in DNS which they all do
Done the obvious ping tests all round which confirms connectivity
Schema has been prepared using appropriate commands before running the setup exe
setup.exe /PrepareSchema /IacceptExchangeServerLicenseTerms
Making sure the following path has full permissions:
EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
Restarted Microsoft Exchange Active Directory Topology service
DcDiag all looks good
What have I noticed that is suspicious?
Microsoft Exchange Transport service will not start even though both of its dependences services have started:
Microsoft Filtering Management Service
Microsoft Exchange Active Directory Topology Service
It will eventually error with
“Windows could not start the Microsoft Exchange Transport Service on local computer
Error 1053: This Service did not respond to the start of control request in a timely fashion”
This error is from the GUI wizard itself:
Error:
The following error was generated when "$error.Clear();
$maxWait = New-TimeSpan -Minutes 8
$timeout = Get-Date;
$timeout = $timeout.Add($maxWait);
$currTime = Get-Date;
$successfullySetConfigDC = $false;
while($currTime -le $timeout)
$setSharedCDCErrors = @();
try
Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
$successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
if($successfullySetConfigDC)
break;
Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
catch
Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
Start-Sleep -Seconds 30;
$currTime = Get-Date;
if( -not $successfullySetConfigDC)
Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
" was run: "System.Exception: Unable to set shared config DC.
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
Exchange logs which have been written:
**The error will loop around for 8 minutes on trying to set-sharedconfig DC whatever this is trying to do ??
[01/20/2015 17:13:20.0084] [2] Active Directory session settings for 'Set-SharedConfigDC' are: View Entire Forest: 'True', Configuration Domain Controller:mydomain.com', Preferred Global Catalog: 'mydomain.com', Preferred Domain Controllers:
'{ mydomain.com}'
[01/20/2015 17:13:20.0084] [2] User specified parameters:
-DomainController:mydomain.com' -ErrorVariable:'setSharedCDCErrors' -ErrorAction:'SilentlyContinue'
[01/20/2015 17:13:20.0084] [2] Beginning processing Set-SharedConfigDC
[01/20/2015 17:13:20.0178] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers
Found in Forest mydomain.com Site Default-First-Site and connected Sites..
[01/20/2015 17:13:20.0178] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites.
[01/20/2015 17:13:20.0178] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers
Found in Forest mydomain.com Site Default-First-Site and connected Sites..
[01/20/2015 17:13:20.0178] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites.
[01/20/2015 17:13:20.0178] [2] Ending processing Set-SharedConfigDC
[01/20/2015 17:13:20.0193] [2] Beginning processing Write-ExchangeSetupLog
[01/20/2015 17:13:20.0193] [2] An error ocurred while setting shared config DC. Error: The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details
No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.com Site Default-First-Site and connected Sites..
[01/20/2015 17:13:20.0193] [2] Ending processing Write-ExchangeSetupLog
[01/20/2015 17:13:20.0193] [2] Beginning processing Write-ExchangeSetupLog
[01/20/2015 17:13:20.0193] [2] Waiting 30 seconds before attempting again.
[01/20/2015 17:13:20.0193] [2] Ending processing Write-ExchangeSetupLog
[01/20/2015 17:13:50.0195] [2] Beginning processing Write-ExchangeSetupLog
[01/20/2015 17:13:50.0273] [2] [ERROR] Unable to set shared config DC.
[01/20/2015 17:13:50.0273] [2] [ERROR] Unable to set shared config DC.
[01/20/2015 17:13:50.0288] [2] Ending processing Write-ExchangeSetupLog
[01/20/2015 17:13:50.0288] [1] The following 1 error(s) occurred during task execution:
[01/20/2015 17:13:50.0288] [1] 0. ErrorRecord: Unable to set shared config DC.
[01/20/2015 17:13:50.0288] [1] 0. ErrorRecord: System.Exception: Unable to set shared config DC.
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
   at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
[01/20/2015 17:13:50.0288] [1] [ERROR] The following error was generated when "$error.Clear();
$maxWait = New-TimeSpan -Minutes 8
$timeout = Get-Date;
$timeout = $timeout.Add($maxWait);
$currTime = Get-Date;
$successfullySetConfigDC = $false;
while($currTime -le $timeout)
$setSharedCDCErrors = @();
try
Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
$successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
if($successfullySetConfigDC)
break;
Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
catch
Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
Start-Sleep -Seconds 30;
$currTime = Get-Date;
if( -not $successfullySetConfigDC)
Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
        " was run: "System.Exception: Unable to set shared config DC.
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
   at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
[01/20/2015 17:13:50.0288] [1] [ERROR] Unable to set shared config DC.
[01/20/2015 17:13:50.0288] [1] [ERROR-REFERENCE] Id=AllADRolesCommonServiceControl___ee47ab1c06fb47919398e2e95ed99c6c Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[01/20/2015 17:13:50.0288] [1] Setup is stopping now because of one or more critical errors.
[01/20/2015 17:13:50.0288] [1] Finished executing component tasks.
[01/20/2015 17:13:50.0304] [1] Ending processing Install-BridgeheadRole
Windows Event Viewer:
Process Microsoft.Exchange.Directory.TopologyService.exe (PID=5276) Forest mydomain.com. Exchange Active Directory Provider couldn't find minimal required number of suitable Global Catalog servers
in either the local site 'Default-First-Site' or the following sites:

Hi apl228,
1. Please make sure the IPv6 is enabled.
2. Please make sure the account that install Exchange server has Administrator permission.
3. Please make sure DNS has been configured correctly.
Thanks
Mavis Huang
TechNet Community Support

How to install multiple E-Business Suite in a single server?

Hello,
I read somewhere that we can install multiple E-Business Suite in a single server as long as the storage is enough, is it true? If yes do any of you can give me the steps to install it or refer me to a link? I'd searched here but couldn't find it, hope that I didn't miss something. What I want to do is install Vision database and another one is fresh install for testing, both in a single server. There will be about 20 people accessing that system. What kind of hardware must I use? Thanks.

If you want to run 2 instances concurrently, It would be safe to assume you want 8 GB of RAM plus enough storage to host both instances, backups, archive logs, patches etc. For CPU, most entry level servers can be single, dual or quad socket, or CPU socket. Most CPUs are dual core, meaning there are 2 physical CPU cores in each socket. So if you get a 2 socket dual core server, you see 4 physical CPUs on the operating system. If you get a 4 socket dual core server, you see 8 physical CPUs. If you want to run R12 applications, you will definately need 4 GB of ram per instance (E-Business Suite installation). 11i might get by on 3 GB of ram per instance.

Install 11.1.2.4 on a single server for testing

I am not sure if anyone has installed 11.1.2.4 on a single server. If so can you please assit me. We are trying to consolidate some servers and would like to use a single server for testing of 11.1.2.4. Can this be done? Has anyone done this sucessfully or have any documents on how to do it on a single server.
Any input would help

If you are just looking for a quick environemnt to use for testing, and are not worried about the actual installation process, this might be useful:
Hyperion Error of the Day: EPMVirt: Oracle Hyperion 11.1.2.4 Virtual Environment
Nick

Web-controller Active Directory authentication

We have a 10.5.7 xserve as our Podcast Producer server. The server is tied to Active Directory for authentication. I just recently installed the web controller. When I authenticate with a local server account, I get in just fine. But, when I try to authenticate to the web controller with an AD account it fails.
Now I know that since 10.5.6 in Podcast Capture I have had to select "single sign-on" in the app's preferences. Does anyone know if there is something similar in the web controller?

I figured it out. May not be the perfect solution, but it works until 10.5.8.
In /Library/Preferences/com.apple.pcastserverd.plist
Find the following:
<key>httpauthtype</key>
<array>
<string>basic</string>
<string>digest</string>
<string>kerberos</string>
</array>
Change to:
<key>httpauthtype</key>
<array>
<string>basic</string>
</array>
Restart PCP:
sudo launchctl unload /System/Library/LaunchDaemons/com.apple.pcastserverd.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.pcastserverd.plist
Log into your server with an AD account at https://server.domain:8143

I have DHCPand DNS services in a router and I want to install domain controller

Hello
I have a sonic wall router managing the DHCP and DNS services for a my network and wanna keep it doing this.
I have a computer running windows server 2012 standard and installed active directory along with DNS. I also went to the DNS manager of these server and forwarded the DNS addresses of my router. For some reason I'm not able to join a client computer
into the DC.
I got this error:
An Active directory domain controller (AD DC) for the domain "mydomain.ca" could not be contacted.
Is it possible to configure active directory using the DNS and DHCP services of my router? or Am I doing something wrong?
Can somebody helping me with this matter?
Thanks.

Hello,
if the DNS server on your router is able to provide all required zones, SRV records and options that the DCs require there is no problem using 3rd party DNS servers.
But I would recommend that you u se the DC as DNS server also and just run the installation during the promotion process.
All clients MUST use the domain internal DNS servers on the NIC NONE else otherwise you will run into trouble. Internet access will be done via the FORWARDERS on the DNS server properties in the DNS management console on the Windows Server.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:

Downgrade of Windows 2012 r2 to Windows 2012 Domain Service Active Directory

I have an uncertainty. we used adprep /forest and adprep /domain tools on windows 2012 R2 to update the domain active directory. But after promoting a domain controller to windows 2012 R2, we realized that a tool we use to authenticate computer account not
supported for domain controllers in Windows 2012 R2. Here comes the question, I can to install direct and promote a domain controller windows 2012 without running the adprep /forest and adprep /domain tools of Windows 2012?.
I hope be clearly.
tks.
migrations

Hello,
as others mentioned there is no problem to promote a Windows Server 2012 into the domain as the functional level is fine for this.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Installing ADFS on Active directory-DC it self Is OK ?

I integrated our Lync Server 2010 on Premise with Office 365 which requires installing ADFS and Dirsync, I read a recommendation from Microsoft that Dirsync should be installed on a separate server since it requires SQL and SQL can't be installed on Domain
Controller(AD). however I didn't read any recommendation if installing ADFS on AD would be ok or not?
It seems to be working fine but i'm worried from security wise! since ADFS requires that you install IIS and publish the authentication page for AD users permission.
I would appreciate any input on this.
Thanks
Mohammed JH

Then virtualize. It is patently unwise to run web services on domain controllers. Install ADFS on a separate platform.
David Shaw [MSFT]
As I stated in my original post, I know what best practice is. I am not looking for advice on following best practices I want to know what is technically possible. This is virtualized, it's running at my house. I have only a single hyper-v host which is
already stretched for resources. I am trying to avoid placing any more servers on it if possible. The LAB sits on a totally isolated network, it contains NO data what-so-ever. Security is not a concerned at all.
As you can see my server is overcommitted as is. All of these VM's are running on a single Dell 2950 with 350GB of disk space and 32 GB of RAM. If someone wants to donate a server to me I'd gladly use it. :-)
John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/

Replication with Domain and Sub domain in Active directory sites and services

I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?

I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
How Domain and Forest Trusts Work
http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc730868.aspx
http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Active Directory not working Windows Server 2003 R2

Hi,
Like the subject said my root problem is either my Active Directory or DSN server. In order to properly explain the situation I will have to make the full Story. I was contacted by a family member to help
out a Non profit organisation with there server problem. Their current config is Windows Server 2003 R2 Running DC,AD,DNS,DCHP,File Services( i know is not efficient).
Here is how I come in to play, prior of me helping the had another server running same spec started having hardware failure and the invested in a new server. The person that set it up did replicate the server
on the new one as far as AC and Domain controller but nothing else. We ll now the DC01 failed and no user cannot login into a new computer
or if a new employee will try to added the changes don't take effect. Seeing the situation I went for the basic and seize fsmo roles to the new server. Perform Metadata clean up. Configure the DC02 as Master Domain Controller. Now everything
is set up and running but still No new user can be added or any exiting can log in
a different computer. At this point am out of answer I try everything I found in the forum. Am almost to the verge of deleting all and start
from scratch me knowing all config. Sorry for the long story am not good on resuming stuff. Please let me know If I need to add any other detail
I repeat DC01 is DEAD...
Also when a new user try to login or an existing user try to loging they get the system cannot log you on now because the domain is not available

Not Sure if this is the info requested but I ran the commands
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\administrator.LUTHERAN>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc02
Primary Dns Suffix . . . . . . . : Lutheran.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Lutheran.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #45
Physical Address. . . . . . . . . : 00-1C-23-BF-E6-69
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.6
Primary WINS Server . . . . . . . : 192.168.100.6
C:\Documents and Settings\administrator.LUTHERAN>
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Internet Protocol (TCP/IP)
Bind Name: Tcpip
Binding Paths:
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Client for Microsoft Networks
Bind Name: LanmanWorkstation
Binding Paths:
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: Client for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : WebClient
Bind Name: WebClient
Binding Paths:
Component Name : DHCP Server
Bind Name: DHCPServer
Binding Paths:
Component Name : Wireless Configuration
Bind Name: wzcsvc
Binding Paths:
Component Name : Network Load Balancing
Bind Name: Wlbs
Binding Paths:
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Component Name : Steelhead
Bind Name: RemoteAccess
Binding Paths:
Component Name : Dial-Up Server
Bind Name: msrassrv
Binding Paths:
Component Name : Remote Access Connection Manager
Bind Name: RasMan
Binding Paths:
Component Name : Dial-Up Client
Bind Name: msrascli
Binding Paths:
Component Name : File and Printer Sharing for Microsoft Networks
Bind Name: LanmanServer
Binding Paths:
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Generic Packet Classifier
Bind Name: Gpc
Binding Paths:
Component Name : Application Layer Gateway
Bind Name: ALG
Binding Paths:
Component Name : NetBIOS Interface
Bind Name: NetBIOS
Binding Paths:
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : WAN Miniport (IP)
Bind Name: NdisWanIp
Binding Paths:
Component Name : Direct Parallel
Bind Name: {A4DC6983-452B-41F9-B696-5112E5E6F1C6}
Binding Paths:
Component Name : WAN Miniport (PPPOE)
Bind Name: {5B69EEC5-2676-460B-9E03-F38B02BA4474}
Binding Paths:
Component Name : WAN Miniport (PPTP)
Bind Name: {DEE98315-C28A-4CC8-9233-E6C3506C16D3}
Binding Paths:
Component Name : WAN Miniport (L2TP)
Bind Name: {9BFC4E35-93B2-4811-8A56-69149ED0837E}
Binding Paths:
Component Name : RAS Async Adapter
Bind Name: {50239872-7742-4BB5-A28E-0B814085C2A6}
Binding Paths:
Component Name : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #48
Bind Name: {19218099-5DDC-4936-A111-75E4D7250A24}
Binding Paths:
Component Name : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #45
Bind Name: {52BE526E-7FAE-4458-9691-E333DA333601}
Binding Paths:
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\administrator.LUTHERAN>

Install Domain Controller, Active Directory, RemoteApps on Single Server?

Similar Messages

Maybe you are looking for