SharePoint on a Domain Controller
Background Past
-- I inherited a 2 server farm. WFE-A, SQL-A
-- The environment had several DCs, including WFE-A as a DC (don't even get me started here...)
-- WFE-A is running WSS 3.0
Background Present
-- I implemented a two new servers. WFE-B, SQL-B
-- Neither of these are DCs
-- WFE-B is going to run MOSS
Note: When you install SharePoint, it creates several local groups and provisions accounts to these groups and their permissions are applied throughout SharePoint where appropriate. They are: WSS_ADMIN_WPG, WSS_RESTRICTED_WPG, and WSS_WPG. However, if you install SharePoint on a DC (which does not have local groups), it will create those groups as AD Groups, not local groups. So, currently WFE-A is running WSS 3.0 with these three groups in AD.
My Problem
After installing MOSS on WFE-B, the accounts for MOSS are appropriately in their 3 respective local groups. However, the AD Groups that were running WSS 3.0 on WFE-A are now missing from AD, and WSS is down on WFE-A.
The Actual Question:
Can anyone confirm for me that installing MOSS in the environment would have actually removed those groups from AD? My gut tells me yes, and this is what I'm currently believing happened in this environment. However, I don't have any virtuals that I can test this out on.
Thanks,
ps: Feels odd to be posting a question, instead of answering a question. :)
Dan Lewis
SharePoint Comic- Edited byDan Lewis Tuesday, November 03, 2009 8:43 PMtypo
Answers
Hi Tony,
The service account used in SharePoint was created by yourself before installing SharePoint, and SharePoint will not delete them anyway.
Yes, the WSS_ADMIN_WPG, WSS_RESTRICTED_WPG, and WSS_WPG groups would be deleted, but no account would be deleted.
By adding MVP Bob’s suggestions, I do not suggest you to install SharePoint on DC, because it should decrease the performance of DC and impact the whole domain.
For more information on planning and architecture, refer to the downloaded book: Planning and architecture for Office SharePoint Server 2007, part 2 (http://go.microsoft.com/fwlink/?LinkId=85548&clcid=0x409, file size of approximately 10.5 MB. Publish date: April 2009.)
Hope the information can be helpful.
Lambert Qin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact mtngfb@microsoft.com
Sincerely,Lambert QinPosting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byLambert QinMSFT, ModeratorMonday, November 16, 2009 2:06 AM
All Replies
- Dan,
If you have access go into your DC or open an MMC for AD Users and Computers. Once in there go to View in toolbar and click advance features then have a look at your users. Are they indeed still missing?
Adding also that this is a very poor implementation decision.
Bob Fox [MVP WSS] - Bob - would it be possible to explain why it's poor implementation decision to help us newbies?
TIA
Tony Hi Tony,
The service account used in SharePoint was created by yourself before installing SharePoint, and SharePoint will not delete them anyway.
Yes, the WSS_ADMIN_WPG, WSS_RESTRICTED_WPG, and WSS_WPG groups would be deleted, but no account would be deleted.
By adding MVP Bob’s suggestions, I do not suggest you to install SharePoint on DC, because it should decrease the performance of DC and impact the whole domain.
For more information on planning and architecture, refer to the downloaded book: Planning and architecture for Office SharePoint Server 2007, part 2 (http://go.microsoft.com/fwlink/?LinkId=85548&clcid=0x409, file size of approximately 10.5 MB. Publish date: April 2009.)
Hope the information can be helpful.
Lambert Qin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact mtngfb@microsoft.com
Sincerely,Lambert QinPosting is provided "AS IS" with no warranties, and confers no rights.- Marked As Answer byLambert QinMSFT, ModeratorMonday, November 16, 2009 2:06 AM
Agreed - it shouldn't be installed on a DC. I'm still recovering just from getting the environment back up and running - so haven't had a chance yet to test if the groups are in fact deleted if SharePoint is subsequently isntalled on a member server in the same domain.
I'll upate this post after testing.
Dan Lewis
SharePoint ComicHi Dan,
Would you please let me know if you got the result after testing.
If you need further assistance, please feel free to let me know.
Have a nice day.
Lambert Qin
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact mtngfb@microsoft.com
Sincerely,Lambert QinPosting is provided "AS IS" with no warranties, and confers no rights.
