Remove From My Forums

Promoting 2008 R2 to DC status, what happens to already created local user accounts?

Question
0

Sign in to vote

I have a client with a consultant onsite who already brought up a Windows 2008 R2 standalone server. He has file shares running on there with local user accounts/passwords created. There is no domain environment setup here. Users have drive mappings mapped using saved servername\username + password credentials. I'm prompted today they must have Exchange 2010 installed on the same box which means I must promote this server to a DC. Save your talk on Exchange being on the same box as DC, i understand the ramifications of this but they have no intention on buying another server. What I would really like to find out is whether the local user accounts and passwords he already created will get populated into the AD that I'm bringing up? Worst comes to worst I just recreate the users and passwords in AD, but it would be nice if they just stay and transfer into AD.

Friday, July 27, 2012 7:40 PM

Answers

0

Sign in to vote
You can’t install Exchange without a domain or domain controller. So Domain is already present. If you promote a server as DC, the local accounts will automatically become domain accounts.
Santhosh Sivarajan | Houston, TX
http://www.sivarajan.com/

This posting is provided AS IS with no warranties,and confers no rights.
- Marked as answer by Arthur_LiMicrosoft contingent staff Monday, July 30, 2012 5:07 AM
Friday, July 27, 2012 8:33 PM

All replies

0

Sign in to vote
You can’t install Exchange without a domain or domain controller. So Domain is already present. If you promote a server as DC, the local accounts will automatically become domain accounts.
Santhosh Sivarajan | Houston, TX
http://www.sivarajan.com/

This posting is provided AS IS with no warranties,and confers no rights.
- Marked as answer by Arthur_LiMicrosoft contingent staff Monday, July 30, 2012 5:07 AM
Friday, July 27, 2012 8:33 PM
0

Sign in to vote

Hi,

Agree with Santosh, whenever you peomote standalone server to DC then there are no "Local Accounts" all accounts became domain accounts and you can manage them by ADUC console.

In a production environment, do not install Exchange or any other application server role on DC. Instead, I would suggest you to use dedicated server for exchange 2010 and convince the client about the same.
Best Regards,

Abhijit Waikar.
MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Saturday, July 28, 2012 3:09 AM
0

Sign in to vote

I agree that all local user accounts become AD users when promoted, but just to point out and stress, that is only if the server is the very first DC in a brand new domain in a brand new forest. Otherwise, if adding a replica DC, then any local accounts on the box are lost.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This post is provided AS-IS with no warranties or guarantees and confers no rights.

Saturday, July 28, 2012 4:54 AM
0

Sign in to vote

If this new DC is the first domain controller in a new domain,the local SAM database that the new domain controller contained as a stand-alone server is migrated to the Active Directory database that is created during the promotion. All of the local user accounts that the local SAM database contained when it had been a stand-alone server are migrated from the local SAM database to the Active Directory database.In addition, any permissions that had been assigned to the local users, such as, NTFS permissions, are retained when the users are migrated to the Active Directory database.

Reference link:
http://social.technet.microsoft.com/Forums/hr/winserverDS/thread/2f120e62-52a9-4001-b8e0-15a897f28b7e

However I would recommend to install additional DC for redundancy.It is not good practice to install exchange role on DC but if you have budget issue you have no choice.

Hope this helps
Best Regards,

Sandesh Dubey.

MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Saturday, July 28, 2012 9:47 AM
0

Sign in to vote

Santhosh is correct. Just to clarify:

So far I know that is only true for the first DC being promoted for a new domain. e.g users and groups in SAM (local) will only be moved to the Directory Service (AD) in that case, not while promoting additional replicas to an existing domain.

Regards,
----------------------------------------------------------
Enfo Zipper
Christoffer Andersson – Principal Advisor
Blog: http://blogs.chrisse.se

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

"Santhosh Sivarajan-" wrote in message news:1aaba462-5125-44fb-9f89-eb6c7eea4b09...

You can’t install Exchange without a domain or domain controller. So Domain is already present. If you promote a server as DC, the local accounts will automatically become domain accounts.

Santhosh Sivarajan | Houston, TX
http://www.sivarajan.com/

This posting is provided AS IS with no warranties,and confers no rights.

Enfo Zipper Christoffer Andersson – Principal Advisor

Saturday, July 28, 2012 3:44 PM
0

Sign in to vote

Thanks for all your responses. I will go ahead with the dcpromo on the server and the user accounts/password will stick.

thanks!

Saturday, July 28, 2012 8:31 PM
0

Sign in to vote

Yes. That is correct. This will only happen when you are creating a new domain (first DC).
Santhosh Sivarajan | Houston, TX
http://www.sivarajan.com/

This posting is provided AS IS with no warranties,and confers no rights.

Sunday, July 29, 2012 1:47 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Promoting 2008 R2 to DC status, what happens to already created local user accounts?

Question

Answers

All replies