[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Joining a Web Server to a Domain

Posted on 2007-03-20
8
Medium Priority
?
403 Views
Last Modified: 2010-04-20
Current Situation:
Two Machines:
        Server #1 - Exchange Server | current Domain Controller for small company (about 10-15 users)
        Server #2 - Web Server with Virtual Machine software installed so that Development Web Server is on the same box | also houses database used by website | was the old Domain Controller for company, and although it is not acting as such, it still has AD installed and thinks of itself as a Domain Controller.

I am wanting to add Server #2 to the Domain of Server #1.  I am thinking that I need to uninstall/disable AD from Server #2 and then add it to Server #1 as you would any computer.  This seems to me, too simple of a project though to be correct…..or is it?  Is there any special configurations I need to do when adding a web server to a domain?

Side Note:  I didn’t set this up, just the situation I was hired into a few weeks ago.  Currently working on getting a 3rd machine to separate the production web server and the development web server; but right now it is working.  
0
Comment
Question by:P1ST0LPETE
  • 4
  • 3
8 Comments
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1440 total points
ID: 18756735

I strongly recommend you don't do it.

MS do not support an Exchange Server changing it's Domain Role after installation (by either making it a Domain Controller, or demoting it to a Member Server if it already is a DC).

This is covered by this KB Article:

http://support.microsoft.com/kb/822179

Chris
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 18756793
No, I'm keeping the Exchange Server as the Domain Controller.  I want to add the web server to the Exchange Server's Domain.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1440 total points
ID: 18756886

Oh I'm sorry, misunderstood (clearly).

Last time I switched the domain for an IIS server it decided it would be fun to play with the IUSR accounts (despite them all being local user accounts).

If it's a small environment that's generally not much of a problem at all and can be very quickly corrected.

But that was the only problem I ran into. If IIS is running on a DC then it gets a little more tricky, it configures the IUSR account as a Domain Account, which after DCPromo would cease to exist.

Chris
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 18757028
Yes, IIS is running on a DC, but it's a DC that is inactive.  All workstations in office are connected to the Exchange DC.  So basically have two domains in the office right now, and I only want one.  Since all workstations are connected to the Exchange Server DC, I figured I could make the Web Server no longer a DC, and join it too they Exchange DC.
Not really sure the process on all this though, and I don't want make the website inaccessible.
I've never joined a server to a domain before, only workstations.  Wasn't thinking it was too much different.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1440 total points
ID: 18757052

The process is identical. The only extra step you have is the DCPromo to make it a Member Server again (from it's current situation).

I don't think there's much of an easy way around a little downtime to fix any issues with IIS. However, the amount of work really is quite minimal for a website or two, it's only when you scale that up to several hundred that things start to get a bit rushed.

Chris
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 18757084
What exactly is the DCPromo?
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1440 total points
ID: 18757293

That's the program you will use to stop it being a Domain Controller:

"although it is not acting as such, it still has AD installed and thinks of itself as a Domain Controller."

It will remove that and turn it into a Stand Alone server (no domain membership). Then you can join it to the new Domain and you're done.

Chris
0
 
LVL 3

Assisted Solution

by:hbbw063
hbbw063 earned 60 total points
ID: 18758965
Pistolpete,

As said Chris-Dent:

1- Demote Server 2 from domain controller to standalone server, for this use DCPROMO which will uninstall active directory on it.
2- If you are using static IP on server2, make sure name resolution works between him and server 1 domain, I recommend you set it as DNS client of Server1 supposing it is a DNS server.
3- Add server2 to Server 1 domain.

That's it.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question