Can I install Terminal Services on a Win 2008 Server DC

Posted on 2011-04-22
Last Modified: 2012-08-13
I have a Dell server running Server 2008 64-Bit with 8GB RAM and mirrored SAS Drives.  I added it as a second DC and will be moving all roles to it as I will be decommissioning my 2003 DC.  There are 8-10 users on site and 8-10 users that will be accessing it remotely.  I was going to install the Terminal Services role onto this server, but the warnings are popping up that it is not recommended on a DC.   As cost is an issue for this customer, I was trying to use one box to do it all.   WIth the server specs and the number of users, will this setup cause any production issues?
Question by:tk1solutions
    LVL 59

    Accepted Solution

    You technically can install Terminal Services on a DC but it is not recommended to do so because of security risks and so on.

    What I would recommend is to use Hyper-v which will allow you to install a Domain Controller in one virtual machine and Terminal Server in another virtual machine but run on the same physical box.

    Another recommendation is you should always have two domain controllers so I would even recommend keeping the 2003 DC around for a backup

    Author Comment

    I have already install the DC and add Active Directory.  If I install Hyper-v, does that affect my current setup?  Would i need to reinstall the DC?
    LVL 37

    Expert Comment

    As it is against all recomendation s and best practice guides, IF the customer should suffer a loss due to asexurity breach I would say that they would be chassing you through the courts.

    You gets what you pays for tell them and get them to be fully aware of ALL the risks and to sign to say that they understand those risks.
    LVL 37

    Expert Comment

    "asexurity" = A Security

    Fingers having a day off lol
    LVL 59

    Expert Comment

    by:Darius Ghassem
    Yes you would have to demote the domain controller role. You would then have to reinstall the OS in a VM.

    Again you can use TS on a DC but it is not recommended. You can have a corrupt AD DB as well

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    The canonical version of this article is on my web site here: A companion presentation is available here:
    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now