Adding 2nd Domain Conroller to 2011 SBS Domain

We have a 2011 SBS Server and it has been running for over a year. It has 32 GB RAM and 1 Terabyte SAS Drives configured as RAID-10.

We just added (this past weekend) an addtional 2008 R2 Server and promoted it to Domain Controller. I was careful NOT to add this as a Read Only Domain Controller.

Active Directory replicated perfectly. No issues.

When I tried to install 2008 SQL Server (full version) I keep getting errors like this one:

Failure creating local group SQLServer2005MSSQLServerADHelperUser$<servername>

I googled this message and it states that this comes up when you try to install SQL on a Read-Only DC. This one is NOT a RODC unless SBS Server does something when promoting it that takes privileges away.

How can I fix this so I can install SQL 2008 on my "Backup" Domain Controller?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brad GrouxSenior Manager (Wintel Engineering)Commented:
SQL Server should not be installed on a DC, they don't play nice together -

With that said, you should be able to install it - but there ARE limitations, specifically the usage of local service accounts.

For security reasons, we recommend that you do not install SQL Server 2014 on a domain controller. SQL Server Setup will not block installation on a computer that is a domain controller, but the following limitations apply:

• You cannot run SQL Server services on a domain controller under a local service account.
• After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
• After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
• SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
• SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
I'd suggest trying to run the setup.exe as a domain or enterprise admin. Right-click setup.exe and "run as another user."
DocomonAuthor Commented:
SQL is installed on the 2011 SBS Server though and it works fine!

This is a freshly installed 2008R2 Server. SQL wasn't already installed before it was promoted to a DC.

AFTER it was promoted and updates applied and Active Directory Replication was completed and verified did I attempt to install SQL 2008 Server.

Is there no way to install it on the "Backup" Domain Controller?

I have also verified that it is NOT in Read-Only mode (the Domain Controller, that is.)
DocomonAuthor Commented:
Your comment states that it cannot run under a "local service account". Is there another way to install/run it? I REALLY need SQL on this server!
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Brad GrouxSenior Manager (Wintel Engineering)Commented:
SBS is not equivalent to regular Windows Server. SBS is meant to be an "infrastructure in a box" solution, so having several roles or applications on SBS is common practice.

If you can't create the required security groups than there is a permissions issue at fault.

A better practice would be to utilize Hyper-V to host the DC and SQL servers on separate virtual machines (on the same physical hardware) rather than on the same box. Server 2008 Standard includes licensing for up to 5 virtual hosts.
Brad GrouxSenior Manager (Wintel Engineering)Commented:
Your comment states that it cannot run under a "local service account". Is there another way to install/run it? I REALLY need SQL on this server!
Yes, utilize a domain account. If you're trying to install it using a local account, that is your problem. Create a SQL service account in AD... which you should be doing anyway as it is best practice.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Are you fully aware of the potential issues you will have with TWO DCs if you ever have to restore one?  In general, a lot of people recommend two DCs - I did too - but I've come to feel that it's not necessary nor advisable in most small offices.

And I agree with Brad regarding SBS - it's an integrated package designed to run everything on one system - though NOT necessarily SQL since the 2003 edition.

Can you get SQL working on a DC?  Yes.  Should YOU?  Probably not.  I would strongly suggest you demote the system first, then install SQL to a NON-DC.

And yes, DCs don't have LOCAL accounts so you cannot create local accounts.  You'd have to create a domain service account.
DocomonAuthor Commented:
This isn't a small office though. It has about 67 workstations on it. That's why I installed a 2nd DC. AND they are a manufacturing plant and run 24 hours! Down time has to be limited (which is why I installed this 2nd DC over Labor Day weekend, so I'd have 2 days that they are shut down in a row.)
Lee W, MVPTechnology and Business Process AdvisorCommented:
I thought I read that you had 20 users... must have been a previous question I was looking at, sorry.

So why didn't you install two servers?

You can't buy Server 2008R2 anymore unless you go out of your way - if you bought 2012 R2, you get two VMs, so install one as your DC and one as your SQL server.  (You ARE virtualizing, right?)
DocomonAuthor Commented:
I installed SQL on a 3rd stand alone server and didn't promote it as a DC. This solved the problem and I am able to function without incidence.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DocomonAuthor Commented:
I had to move on as time was running out. This solution worked and allowed me to continue before the weekend was over and people started showing up to work.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.