Solved

single domain controller with remote desktop role

Posted on 2016-09-29
6
59 Views
Last Modified: 2016-09-30
Dear experts,

One of my customers has a single Windows Server 2012 R2 configured as domain controller with a LOB application installed on it. He needs to add remote desktop role to this server, so 4 users can connect via RDP.

I know this is not supported by Microsoft:
https://support.microsoft.com/en-us/kb/2799605 

But I also know that it have to work. Do you have a real experience with this configuration?


Kind Regards,
Jarda
0
Comment
Question by:Jaroslav Latal
6 Comments
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41822020
That's an old article. It's only applicable to Server 2012, not 2012 R2. That configuration is supported in 2012 R2 (and in 2012 after a particular update is installed, as that article states); it's just not recommended. Having users log on quasi-locally to a domain controller just isn't a great idea from a security perspective.
0
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 41822034
Thanks Dave, can you please send me a link to Microsoft site where it is stated? I cannot find the info.

Regards,
Jarda
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41822060
I had to dig around quite a bit to find it, but I finally did in this Technet blog entry from the early days of 2012 R2:

https://blogs.technet.microsoft.com/enterprisemobility/2013/07/09/whats-new-in-remote-desktop-services-for-windows-server-2012-r2/

Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller.

Also, here's a decent walkthrough for deploying RDS on a 2012 R2 domain controller:

https://ryanmangansitblog.com/2015/02/22/deploying-rds-2012-r2-on-a-domain-controller-the-walk-through-guide/
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41822201
Do this RIGHT - 2012 R2 allows TWO servers when virtualized.  Virtualize the existing and add a second as an RDS server.  There's almost no excuse for not virtualizing these days - it's NOT new technology - it's been a core feature of Windows for 8 years and well established with VMWare before that.  Do it right.
1
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 41822723
In full agreement with Lee on this. *NEVER* install RDS on a domain controller.

I can tell you, in no uncertain terms, that it is a terrible experience, things don't work as expected, and you'll end up back here in a month asking things like "I want to hide the admin tools icons from a user when they are logged in" and the answer is "you can't do that."

There is no legitimate reason to do this, and support is only there for a political reason back in 2012...not for a practical "you should do this!" reason (long story, half of it NDA, but I was involved in meetings where it was discussed. Nobody *wanted* to add support back...)
0
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 41823028
Lee, Cliif,

I fully agree with you. But we are talking about small company with 4 users. They don't want to pay for administering 3 servers.

I am betting that users do not have permission.

Dave: thanks a lot for link.


Regards,
Jarda
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question