Solved

single domain controller with remote desktop role

Posted on 2016-09-29
6
73 Views
Last Modified: 2016-09-30
Dear experts,

One of my customers has a single Windows Server 2012 R2 configured as domain controller with a LOB application installed on it. He needs to add remote desktop role to this server, so 4 users can connect via RDP.

I know this is not supported by Microsoft:
https://support.microsoft.com/en-us/kb/2799605 

But I also know that it have to work. Do you have a real experience with this configuration?


Kind Regards,
Jarda
0
Comment
Question by:Jaroslav Latal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 41822020
That's an old article. It's only applicable to Server 2012, not 2012 R2. That configuration is supported in 2012 R2 (and in 2012 after a particular update is installed, as that article states); it's just not recommended. Having users log on quasi-locally to a domain controller just isn't a great idea from a security perspective.
0
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 41822034
Thanks Dave, can you please send me a link to Microsoft site where it is stated? I cannot find the info.

Regards,
Jarda
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41822060
I had to dig around quite a bit to find it, but I finally did in this Technet blog entry from the early days of 2012 R2:

https://blogs.technet.microsoft.com/enterprisemobility/2013/07/09/whats-new-in-remote-desktop-services-for-windows-server-2012-r2/

Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller.

Also, here's a decent walkthrough for deploying RDS on a 2012 R2 domain controller:

https://ryanmangansitblog.com/2015/02/22/deploying-rds-2012-r2-on-a-domain-controller-the-walk-through-guide/
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41822201
Do this RIGHT - 2012 R2 allows TWO servers when virtualized.  Virtualize the existing and add a second as an RDS server.  There's almost no excuse for not virtualizing these days - it's NOT new technology - it's been a core feature of Windows for 8 years and well established with VMWare before that.  Do it right.
1
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 41822723
In full agreement with Lee on this. *NEVER* install RDS on a domain controller.

I can tell you, in no uncertain terms, that it is a terrible experience, things don't work as expected, and you'll end up back here in a month asking things like "I want to hide the admin tools icons from a user when they are logged in" and the answer is "you can't do that."

There is no legitimate reason to do this, and support is only there for a political reason back in 2012...not for a practical "you should do this!" reason (long story, half of it NDA, but I was involved in meetings where it was discussed. Nobody *wanted* to add support back...)
0
 
LVL 7

Author Comment

by:Jaroslav Latal
ID: 41823028
Lee, Cliif,

I fully agree with you. But we are talking about small company with 4 users. They don't want to pay for administering 3 servers.

I am betting that users do not have permission.

Dave: thanks a lot for link.


Regards,
Jarda
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In my previous 24 VMware Articles (http://www.experts-exchange.com/ARTH_1864316.html?arthOrderBy=3&arthSort=1#arth), most featured Intermediate VMware Topics. My next series of articles concentrated on topics for the VMware Novice;   If you would…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question