Run FTP on 2012 Domain controller

Hello Experts
Can I run an FTP site on a 2012 Server that is a domain controller.  The server in question was running our FTP site, but I had to make this server a domain controller over the weekend and if I remember correctly, all local users are removed from a server when it is promoted to a DC.  Can I have local users on a 2012 DC?  previously each ftp user had a local account and would login with their own username and password and only  had rights to their FTP folder.  

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
Can I have local users on a 2012 DC?

i would get that off of that server or demote it
a domain controller shouldn't be running network services like that

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cja-tech-guyAuthor Commented:
If I demote it, will local user accounts that were there before it was a DC still be there?
Lee W, MVPTechnology and Business Process AdvisorCommented:
Unfortunately, you're asking questions most professionals don't have experience with because most professionals know not to do this.  Adding FTP to DC is a huge security risk since FTP transmits passwords in clear text.  Further, while I agree some roles in smaller organizations can reside on DCs, FTP is not one of them I would do it I had any other choice (and most clients these days don't use FTP anymore so it's not a task often done these days).

I don't know if the local database will be restored.  I'm inclined to say NO, but when you demote a DC, you're prompted to set an administrative password for the local administrator account.  I think this action has PROBABLY destroyed all your FTP accounts *IF* they were using the local accounts database as opposed to a separate FTP accounts database from using a third party FTP server.

I would strongly recommend in the future that you perform testing before doing such things.  This should be easily done thanks to virtualization and trial versions Microsoft makes available.  I'd also ask, since this is 2012, why didn't you just create a new VM for your DC?  This *IS* a virtual server right?  2012 grants 2 VMs per license so you have the license.  It would have cost nothing.  (One reason I love virtualization).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.