Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
P
P
partisan422021-10-27 07:20:05
Active Directory
partisan42, 2021-10-27 07:20:05

What are the pitfalls of setting up a server in a domain?

Good day.
I understand that the question is stupid, but given what I want to do, it's better to ask a stupid question once again than to rake up its consequences later :)
I have a terminal server (192.168.0.100) based on Windows server 2016, on which under hyper- v the domain controller (192.168.0.250) is spinning. At the same time, the terminal server itself is not included in the domain.
There is a huge bunch of local users on the terminal server who access it via RDP and are already doing their own thing there.
I want to drive a terminal server under the control of a domain controller, and as I understand it, purely in theory, users who logged into it under a local account will still be able to log in, and I can already gradually create domain accounts, and also gradually get rid of local ones.
In services, all services run under the "Local System" account, except for apache. It is from the local administrator. But it is not difficult to forward one service.

Here is the scheme that I described above, will take off? Or have I missed some important point?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
H
hint000, 2021-10-27
@partisan42

Or have I missed some important point?
Missed. There was some minor failure and the virtual machine did not start automatically when the iron server started. You want to understand the problem, but they won’t let you into the terminal server, because there is no domain controller (and it just so happened that you haven’t logged in under the admin account for the last month)... There is nothing completely hopeless in this situation, but the price upsets : the whole office is on the ears, the bosses are angry, the admin is running around ...
The first rule of the fight club : the domain controller should not be alone. A domain controller can be virtualized (which is a good thing in and of itself), but the two controller VMs must be on different hosts. The failure of one controller should not bring down the work of the entire office.
There's business there: even if there is a shortage of resources, then some ancient Celeron with two gigs of RAM is enough for the second controller.
purely in theory, users who logged into it under a local account will still be able to log in, and I can already gradually create domain accounts, and also gradually get rid of local ones.
It's right. It can be done gradually.

Report
A
AntHTML, 2021-10-27
@anthtml

The primary domain controller should ALWAYS be on a real machine, with no associated tasks. Though celeron, though an atom, at least some other barebone or antiquity
Secondary can be virtual.
In the case of a crutch with a virtual primary controller, its host should NEVER be entered into its domain. Otherwise it's easy to shoot yourself in the foot

Similar questions
D
Deyle2021-12-20 11:50:05
How to deploy AD on hosting? 5Reply
S
Smilley2014-03-28 10:47:30
How to link open directory and active directory 1Reply
B
brar2016-05-24 12:50:13
On what to implement a proxy server? 4Reply
W
wattka1122022-01-10 13:49:13
Why does the domain not work on a laptop? 3Reply
W
wise_892018-11-08 19:57:33
Clearing Windows 7 account files on shutdown? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question