Some Server Core Domain Controllers heading for a dead end street

Reading Time: 3 minutes

Dead end street ahead

You know, in terms of deploying servers in a smart way, so you can actually utilize them for as long as their economical lifecycle in a supported fashion without a need to reinstall them, I’ve made a stupid decision in advising IT Pros to deploy Server Core Domain Controllers in the last two years.

The problem, you see, is the product team responsible for Active Directory has made a design choice to leave the old world of RPC behind and to introduce a new way to manage Domain Controllers: using the Active Directory web service.

Windows Server 2008 R2 is the first Windows Server product featuring this new service, which besides the server component of the web service, also unlocks the usage of a whole load of other goodies like Active Directory PowerShell cmdlets and the Active Directory Administrative Center (ADAC). (when used from a Windows 7 or Windows Server 2008 R2-based management box)

While the decision was made a while ago, only now do I realize the impact. Now that Microsoft released the Active Directory Management Gateway Service (Active Directory Web Service for Windows Server 2003 and Windows Server 2008) and both Jorge and Tomasz blogged about it. This Stand-alone Update Package basically adds the Active Directory Web Services service to Domain Controllers, running:

  • Windows Server 2003 with Service Pack 2
  • Windows Server 2003 R2 with Service Pack 2
  • Windows Server 2008
  • Windows Server 2008 with Service Pack 2

 

Except there’s one problem: .Net Framework 3.5 with Service Pack 1 (SP1) is required. Whoops! That’s not exactly available on Server Core installations of Windows Server 2008 in a supported fashion.

As a consequence Windows Server 2008-based Server Core Domain Controllers can not be used in combination with the Active Directory PowerShell cmdlets and the the Active Directory Administrative Center (ADAC).

Note:
Windows Server 2008 R2-based Server Core Domain Controllers, however, can be managed using the Active Directory PowerShell cmdlets and the Active Directory Administrative Center (ADAC). One of the new features of Server Core installations in Windows Server 2008 R2 is the availability of the .Net Framework.

Actually when you try to install the Active Directory Management Gateway Service on a Windows Server 2008-based Server Core Domain Controller a check is performed upon your system.

Error_SC_ADWGS

Server Core installations fail the check. The result is an error stating “The update does not apply to your system” as shown above on a x64 Server Core installation of Windows Server 2008 (OperatingSKU 13). This box was setup as a Domain Controller and configured with the Primary Domain Controller emulator (PDCe) FSMO role (DomainRole 5).

 

Concluding

When running an environment with Windows Server 2008-based Server Core Domain Controllers, a requirement to use the Active Directory PowerShell cmdlets or Active Directory Administrative Center (ADAC) implicates the need to reinstall the Windows Server 2008-based Server Core Domain Controllers as Full installations or the need to upgrade the Windows Server 2008-based Server Core Domain Controllers to Windows Server 2008 R2-based Server Core Domain Controllers.

Further reading

Download Details: Active Directory Management Gateway Service
What does the Active Directory Management Gateway Service do?
What's New in AD DS: Active Directory Web Services
The Active Directory Management Gateway Service is now available
Active Directory Management Gateway Service for Windows Server 2003 and 2008
Manage YOUR Windows 2003/2008 DCs USING AD POWERSHELL !
The Active Directory Management Gateway Service is now Available for Windows Server 2008 and Windows Server 2003
Active Directory Management Gateway Service
Have you successfully installed Active Directory Management Gateway Service on 2008?
Active Directory Management Gateway Service is RTW
Q. What is Active Directory Management Gateway Service (ADMGS)?
What is Active Directory Management Gateway Service (ADMGS)?
Active Directory Gateway WebService is available for ‘legacy’ OSes

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.