You are currently offline, waiting for your internet to reconnect

Issues to consider when you install SharePoint Foundation 2010 or SharePoint Server 2010 on a Domain Controller

This article describes several important issues that you must consider when you install SharePoint Server 2010 on a Windows 2008 domain controller. Documented issues that may arise when installing SharePoint Foundation 2010 or SharePoint Server 2010 on a Domain Controller are:
  1. When SharePoint has been installed on a Domain Controller, group membership for the WSS_ADMIN, WSS_WPG, and WSS_RESTRICTED_WPG_V4 groups are overwritten when adding additional SharePoint servers to a farm that have also been installed on Domain Controllers.
  2. When uninstalling or disconnecting a SharePoint Server installed on a Domain Controller from a farm, the WSS_ADMIN, WSS_WPG, and WSS_RESTRICTED_WPG_V4 groups are removed from the domain controller and that removal is replicated to all Domain Controllers.

Installing SharePoint 2010 on a domain controller is supported, but highly discouraged for a number of security and performance reasons. The only two recommended scenarios:

  • Evaluation
  • Installation along with Small Business Server
  1. To prevent a SharePoint uninstall from removing the WSS_ADMIN, WSS_WPG, and WSS_RESTRICTED_WPG_V4 groups from multiple Domain Controllers in the environment
    • Enable Advance Features in Active Directory Users and Computers
    • Add “Everyone” group in the Security Tab to each of the WSS_ADMIN, WSS_WPG, and WSS_RESTRICTED_WPG_V4 groups
    • Select “Deny”  for "Delete All child Objects" permission to “Everyone” group  for each WSS_* group
    • Click on the Advanced Button in the Security Tab for each WSS_* group
    • Select “Delete” and “Delete Sub tree” permissions under Deny for the “Everyone” group
  2. To Prevent the Group membership overwriting for the WSS_ADMIN, WSS_WPG, and WSS_RESTRICTED_WPG_V4 groups on Domain Controllers, configure each WSS_* group as a Restricted group in the Domain Security Policy.

More Information
When you install SharePoint Server 2010 on a Windows 2008 domain controller (DC), you should also be aware of the following issues:
  • SharePoint Server 2010 requires the web server role, .NET Framework functions and other components to provide service, which are not mandatory for a DC. SharePoint server requires that additional ports are opened for normal functionality which are otherwise not necessary to open for a DC. Refer to the following article for planning security hardening and necessary ports:

  • Plan maintenance schedules and system updates carefully. After you install fixes on SharePoint Server such as cumulative updates or service packs, you may need to restart the server. In addition to that, you are also required to restart the server when you apply fixes for Internet Information Services (IIS), .NET Framework and other components.

  • SharePoint server 2010 uses processor, memory, disk and network resources depending on the roles and services you have configured. When you plan scale, hardware, sites and services for a SharePoint server farm, you should plan and estimate possible scenarios carefully since user load, search, and other SharePoint services can intensively use server resources. If SharePoint server is installed on a DC, the additional load and traffic might impact the DC's normal functions such as replication and authentication. Refer to the following articles for planning capacity management and best practices for operation:

  • Installing SharePoint on a DC also has following restrictions:
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2637209 - Last Review: 07/05/2013 18:39:00 - Revision: 5.0

Microsoft SharePoint Server 2010, Microsoft SharePoint Foundation 2010

  • KB2637209