DC VM Query

ringo747

ringo747

ringo747

Soldato
Joined
1 Feb 2006
Posts
8,188
I have a SharePoint VM which I use for all my work stuff and when running I also run a Server 2008 VM as a DC. Obviously SharePoint needs the service accounts from my domain to be available but I was wondering is there any way I can cache the accounts so that they are available to my SharePoint VM even if the DC VM isn't up and running? It probably isn't possible but it would allow me to free up some RAM.
 
Assuming that your SharePoint VM is running Server 2008 (or R2), you can use Active Directory Lightweight Directory Services (or ADAM on 2003). This will allow you to create another instance of the directory that you can replicate whenever you want. I'm not sure if it's any better than running the full AD DS in terms of resource usage, though, and it can be quite tedious to set up.
 
Thanks - will look into that. I don't have many users in the directory so it maybe wouldn't be too bad. I change users in AD maybe once every few months so it would be handy if it was all on one VM. I deliberately didn't want everything on one box though as I use the DC for a number of different VMs.
 
Ol!ver said:
Out of curiosity, and on a slight tangent, what do you use for the VM host?
Click to expand...

Just use Virtualbox here on a rubbish laptop.

groen said:
There is a group policy to cache AD account details on machines. This will allow computers to still be able to log in with ad account even if the pc is off the network.

It is recommend to always have a physical dc though.
Click to expand...

Any more info on how I can set this up?
 
ringo747 said:
Just use Virtualbox here on a rubbish laptop.



Any more info on how I can set this up?
Click to expand...

Cached credentials is enabled by default, but you may want to increase the number of credentials being cached as by default it is fairly low. You may want to consider the security aspect as cracking cached password hashes isn't all that hard.

However, I do not believe any of the above will fix the issue at hand as you'll have more issues with the DC being down. Domain controllers are not optional role in an domain environment. They should be on all the time, with multiple domain controllers correctly placed for resiliency and performance. If your DCs are completely unavailable then you should be looking to bring it back on line in the first instance.

If this is a test lab, then make sure the DC is on. If its production, then have more than one DC.
 
You must log in or register to reply here.
Back
Top Bottom