Windows

Stopping Active Directory Domain Services in Windows Server 2008

Windows Server 2008 introduces the service-controllable domain services, which allow for explicit management of domain controller servers. Rick Vanover shares tips on using this functionality.

Windows Server 2008 introduces the service-controllable domain services, which allow for explicit management of domain controller servers. Rick Vanover shares tips on using this functionality.

-------------------------------------------------------------------------------------

Windows Server 2008 systems with the Active Directory Domain Services role installed have an extra element of functionality (compared to previous versions of Windows Server) in the "stoppable" services for the domain. This works by Active Directory Domain Services being explicitly enumerated in the Services applet of the Control Panel. One of my pet peeves in Windows is services that do not permit the processing of a stop and start command. Terminal Services is the holdout, as Active Directory can now be explicitly stopped.

Active Directory Domain Services is managed as NTDS in the Services applet. You would use NTDS if you were using the sc command to manage Active Directory. You can also manage these services interactively. Figure A shows Active Directory being stopped on a Windows Server 2008 domain controller. Figure A

Figure A

Click the image to enlarge.

Exercise caution

While this functionality is good for Windows administrators, you need to exercise caution. The first thing you should understand is what happens when Active Directory is stopped. In environments with multiple domain controllers, the other systems would process logon requests. If there are any roles on the server with the stopped services, they will resume when Active Directory is resumed. If the outage will be for an extended period of time, it would be a good idea to transfer the role to another domain controller. For normal maintenance, such as applying Windows updates or basic hardware maintenance, going without the role for a short amount of time is usually fine.

Also consider this question: Just because you can stop Active Directory, should you? I'm going to wait until Windows Server 2008 R2 before fully upgrading Active Directory because of some of the new features, and it will fit my timeline better.

What are your thoughts on a service-controlled Active Directory? Share your comments in the discussion.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday. Automatically sign up today!

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

4 comments
riyaz.a.mir
riyaz.a.mir

well this piece of knowledge is good for me but i want more and more knowledge on this topic

BFilmFan
BFilmFan

Not a good idea to turn off AD, if you have Exchange servers talking to the DC. You could experience some real issues when the Exchange System Attendant Service makes a call to a GC. You could also experience a cascade global catalog failure if you don't have enough servers to support LDAP calls. I won't even mention those nice developers that hard-coded their applications to make calls directly to the GC, rather than to a round robin DNS name. This is going to be a large issue in environments where the organization failed to properly implement load-balancing LDAP techniques or enough global catalogs to handle the load. On the bright side, it means a lot more thumbs for answering questions in the technical forum. :)

matthew.balthrop
matthew.balthrop

It really is quite nice, first server OS i have used so cannot do a great comparison of previous versions but have not been disapointed in Server 08' at all.

b4real
b4real

Having controllable AD services separated like this is something I've been looking forward to.

Editor's Picks