Re: Configuring Active Directory to Run as a Domain User Account

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 01/09/05 

Date: Sat, 08 Jan 2005 20:12:16 -0500

Alternatively try to add the machine account to the authorization group.

I agree with Doug though, you are most certainly not going to get this to work
with a userid. From one simple angle, say this is your only domain controller
and it tries to start AD services, how does it authenticate the ID? It is the
service that maintains the IDs.

   joe 

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Doug Frisk wrote:
> "Will" <DELETE_westes@earthbroadcast.com> wrote in message 
> news:eysYC4b9EHA.2012@TK2MSFTNGP15.phx.gbl...
> 
>>Has anyone figured out how to make Active Directory services run as a 
>>domain
>>user account?    I need to do this so that Active Directory can do DNS
>>queries upstream to a DNS server that is on the other side of a proxy
>>server.   Proxy Server is configured to only let queries go out of our
>>network if they come from pre-authorized Domain User accounts.
> 
> 
> Simply not going to happen.
> 
> 
>>We could just put the DNS server on the proxy server itself, but that
>>creates one more security vulnerability on a machine that should ideally
>>live in a sterile extremely secure environment.
> 
> 
> Queries or updates?  This sounds like a very non-standard setup.
> 
> 
>>Whenever I set Active Directory to run as a Domain User, I get all kinds 
>>of
>>errors.   Even when I make the new Domain User a domain system 
>>administrator
>>I still get errors and Active Directory effectively no longer works.
> 
> 
> To be expected.
> 
> Your proxy or firewall simply needs to be configured to allow the *IP* of 
> the AD server to perform DNS queries. 
> 
>

Relevant Pages

  • Re: Different Directory Information Trees
    ... I think that was a DC account password issue that I have since cleaned up. ... I noticed some NTDS Replication 1955 and 1083 errors that come together. ... Weird side-effect I also noticed was that I can no longer launch the Active Directory related Management tools from my workstation unless I use the Active Directory Management MMC. ... I noticed a lot if DNS 4015 errors on the server it appears that the DNS or Active Directory is "busy". ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cross-Domain question (Parent - Child)
    ... computer accounts unless logged in directly to the server? ... different DC so the DC you are looking at doesn't get the audit entries. ... Author of O'Reilly Active Directory Third Edition ... User Account Created: ...
    (microsoft.public.win2000.active_directory)
  • Re: server 2003 standard domain user local rights
    ... been domain user accounts available and I thought you said there were none. ... has created a user account locally and given it any type of permissions. ... Setup Server Wizard on the SBS. ... Your Server Wizard to add the Domain Controller role, ...
    (microsoft.public.windows.server.sbs)
  • Re: Replication across non-trusted domains requires Win2k Application server and not Domain Controll
    ... you can do it by using SQL authentication instead of NT authentication. ... that the SQL Agent account on your subscriber has rights to read it. ... Or is it possible to install SQL server ... > upon a Windows 2K Domain Controller(Server with Active directory ...
    (microsoft.public.sqlserver.connect)
  • Re: Replication across non-trusted domains requires Win2k Application server and not Domain Controll
    ... you can do it by using SQL authentication instead of NT authentication. ... that the SQL Agent account on your subscriber has rights to read it. ... Or is it possible to install SQL server ... > upon a Windows 2K Domain Controller(Server with Active directory ...
    (microsoft.public.sqlserver.setup)
Loading