Installing Message Queuing on a Domain Controller

Applies To: Windows Server 2008, Windows Vista

If Message Queuing is being installed only on Windows 7 or Windows Server 2008 R2 family computers in a particular site, there is no need to install Message Queuing on a domain controller in that site because Message Queuing clients on Windows 7 or Windows Server 2008 R2 family computers can access Active Directory Domain Services directly. However, if you intend to install Message Queuing on a Windows 2000 computer in a site, you must install Message Queuing with Windows 2000 Client Support on a Windows Server 2008 domain controller in the site, or install a Message Queuing server on a Windows 2000 domain controller in the site, or promote the Windows 2000 computer on which you want to install a Message Queuing server to a domain controller. In addition, even in a pure Windows Server 2008 R2 family enterprise, enabling routing services for Message Queuing servers running on domain controllers may degrade performance. It is therefore preferable to install such Message Queuing servers on non-domain controllers. If you need to install Message Queuing on a domain controller (because you want to run an application over Message Queuing), it is recommended that you install a Message Queuing server without routing enabled (a server with independent client functionality).

Note

The Windows 2000 Client Support feature has been removed from Message Queuing 5.0. To support message queuing on Windows 2000 down-level clients, at least one Windows Server 2003 or Windows Server 2008 domain controller with Windows 2000 Client Support feature must be configured in the domain.

Note

If you need to install the directory service integration feature of Message Queuing on a domain controller, first follow the steps to grant the Network Service account the Create MSMQ Configuration Objects permission to the computer object in Active Directory Domain Services in the topic Installation Permissions.

To create a server that will provide access to Active Directory Domain Services for Message Queuing 2.0 clients running on Windows 2000 computers, promote the computer to a Windows Server 2008 R2 domain controller. For information about how to promote a computer to a Windows Server 2008 R2 family domain controller, see the Active Directory Domain Services Help topic on installing on a domain controller.

To effectively support computers running Message Queuing 2.0 that are logged on using a local user account, security for Active Directory Domain Services needs to be weakened. Nevertheless, dependent clients cannot run under a local user account, and any computer that sends queries about Message Queuing objects to Active Directory Domain Services on a domain controller directly, rather than through the Message Queuing directory service, will not be able to access Active Directory Domain Services when it logs on using a local user account even if the security for Active Directory Domain Services is weakened. For more information, see Enabling Weakened Security.