Installing on a domain controller

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Installing on a domain controller

If Message Queuing is being installed only on Windows Server 2003 family computers in a particular site, there is no need to install Message Queuing on a domain controller in that site because Message Queuing clients on Windows Server 2003 family computers can access Active Directory directly. However, if you intend to install Message Queuing on a Windows 2000 computer in a site, you must install Message Queuing with Downlevel Client Support on a Windows Server 2003 domain controller in the site, or install a Message Queuing server on a Windows 2000 domain controller in the site, or promote the Windows 2000 computer on which you want to install a Message Queuing server to a domain controller. In addition, even in a pure Windows Server 2003 family enterprise, enabling routing services for Message Queuing servers running on domain controllers may degrade performance. It is therefore preferable to install such Message Queuing servers on nondomain controllers. If you need to install Message Queuing on a domain controller (because you want to run an application over Message Queuing), it is recommended that you install a Message Queuing server without routing enabled (a server with independent client functionality).

To create a server that will provide access to Active Directory for Message Queuing 1.0 clients on Windows 95, Windows 98, Windows Millennium Edition, Windows NT 4.0 computers, or Message Queuing 2.0 clients running on Windows 2000 computers, promote the computer to a Windows Server 2003 domain controller. For information on how to promote a computer to a Windows Server 2003 family domain controller, see the Active Directory Help topic on installing on a domain controller.

Furthermore, before you can install MSMQ 1.0 on clients running on Windows NT 4.0, Windows 98, or Windows 95 computers, in a Windows Server 2003 domain, there must be at least one domain controller running the Message Queuing directory service (Downlevel Client Support component) or Message Queuing 2.0 that is configured as a global catalog server in the local site from the domain of each computer on which you want to install MSMQ 1.0. For information on how to configure a domain controller as a global catalog server, see Configure a domain controller as a global catalog server. For more information on the global catalog in Active Directory, see The role of the global catalog. Note that the Message Queuing Downlevel Client Support service must run under the default LocalSystem account.

For each applicable domain controller, also verify that it is trusted for delegation before installing Message Queuing. This property is enabled by default. If this property is disabled, the Message Queuing service cannot run. For information on how to verify that this property is enabled, see Make a domain controller trusted for delegation.

If you install a Message Queuing server with Downlevel Client Support on a domain controller and security has not been weakened in your forest to support MSMQ 1.0 clients or Message Queuing 2.0 clients logged on with local user accounts, Setup prompts you about whether or not to weaken security. This mode of operation is optional. However, to effectively support computers running MSMQ 1.0 and computers running Message Queuing 2.0 that are logged on using a local user account, security for Active Directory needs to be weakened. Nevertheless, dependent clients cannot run under a local user account, and any computer that sends queries about Message Queuing objects to Active Directory on a domain controller directly, rather than through the Message Queuing directory service, will not be able to access Active Directory when it logs on using a local user account even if the security for Active Directory is weakened. For more information, see Enabling weakened security.

For information on how to install a Message Queuing server after all requirements are met, see Install Message Queuing servers.

Important

  • When you make a change from a computer running a Windows Server 2003 operating system against directory service objects belonging to computers running Windows 95, Windows 98, Windows NT 4.0, or Windows 2000, these earlier computers are unable to receive notification about the change from the Windows Server 2003 family computer. To resolve this, Active Directory detects by default that the object belongs to an earlier computer and attempts to make the change without accessing Active Directory directly. To override this default behavior:

    • For a single computer, set the DisableDownlevelNotifications key in the registry.

    • For an enterprise-wide system, set the PROPID_E_CSP_NAME attribute in the msmq enterprise object.

  • Each Windows Server 2003 family site containing MSMQ 1.0 clients running on Windows NT 4.0, Windows 98, or Windows 95 computers must contain at least one Windows Server 2003 domain controller that is running the Message Queuing directory service (Downlevel Client Support) and is configured as a global catalog server or at least one Windows 2000 domain controller that is running Message Queuing and is configured as a global catalog server from the domain of each such client. This is required to enable such clients to communicate with Message Queuing servers. For information on how to configure a computer as a global catalog server, see Configure a domain controller as a global catalog server.