AD DS: The ADWS service must be running on this domain controller

  • Article

Updated: August 31, 2012

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Active Directory Domain Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).

Operating System

Windows Server 2008 R2

Windows Server 2012

Product/Feature

Active Directory Domain Services (AD DS)

Severity

Error

Category

Configuration

Issue

The Active Directory Web Services (ADWS) service is stopped on this domain controller.

Impact

The Active Directory Domain Services Best Practices Analyzer (AD DS BPA) that is running on this domain controller cannot invoke the Active Directory module for Windows PowerShell script to collect and validate configuration data from the Active Directory environment that this domain controller belongs to.

When you run the AD DS BPA scan on a domain controller, the BPA engine invokes the AD DS BPA Windows PowerShell script that collects configuration data from the Active Directory environment that this domain controller belongs to. If the ADWS service on this Windows Server 2008 R2 server is stopped or disabled, AD DS BPA running on this domain controller cannot invoke the Windows PowerShell script to collect and validate configuration data from the Active Directory environment to which this domain controller belongs.

Resolution

Make sure that the ADWS service is running on this domain controller.

ADWS is a new Windows Server 2008 R2 service that provides a Web service interface to Active Directory domains, Active Directory Lightweight Directory Services (AD LDS) instances, and Active Directory Database Mounting Tool instances that are running on the same Windows Server 2008 R2 server as the ADWS service.

The ADWS service is installed automatically when you add the AD DS or AD LDS server roles to your Windows Server 2008 R2 server. The ADWS service is configured to run if you make this Windows Server 2008 R2 server a domain controller by running Dcpromo.exe or if you create an AD LDS instance on this Windows Server 2008 R2 server.

For more information about promoting a server to be a domain controller, see AD DS Installation and Removal Step-by-Step Guide (https://go.microsoft.com/fwlink/?LinkID=139657). For more information about creating an AD LDS instance, see Step 2: Practice Working with AD LDS Instances (https://go.microsoft.com/fwlink/?LinkID=148210).

You can use the following procedure to query whether ADWS is running or stopped on your domain controller. You can use this procedure to query the local domain controller or a remote domain controller.

Membership in the Built-in Administrators group on the computer where you run the command, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To query whether ADWS is running or stopped on a domain controller

  1. Click Start, right-click Command Prompt, and then click Run as administrator.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  3. To query whether the ADWS service is running on the local domain controller, type the following command, and then press ENTER:

    sc query adws

    To query whether the ADWS service is running on a remote computer, type the following command, and then press ENTER:

    sc \\<hostname> query ADWS

    where <hostname> is the name of the computer that you want to query.

Use the following procedure to restart the ADWS service.

To restart ADWS

  1. Click Start, click Administrative Tools, and then click Computer Management.

Note

Computer Management is also available under Administrative Tools as part of Remote Server Administration Tools (RSAT), which you can install on computers from which you can remotely manage your Active Directory domain controllers. To download and install RSAT, see Remote Server Administration Tools for Windows 7 (https://go.microsoft.com/fwlink/?LinkID=130862).

  1. Double-click Services and Applications, and then click Services.

  2. Right-click Active Directory Web Services, and then click Start.

Additional references

For more information, see What's New in AD DS: Active Directory Web Services (https://go.microsoft.com/fwlink/?LinkID=141393).