Background Past-- I inherited a2 server farm. WFE-A,SQL-A -- The environment had several DCs, including WFE-A as a DC (don't even get me started here...)-- WFE-A is running WSS 3.0Background Present-- I implemented a two new servers. WFE-B, SQL-B-- Neither of these are DCs-- WFE-B is going to run MOSSNote: When you install SharePoint, it creates several local groups and provisions accounts to these groups and their permissions are applied throughout SharePoint where appropriate. They are: WSS_ADMIN_WPG, WSS_RESTRICTED_WPG, and WSS_WPG. However, if you install SharePoint on a DC (which does not have local groups), it will create those groups as AD Groups, not local groups. So, currently WFE-A is running WSS 3.0 with these three groups in AD.My ProblemAfter installing MOSS on WFE-B, the accounts for MOSS are appropriately in their 3 respective local groups. However, the AD Groups that were running WSS 3.0 on WFE-A are now missing from AD, and WSS is down on WFE-A.The Actual Question:Can anyone confirm for me that installing MOSS in the environment would have actually removed those groups from AD? My gut tells me yes, and this is what I'm currently believing happened in this environment. However, I don't have any virtuals that I can test this out on.Thanks,ps: Feels odd to be posting a question, instead of answering a question. :) Dan LewisSharePoint Comic

Dan,If you have access go into your DC or open an MMC for AD Users and Computers. Once in there go to View in toolbar and click advance features then have a look at your users. Are they indeed still missing?Adding also that this is a very poor implementation decision. Bob Fox [MVP WSS]

Bob - would it be possible to explain why it's poor implementation decision to help us newbies?TIATony

Hi Tony, The service account used in SharePoint was created by yourself before installing SharePoint, and SharePoint will not delete them anyway. Yes, the WSS_ADMIN_WPG, WSS_RESTRICTED_WPG, and WSS_WPG groups would be deleted, but no account would be deleted. By adding MVP Bobs suggestions, I do not suggest you to install SharePoint on DC, because it should decrease the performance of DC and impact the whole domain. For more information on planning and architecture, refer to the downloaded book: Planning and architecture for Office SharePoint Server 2007, part 2 (http://go.microsoft.com/fwlink/?LinkId=85548&clcid=0x409, file size of approximately 10.5 MB. Publish date: April 2009.) Hope the information can be helpful. Lambert Qin TechNet Subscriber Support in forum If you have any feedback on our support, please contact mtngfb@microsoft.com Sincerely, Lambert Qin Posting is provided "AS IS" with no warranties, and confers no rights.

Agreed - it shouldn't be installed on a DC. I'm still recovering just from getting the environment back up and running - so haven't had a chance yet to test if the groups are in fact deleted if SharePoint is subsequently isntalled on a member server in the same domain.I'll upate this post after testing.Dan Lewis SharePoint Comic

Hi Dan, Would you please let me know if you got the result after testing. If you need further assistance, please feel free to let me know. Have a nice day. Lambert Qin TechNet Subscriber Support in forum If you have any feedback on our support, please contact mtngfb@microsoft.com Sincerely, Lambert Qin Posting is provided "AS IS" with no warranties, and confers no rights.

Do not shut [:)] I done the SPF2010 install on a domain controller. Step-by-step in my blog post.