Hi All,

I'm running vCenter Server 5.5 on Windows Server 2008 R2 connected to five ESX 5.5 hosts. The server used to be running standalone in a WORKGROUP. I joined the server to my root domain so that I can add a SSO provider and grant rights to users and groups from my root domain and this went fine. At this point Active Directory Domain Services was installed and now nags me that the machine is not a DC and I should run dcpromo.

My objective is to now promote my vCenter 5.5 server to be a domain controller because I want it to be the DC for a new child domain to which all my dev and test VMs will join so that I can use group policy to manage them better. It makes sense to me to use the same Window server that vCenter runs on to do this because it is already licensed. The problem is that dcpromo won't run because TCP ports 88 [Kerberos] and 389 [LDAP] are already in use. I'm pretty sure they are in use by vCenter services. However I am also wondering if there is a conflict between the 'Active Directory Lightweight Directory Service' role and the 'Active Directory Domain Services' role that appeared when I joined my server to the root domain.

Can anyone help direct me on how to proceed?

Do I change the default LDAP and Kerberos ports used by vCenter and does that mean I need to reconfigure ESX hosts too? If so how does one do that?

Do I need to do something to the Active Directory Domain Services role, or the Active Directory Lightweight Directory Service role to allow me to run dcpromo?

Is what I'm doing a really bad idea?

Should I be running a separate (virtualized) Windows server as my DC and not trying to co-exist Active Directory Domain Services and vCenter?

If anyone else has done this and can offer any advice it would be much appreciated as I'm a bit stuck now.

Many thanks, Andy.