- This means that without rebooting you might disable AD related services such as DNS AD-Integrated Zones, FRS, or Inter-site Messaging on that server. This is why it is so important to have a Department of Redundancy Department to ensure fault tolerance in your network!
- You cannot run DCPROMO when stopped except with /ForceRemoval
- Maintenance is speedier without the reboot
- Other non-ad related services on the server can still function to support clients
- Domain Admins can still log on to the domain controller (via another online DC) even when the local AD DS service is stopped
- You can log on as the DSRM Safe Mode administrator, but only if you have set the registry to allow this behavior ahead of time: HKLM\System\CurrentControlSet\Control\Lsa\DSRMAdminLogonBehavior set to 1
- Administrators can mark items for an authoritative restore
- You cannot perform a system restore while the AD DS service is stopped. The system restore operation must always be executed from DSRM mode.
- Stopping the Active Directory Domain Service will impact the ability to authenticate domain clients and Active Directory applications.
I like to stop the service (and dependencies) nicely with PowerShell:
$ntdsdep = get-service ntds -dependentServices
and of course to start it...