Why won't you run extra things on your firewall server? For security?
That is he same reason why you shouldn't run extra things on your DC.
The DC is your primary security point for your entire Windows
infrastructure. At most I would run DNS and WINS on it.
I would also have more than one DC or be intimately familiar with how to
do a recovery so you know exactly how long your entire Windows
environment will be down when it blows up.
You may also want to look at SBS. They do a lot of things with SBS that
aren't really considered by most companies to be best practice for how
you treat your DC but it sounds like you have a small business and most
small businesses are willing to sacrifice security for cash. If you do
so, at least do it on a platform that was set up with that in mind.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
David wrote:
> small company with only a few servers and under 40 users.
>
> In general what network services are ok to run on a 2003 domain controller?
> I realize ideally there should be nothing but AD on it (mainly for security
> reasons if I understand correctly) but there are some things that really
> should *not* be running on a DC for other known issues... what are they?
>
> for lack of hardware reasons I need to consolate as many services as
> possible between 4 servers. One of those servers does nothing but act as a
> firewall and I'm not even considering it to do anything but that. That
> leaves me 3 servers to divide up the following:
>
> standard network services:
> AD/DNS
> WINS
> DHCP
> File & Print services
>
> production servers:
> EXCHANGE 2003
> SQL 2000 production database
> Symantec Antivirus Enterprise
>
> I realize if your still reading you are probably thinking that you have no
> idea what level of hardware I have and so there is no way to suggest
> anything. I am not considering user load at this point (yet), only what
> services can play together without causing stability issues.
>
> I am considering running everyting listed under 'standard network services'
> on one server and this post is the beginning of me looking into whether or
> not I should do that. Since i've written this much I mind as well also
> include where I am looking at putting everything else. This is my initial
> plan that I need to research for problems.
>
> server 1) firewall
> server 2) AD / DNS(AD integrated) / WINS / DHCP / File & Print
> server 3) Exchange 2003 / symantec parent server
> server 4) SQL 2000 / additional DC
>
> the reason I started the post was to start looking into what is ok to run
> with AD but at this point I guess I should just say any input on any of this
> is welcome and would be appreciated. Thanks.
>
>
Similar Threads
Linear Mode
