Re: Exchange 2007 on DC single server

Tech-Archive recommends: Fix windows errors by optimizing your registry

Right in the deployment documentation:

Installing Exchange 2007 on Directory Servers
For security and performance reasons, we recommend that you install Exchange
2007 only on member servers, and not on Active Directory directory servers.
While installing Exchange 2007 on a directory server is supported, it is
strongly discouraged. However, you cannot run DCPromo on a computer running
Exchange 2007. Once Exchange 2007 is installed, changing its role from a
member server to a directory server, or vice versa, is not supported.

http://technet.microsoft.com/en-us/library/aa996719.aspx

Here are the collected reasons from Exchange MVPs not to install Exchange on
a DC, and the reasons mostly still apply to Exchange 2007. We won't argue
with you that you shouldn't do it when the organization is small, but be
cognizant of and factor appropriately the downside risk.

1. Performing a disaster recovery on a DC is quite a bit more difficult than
on a member server.
2. Once you make the decision to install Exchange on a domain controller,
you cannot demote it later.

3. Exchange 2003 directory services won't fail over to other domain
controllers when it is installed on a domain controller.

4. Exchange admins must have log on locally rights to the Exchange server,
so when Exchange is on a domain controller they must have that right in the
entire domain.

5. Exchange takes longer to shut down when installed on a domain controller.

6. Use the /3GB switch can cause Exchange to monopolize the memory on the
domain controller.

7. All services run under the LocalSystem context, so any attacker gaining
access to Active Directory will also have access to Exchange.


--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Mike Talon @yahoo.com>" <miketalonnyc<NOSPAM> wrote in message
news:uksfatTdHHA.1080@xxxxxxxxxxxxxxxxxxxxxxx
Is the MSFT recommendation not to run Exchange 2007 on a DC documented
anywhere? I have a lot of clients who will put it on a DC unless they see
it somewhere on MSFT's site, and so far I haven't found the warning like
they have on the TechNet site for 2000/2003.

Thanks!

Mike

"Henry" <Henry@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:23DD7FE2-A34D-4D49-9ABF-9497BCA30110@xxxxxxxxxxxxxxxx
Hi
a)
you can have Exchange and DC on a single box but it is not recommended.

b)
Junk-mail thresholds can be per transport server SCL config or at every
single mailbox (set-mailbox).

Henry


"skip" wrote:

Hello

Any issues with installing Exchange 2007 on a DC? I have one server so
everything has to go on this box.

one more question

I will be using the anti spam agents that come out of hte box with 2007.
I
know how to install the agents on the HT server role, but is there a
compand
that i need to run to enable the junk-mail threshold? I was under the
impression that the junk-mail folder wont work unless i turn it on using
a
shell command.

All users are running outlook 2003 sp2




.

Quantcast