Re: position of a new DC

---

• From: "tree leafs" <treeleafs@xxxxxxxxxxx>
• Date: Sun, 21 Oct 2007 10:06:46 +1000

---

Hi Austin,
I guess you might have a very big AD.
How many users, sites, and OUs etc. in your AD?

"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:3FqSi.11665$dM4.2553@xxxxxxxxxxxxxxxxxxxxxxxx

Hi Tree,
It wasn't detailed, the explanation. Is that what your Microsoft TAM tells
you?
Even 3rd party AD apps on my DCs give me the hibbie jibbies!

Regards,

Austin

"tree leafs" <treeleafs@xxxxxxxxxxx> wrote in message
news:%23Y5qfpxEIHA.4628@xxxxxxxxxxxxxxxxxxxxxxx

Hi Austin,
thanks for the detailed explanation.
So the major concern is the security. Is there anything to do with the
performance?
I understand your concern, but as far as the security is concerned,
having access to the shares on a file server does not necessarily give
users access to the server itself. By default, normal users will not be
able to remotely logon into the DCs. Nor can they execute programs on the
file server, unless it is also a terminal server.
In reality, nowadays it's very hard to purchase a new server that just do
the DC but nothing else. In reality, people tend to put DC(s) on newest
and/or most powerful server(s) as it is more reliable.


"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:emDVfWxEIHA.4296@xxxxxxxxxxxxxxxxxxxxxxx

:-)
OK.
Your DC is probably your most important security device on your network.
It holds your account database and as such, you'd want to restrict
access to it.
Using it as a "File Server" obviously defeats this objective.
As far as Exchange is concerned, it's a bit more complex. Even though
it's supported, it's not "Best Practice" and not usually recommended.
Plus, you could get yourself into all kinds of headaches if you DCpromo
out a DC with Exchange running on it or subsequently take Exchange off
the DC. Kind of locks you into the move.
I guess it all falls down to risk analysis, funding and what your
religious bias is.. Maybe that's why I don't do SBS..
Even within funding constraints, my belief is to have DCs on "well
scaled" servers. They don't have to be the biggest and most expensive
boxes out there.
To those who believe, no explanation is necessary. To those who don't,
no explanation is possible. Unfortunately, you'll get this all the time
from SBSers ;-)

Regards,

Austin


"tree leafs" <treeleafs@xxxxxxxxxxx> wrote in message
news:%23wzM1WwEIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx

Can you explain why? That means if I want to have two DCs in a domain
(and in same site) I would have to have 2 dedicated DCs, right?
In reality I see so many implementations that a DC is also a file
server or an exchange server. In SBS, the DC is also everything else.
Thanks,

"Austin Osuide" <austin@xxxxxxxxxxx> wrote in message
news:TF4Si.23$K92.13@xxxxxxxxxxxxxxxxxxxxxxxx

Hi Tree ;-)

The answer you'll get is: YES!

Regards,

Austin

"tree leafs" <treeleafs@xxxxxxxxxxx> wrote in message
news:uDPcOrkEIHA.4228@xxxxxxxxxxxxxxxxxxxxxxx

but this is not the only DC in the domain.
do you mean a DC can not take any other roles?

"Troy McClure" <n@xxxxx> wrote in message
news:uHpkwQkEIHA.4308@xxxxxxxxxxxxxxxxxxxxxxx

obviously neither. a DC should be a dc and nothing more



"tree leafs" <treeleafs@xxxxxxxxxxx> wrote in message
news:u%23%23U4ojEIHA.4400@xxxxxxxxxxxxxxxxxxxxxxx

Hi,
I need to rebuild a major file server and an exchange server and
then promote one of them to be a new DC, which one should I choose?
the exchange server or the file server? which is better? Or neither
of them?

.

---

• Follow-Ups:
  • Re: position of a new DC
    • From: Austin Osuide

• References:
  • position of a new DC
    • From: tree leafs
  • Re: position of a new DC
    • From: Troy McClure
  • Re: position of a new DC
    • From: tree leafs
  • Re: position of a new DC
    • From: Austin Osuide
  • Re: position of a new DC
    • From: tree leafs
  • Re: position of a new DC
    • From: Austin Osuide
  • Re: position of a new DC
    • From: tree leafs
  • Re: position of a new DC
    • From: Austin Osuide

• Prev by Date: Re: position of a new DC
• Next by Date: Re: position of a new DC
• Previous by thread: Re: position of a new DC
• Next by thread: Re: position of a new DC
• Index(es):
  • Date
  • Thread

---

Relevant Pages OWA... Cant get it to work. ... Do you install iis together with the exchange server in ... with the Microsoft Outlook Web Access components that are ... Microsoft Exchange Server ... (microsoft.public.exchange.misc) RE: Catchall not working, EXTERNALLY? ... Exchange server 2003 supports multiple clients, such as OWA, MAPI ... Microsoft CSS Online Newsgroup Support ... When I open the connection (over internet) to my exchange account, ... (microsoft.public.windows.server.sbs) RE: Catchall not working, EXTERNALLY? ... Microsoft CSS Online Newsgroup Support ... but we will start using the exchange server fully ... When I open the connection (over internet) to my exchange account, ... (microsoft.public.windows.server.sbs) Re: Exchange 2003 SBS #4.4.7 NDR TO OUR SERVER ... SP1/SP2 can be applied all exchange 2003 server. ... This newsgroup only focuses on SBS technical issues. ... Pack 2) when looking at the properties of the exchange server in system ... I can send you the SMTP log but there is no entry for the incoming ... (microsoft.public.windows.server.sbs) [NT] Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (MS04-002) ... Access on Windows 2000 and Windows Server 2003, ... back-end Exchange 2003 servers that are running Windows Server 2003. ... Kerberos authentication is used as the HTTP authentication ... Windows Server 2003 server that also functions as an Exchange Server 2003 ... (Securiteam)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.active_directory  > 2007-10