However MS does support DCs on Virtual Server if the guidelines in this whitepaper are strictly followed:
http://www.microsoft.com/downloads/details.aspx?FamilyId=64DB845D-F7A3-4 209-8ED2-E261A117FC6B&displaylang=en Alberto Boczar [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: quarta-feira, 16 de fevereiro de 2005 17:24 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC or not DC Couple of issues. No Microsoft products are supported by MS on VMWARE, you have to duplicate the problem on physical hardware which may be feasible sometimes, but not all of the time and maybe not even most of the time. MS doesn't support Exchange in any virtual environment, including their own. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fuller, Stuart Sent: Wednesday, February 16, 2005 2:34 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC or not DC I hate to drag this off subject slightly and since no one has mentioned it, but isn't the whole point of Microsoft Virtual Server and VMware GSX/ESX so that you can run multiple servers on the same physical server and not have the application/security/resource conflicts that you can get by running everything on one server? At the last MS TechEd several of the MS people I talked to were pitching Virtual Server as *the* solution to the "I only have one server" and branch office scenarios. -Stuart Fuller -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, February 16, 2005 9:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC or not DC Yeah MS has always said best practice is not to put back office apps or IIS on domain controllers for as long as I can recall. Ditto file and print. There are possible resource and security issues. Then they have SBS.... SBS bothers me because you take everything MS has every said and you say, hmmm, forget about it.... At that point, what do you and don't you listen to from MS? My thoughts? Listen to all of it but don't trust any of it until you have proven it yourself. I generally (there are exceptions to make the rule) consider anything from MS as propaganda until I have proven with my direct experience or it has been stated to me by my very few trusted advisors. Like if Dean tells me something, I tend to listen closely, I may argue, but I start from a losing position because if I don't agree it is probably because I don't understand through no fault of Dean's explanation. Many conversations I have with Dean start out with me thinking, oh shit, he expects I know what I am talking about with this functionality... With Rick, well you argue with Rick about everything because he is a hoot to argue with. With Deji... Check it twice - all of it. ;oP Tony... Never argue with Tony's dinner wine choice, never. My thoughts are that if you have a company small enough that SBS works for you. You probably won't have too many resource issues unless you have some serious power users. However security concerns will *always* be there simply because you are adding additional vectors. You can't add more services to service users and NOT open up more possible security holes. Additionally one of the methods for fixing replication hangs and such in AD is a reboot because attempting to stop and start the AD services is less than helpful. Tougher to do that when you have people using fixed services such as F&P, SQL, Exchange, etc as they tend to get cranky when the server side of the equation disappears. My personal reaction to anything but DHCP/DNS/WINS on a DC are sort of a blanched look and I don't even really like DHCP/WINS/DNS on the DC because I think that also raises the security vectors too much. Keep in mind, AD is the bastion of your enterprise security. Why give people holes to poke at to see if they can compromise the entire forest? joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Wednesday, February 16, 2005 11:24 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DC or not DC If you have the resources on the box and can not afford to purchase a new box for SQL or Exchange, then you are stuck with the only one option. However, I am a big believer of keeping the server roles separate. I find that the overhead of SQL (and even Exchange) is rather high during peek times. And, if SQL runs on the DC, this may cause latency issues with DNS lookups, group policy updates to clients and/or log in issues. I believe that Microsoft's best practices said to keep things separate. (But, I may be dreaming...Like I often do...) However, with everything that I have said, it is just my opinion and is dependant on how many users you have and if your company can afford the cost. ***************************************** Steve Shaff Active Directory / Exchange Administrator Corillian Corporation (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alonzo Hess Sent: Wednesday, February 16, 2005 7:01 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DC or not DC Last night I received the latest MCPMag email newsletter and always read the questions that people ask. I was kind of surprised by the opening sentence of the question. "I know that the Microsoft gospel is never to run Exchange, SQL Server, etc. on a domain controller." I've never seen or heard this before. I realize having the server be a DC would add some overhead, but what are the lists thoughts on this? Good or Bad? Thanks, Zo List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
