Hi In theory you should run Terminal Services and RAS server on Member Servers, your Domain controllers should be DC's only, it is also recommended that DC's should not be installed on VM's due to the nature of AD NTDS.dit even on a physical disk, dick caching needs to be disabled.
It is debabtable of course. So the answer to your question is none, create a new VM and make it a member server. In reality with limited physical resources etc, you can run all services from one server ( like a small business server) you will have to force strict registry enforcements via GPO, however i recommend if you install your RAS and Terminal services on Separate VM's. Regards Mat Sealy. ________________________________________ From: [email protected] [[email protected]] on behalf of Alberto Medina [[email protected]] Sent: 13 December 2010 16:19 To: [email protected] Subject: Windows Server Roles Hi all, I'm planning in migrating some servers to VM's for separate some roles and for and replace some old servers. Currently we have 2 domain controllers, one on Windows 2000 and other in Windows 2003. Windows 2000 is the primary domain controller and W2K3 is Domain Controller, Terminal Services, and DHCP (and of course DNS for AD), and I want add VPN server for remote access. I have found that is not recommended to run DHCP or Terminal services in a Domain controller, so I want separate those roles to VM's but I want to know which of this roles can I run together in a VM without affecting security. Please let me know your opinions about this. Thank you and Best Regards, Alberto Medina ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. ______________________________________________________________________ -------------------------------------------------------- The content of this e-mail (including any attachments) is strictly confidential and may be commercially sensitive. If you are not, or believe you may not be, the intended recipient, please advise the sender immediately by return e-mail, delete this e-mail and destroy any copies. --------------------------------------------------------
