well you can't separate a GC from a DC and if you want to use secure DDNS (which is what you should do) then this also HAS to be on a DC.
The question really is, should DHCP or even the file/print services run on a DC or not. It's been discussed many times in this forum - you should have a look at http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q255134 to help you decide on DHCP on a DC - it's not generally recommended (mainly if DHCP is used to register clients in DNS), but it's doable if you take the precautions mentioned in the article above (which is to give the DHCP service special credentials so that it doesn't use the local system/computer account to do it's work). File/Print is a different story. One of the issues here is administration - usually other people administer shares and permissions on File Servers. If on the other hand these are the same as your domain admins, then it really makes no difference (other than that you'll want to ensure to use sufficiently powerful HW). In general I prefer these services separated, but in a small or branch office environment, you might run into this question. Don't forget to deal with the backup/restore scenario, while considering adminstrative duties... If non-domain admins are responsible for the FS data and need to restore it, then it can't be on the DC. The other issue is stability - print servers are generally prone failures caused from printer drivers. Also people installing printers need to have permissions to install drivers; again, this could cause some pain and risks, if these are not the domain admins themselves. Mainly for stability reasons, I would not want to combine a DC with a print-server. I'd rather go with a separate external printer appliance (even better to keep it off of the file-server). So in the end, if you do want all these services in a location and administration is all done centrally, 1 server as DC, DNS, DHCP, FS + 1 server as PS (or printing appliance) is possible. If adminstration of domain and FS need to be separated, then your back to 1 DC/DNS/DHCP + 1 FS/PS (or even 1 FS + 1PS). BTW, this is all for smaller locations. For larger ones you should stick to the best practice to separate your core services. I.e. 1 DC/DNS + 1 DHCP (or even a DHCP cluster in a large site) + 1 FS + 1 PS. /Guido -----Original Message----- From: John Strongosky [mailto:[EMAIL PROTECTED] Sent: Samstag, 22. M�rz 2003 01:27 To: '[EMAIL PROTECTED]' Subject: [ActiveDir] What Services/Server's can be combined with Active Directory. In our planning group we are having a discussion on what server's/services do we need to combine or can combine for our AD deployment. I have looked thru allot of Technote's there is not one definitive answer. Can anyone point me to a source or answer this for me. We are thinking of combing: DC,dns and gc's on a server, file and print and dhcp on another in our sites or DC, dns, gc on a server, file and print on a server and dhcp by itself. john List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
