Guido, thank you very much for the in depth discussion, and my appoligies to
the list as I should have looked in the archives first.
___
\\ - - //
([EMAIL PROTECTED]@--)
+-----------------oOOo-(_)-oOOo------------------+
| \\_////|\\\\_//
|
|John M. Strongosky,
|San Diego Community College
|District Email Administrator
|Phone: 619.388.6725
|"8bits down a wire, spoken words fly away,
|while written word's stay on"
+--------------------------Oooo------------------+
oooO ( )
( ) ) /
\ ( (_/
\_)
Remember 9/11, In an Atom Bomb, Chemical, and Biological Detonation
we are all Downwinder's...
-----Original Message-----
From: GRILLENMEIER,GUIDO (HP-Germany,ex1)
[mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2003 11:12 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] What Services/Server's can be combined with
Activ e Directory.
well you can't separate a GC from a DC and if you want to use secure DDNS
(which is what you should do) then this also HAS to be on a DC.
The question really is, should DHCP or even the file/print services run on a
DC or not.
It's been discussed many times in this forum - you should have a look at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q255134
to help you decide on DHCP on a DC - it's not generally recommended (mainly
if DHCP is used to register clients in DNS), but it's doable if you take the
precautions mentioned in the article above (which is to give the DHCP
service special credentials so that it doesn't use the local system/computer
account to do it's work).
File/Print is a different story. One of the issues here is administration -
usually other people administer shares and permissions on File Servers. If
on the other hand these are the same as your domain admins, then it really
makes no difference (other than that you'll want to ensure to use
sufficiently powerful HW). In general I prefer these services separated,
but in a small or branch office environment, you might run into this
question. Don't forget to deal with the backup/restore scenario, while
considering adminstrative duties... If non-domain admins are responsible
for the FS data and need to restore it, then it can't be on the DC.
The other issue is stability - print servers are generally prone failures
caused from printer drivers. Also people installing printers need to have
permissions to install drivers; again, this could cause some pain and risks,
if these are not the domain admins themselves. Mainly for stability reasons,
I would not want to combine a DC with a print-server. I'd rather go with a
separate external printer appliance (even better to keep it off of the
file-server).
So in the end, if you do want all these services in a location and
administration is all done centrally, 1 server as DC, DNS, DHCP, FS + 1
server as PS (or printing appliance) is possible.
If adminstration of domain and FS need to be separated, then your back to 1
DC/DNS/DHCP + 1 FS/PS (or even 1 FS + 1PS).
BTW, this is all for smaller locations. For larger ones you should stick to
the best practice to separate your core services. I.e. 1 DC/DNS + 1 DHCP (or
even a DHCP cluster in a large site) + 1 FS + 1 PS.
/Guido
-----Original Message-----
From: John Strongosky [mailto:[EMAIL PROTECTED]
Sent: Samstag, 22. M�rz 2003 01:27
To: '[EMAIL PROTECTED]'
Subject: [ActiveDir] What Services/Server's can be combined with Active
Directory.
In our planning group we are having a discussion on what server's/services
do we need to combine or can combine for our AD deployment. I have looked
thru allot of Technote's there is not one definitive answer. Can anyone
point me to a source or answer this for me.
We are thinking of combing: DC,dns and gc's on a server, file and print and
dhcp on another in our sites or DC, dns, gc on a server, file and print on a
server and dhcp by itself.
john
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
