Then the mail server wouldn't have the added load of AD, replication, authenticating windows users, etc, to deal with.You should be able to configure replication to be performed only once per hour, for example, and turn down (and effectively turn off if other servers are up) the machine's eligibility to service network users using the LdapSrvPriority value.
I've thought about doing this if/when load becomes an issue. Right now, this is our fastest box so it is handling both tasks quite well. Never looked into HOW exactly to do it. Thanks for saving me the research time. ;-)
The speed of having the IMail authentications performed locally, rather than over the network, cancels out the penalty of occasional replication.
Ah...good point. I hadn't thought about it long enough to realize that IMAP/POP authentication happens every time mail is checked/sent/etc. But Windows authentication can be cached which is why other services would not have this issue on member servers. I imagine the performance hit would be on the same order as the external SQL database. And in small to mid-sized LAN environments like ours (where I would guess the NT authentication is likely used most), it would still be a desirable option.
The biggest reason I would like to be able to run IMail on a member server but use the AD database is that I've seen too many problems where running other services on a DC caused problems. I don't think anyone (including Microsoft) would recommend running application services of any kind on your DCs. It's asking for trouble. We've had print services running on a DC that was causing the server to spontaneously reboot cause corruption. We've had FRS issues cause performance problems with our mail server and file servers. So it can go both ways. Ideally, I want apps on app servers, files on file servers and nothing but AD on DCs.
--Todd.
