I've seen too many problems where running other services on a DC caused problems. I don't think anyone (including Microsoft) would recommend running application services of any kind on your DCs. It's asking for trouble. We've had print services running on a DC that was causing the server to spontaneously reboot cause corruption. We've had FRS issues cause performance problems with our mail server and file servers. So it can go both ways. Ideally, I want apps on app servers, files on file servers and nothing but AD on DCs.--Todd.On our small corporate network (a few hundred client pc's and 4 servers), both our DC's (Win2k Server) have SQL Server running for various apps. One DC is also our print server for the network, 20 or so printers - 8GB spool drive, the server antivirus server, and our file storage server for roaming profiles and personal storage. The other DC is also our RAS VPN server with ~40 connections at one time all day, and our email server which includes the email handler (Imail 8.05hf3), the email anti-spam (ASSP) and the email antivirus gateway (Interscan). Handles 3500 emails in and 500 out daily with a few hundred virus laden emails and 50% spam running an average ~10% cpu with rare spikes approaching 100% but usually less than 70% and commonly dips down to 0-3%. I agree with your ideal, but economics dictate that we use our DC's for more than just AD. We are not having any problems running other applications and services on our two domain controllers.
Your installation is about the same size as ours. The only exception is that our AD domain is a child domain of our entire campus and there is a lot more domain-to-domain replication going on here with about a dozen other child domains.
I should clarify...we never had any problems CAUSED by the combination of app/file services on a DC. But rather problems with one of those aspects adversely affects the other. As I mentioned...when we had file/print issues, it caused AD corruption from the server bouncing. And when we had AD/FRS issues, it bogged down the mail services. AD is probably the most critical service to us, therefore it's important to isolate it from the others.
--Todd.
