General discussion

  • Creator
  • #2257462

    Exchange vs. AD/domain controller


    by lvaquerano ·

    Here is my dilemma, I currently running on a Dell PowerEdge server several services,
    Exchange, Active Directory/Domain controller, Shared files, Norton AV Corp.
    We recently purchase another server to divide this services in.

    I would like to reduce the number of services running on this server,
    But I?m not quiet sure how to divide the services or/and what will be the easiest/less complicated
    way of doing this. And what I mean is,
    should I moved the Exchange to the new server???
    leaving AD/Domain controller and NAV/Shared files in the old one
    or should I moved AD/domain controller/NAV and Shared files to the new one???
    what ever I moved over to the new server I have to consider all the changes I will
    be force to do on my firewall, down time etc?.

    Please advice.

All Comments

  • Author
    • #3212831

      move exchange

      by w2ktechman ·

      In reply to Exchange vs. AD/domain controller

      But before totally removing it from the old svr, make sure it is working properly.
      Moving the whole AD may cause too many problems, network-wide, as moving exchange would only be email-wide (lesser of the 2).

      Unless you also had other network issues.

    • #3212813

      Move Domain Controller

      by faradhi ·

      In reply to Exchange vs. AD/domain controller

      Best Practices are that the domain controller should be on its own box.

      Remember that domain controllers do not have a local admin. The local admin is the administrator account of Active Directory.

      Therefore, if some service that is running on the DC is compromised in such a way to elevate privileges to local administrator, the attacker has full access to everything on your network.

      –edited for speling

      • #3213664

        move exchange.

        by cscott ·

        In reply to Move Domain Controller

        You can not uninstall the domain controller with out breaking exchange. so it would be your best bet to move exchange to another box.

        • #3213633

          move exchange ….

          by laduerksen ·

          In reply to move exchange.

          Please elaborate on that. Are you saying that if your original domain controller goes away Exchange gets broken? Why can’t you move your domain by adding a secondary domain controller and demoting the first? My main reason for having a secondary domain controller is to keep Exchange going if something should happen to the first domain controller. What am I missing here?

        • #3213627


          by cscott ·

          In reply to move exchange ….

          From my experience you can not demote a domain controller running exchange, Even if you have other domain controllers. It screws up the permissions for exchange., and exchange will not start up again.

          In the end if you demote the the domain server running exchange, you will have to reinstall exchange after..

          So if you are not looking at wiping the box and starting over, it would be simplest if you move exchge.
          Btw I believe Microsoft has a white paper on this issue..

        • #3213580

          re: re:

          by laduerksen ·

          In reply to re

          Got it.

          Yes, I now understand why you were saying that. I know alot of strangeness happens when running Exchange on a domain controller. Because of time, hardware failures and new hardware availability I had to install Exchange on a Domain controller but moved Exchange off to another server just as soon as possible, cause everyone warned of possible problems including Microsoft District Engineers. I understand that SBS has specially modified version of both to make things work together better.

Viewing 1 reply thread