• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:


Hi There

I have a new server which i want to add into our network.

I am going to make it a member server, my question is...

I need to install exchange on that box, would i need to have AD running on that box?  Put it to you this way, I dont want my exchange running on a domain controller...

1 Solution
Exchange server need full access to your Active directory services, but it is not necessary to install it on the domain controller.
Can I ask why you don't want Exchange running on a DC?
hitechautoAuthor Commented:
Well this is what i have experienced.

When stopping the exchange services on the DC, the performance of the machine including the LAN increases by 15-20% almost instantly.  We have got two domain controllers running AD, and exchange with about 70-75 exchange users.  We also run very tight system policies which normally take a while to puch through to the client.  When stopping all the exch. services there is a vast inprovement in the performance on the machines.

I have also spoken to a few people at Dimension Data and they recommend that exchange runs on it's own box as a member server not a domain controller, I went and had a look at one of there sites with the same setup and it makes quit a big impact on the system as opposed to having it on a DC.  Exchange requires alot of resources, as it is a domain controller is constantly busy even more when two are running and we have alot of clients requesting all day.

You should actually try it and see for yourself, it works really well.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Thank-you - a very interesting point!  I will test this myself to see.
Personally, I avoid exchange like the plague...so someone more fluent with exchange may correct me if I'm wrong but...

The way I understand it, I believe AD does have to be running (or at least it is recommended that it is used in an AD environment), but it doesn't have to be on a box that is a DC.  Once you have the new Exchange server machine up and running (juat the core OS, not Exchange itself yet) and join the box to the existing domain...then install Exchange and you're good to go.

I apologize if I'm mistaken, but this is how I understand one way it can be done.
Andrey_go's answer was correct - AD does not need to be installed on the Exchange machine.  So long as the Exchange machine is a member server of the domain, Exchange can be installed correctly.  All it needs is access to Active Directory.
I interpreted "running AD" as using AD's features....as in being a member of the domain.  If "having AD running" means making the box a DC, then I just had a terminology confusion in my post.  I did state " it doesn't have to be on a box that is a DC"...so I guess all I did was say the same thing Andrey_go said but used more bandwidth to do so haha.

I'm not sure why this is worth 500 points or why it was re-opened even after reading FAQ mentioned by the cs admin.  The correct advice has been offered several times here.  Exchange does not need to be placed on a DC, in fact Microsoft specifically advises that it not be placed on a DC.

reason for not running Exchange on a DC can be found in this Microsoft Exchange Server 2003 High Availability Guide.


Here are some details:

Running Exchange 2003 on a Domain Controller
As a best practice, you should not run Exchange 2003 on servers that also function as Windows domain controllers. Instead, you should configure Exchange servers and Windows domain controllers separately.

However, if your organization requires that you run Exchange 2003 on a domain controller, consider the following limitations:

• If you run Exchange 2003 on a domain controller, it uses only that domain controller. As a result, if the domain controller fails, Exchange cannot fail over to another domain controller.
• If your Exchange servers also perform domain controller tasks in addition to serving Exchange client computers, those servers may experience performance degradation during heavy user loads.
• If you run Exchange 2003 on a domain controller, your Active Directory and Exchange administrators may experience an overlap of security and disaster recovery responsibilities.
• Exchange 2003 servers that are also domain controllers cannot be part of a Windows cluster. Specifically, Exchange 2003 does not support clustered Exchange 2003 servers that coexist with Active Directory servers. For example, because Exchange administrators who can log on to the local server have physical console access to the domain controller, they can potentially elevate their permissions in Active Directory.
• If your server is the only domain controller in your messaging system, it must also be a global catalog server.
• If you run Exchange 2003 on a domain controller, avoid using the /3GB switch. If you use this switch, the Exchange cache may monopolize system memory. Additionally, because the number of user connections should be low, the /3GB switch should not be required.
• Because all services run under LocalSystem, there is a greater risk of exposure if there is a security bug. For example, if Exchange 2003 is running on a domain controller, an Active Directory bug that allows an attacker to access Active Directory would also allow access to Exchange.
• A domain controller that is running Exchange 2003 takes a considerable amount of time to restart or shut down. (approximately 10 minutes or longer). This is because services related to Active Directory (for example, Lsass.exe) shut down before Exchange services, thereby causing Exchange services to fail repeatedly while searching for Active Directory services. One solution to this problem is to change the time-out for a failed service. A second solution is to manually stop the Exchange services before you shut down the server.
As far as "the solution" goes, I think it is pretty straight forward.  Either run Exchange on a member server, or heed the configuration recommendations given above if you must deploy on a DC.

kLea2 -  FYI - the comment above the admin comment was accepted as the answer.  Obviously it isn't the answer.

lol, correct it wasn't.  I still think andrey_go deserved the points, but hey. :)
If it keeps someone happy, I have no problem relinquishing the points given to me to go to andrey_go...I'm just glad the original poster got his solution :)
Besides, Andrey_go looks to be making a run @ the 10k points in a month to get that initial "expert membership"...I already have my meager 3000 points to keep mine for the month...and I all I did for all practical purposes restate what he said in a more wordy fashion (possibly in a way that made it sink in, possibly not)....then again, KLea2 gave solid info as well....whatever the original poster and topic adim decide is fine with me...I won't be greedy on this one ;)
admin, even
500 points for this question? My god!!!

When you set up Exchange it WILL recognise your DC and talk to the AD automatically. You will probably create a new mmc as your exchange console anyway and you can add AD users and computers in that console here in other words you can manage your active directory with your Exchange console.

Microsoft do NOT advice to install Exchange on a DC. The two critical factors are performance and security.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now