MS SQL, File, Print, Exchange, Domain Controller on a single server


In my environment, I'v one active directory domain controller which is windows 2003 enterprise server.

On this server, which is 3 GHz Xeon processor and 512 Mb of RAM. Currently this is server is used as file server (With over 30 users using everyday), printer server, Database server (MS SQL 2000 with approximately 10 to 15 users accessing the database parallelly).

This server has been running for nearly two years time, and the performance of this server ok until now. In the next couple of days, I'm planning to install MS Exchange 2003 server on this server.

So I wonder will there be any problem or not if I install the mail on this single server? How about the performance? what is your ideas?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi mrpc_cambodia,

I generally recommend that a domain controller remain a dedicated server for AD services alone.  If this not an option (usually due to budget constraints) then there are a few thing to consider.
First being performance - If you run Exchange, DC, Printer server, DB server etc all from one server then you are going to find that it will work a lot harder than a more 'best practice' setup.  for example, the network performance will be significantly lower, cpu usage will be higher so more cooling is required therefore requiring more power.  Hard disk activity will be increased leading to slower load time, paging and eventually premature failure of the drive itself.

As for compatibility and reliability:
If you're running your most important services from one server and you have a hardware failure, your site will be down without possibility to have a partial service available until you resume full functionality.
As for actually running Exchange with other services, it should be work ok providing you have no other services using standard mail and web server ports. (If you do you may need to re-configure these services before installing exchange).

Bottom-line - If you can have a separate server for DC, exchange and possibly a mail gateway (this will provide an added layer of anti-virus and SPAM protection) and finally a separate server for other services eg DNS, DHCP, DB server etc.
If it's not possible, then definitely upgrade your ram at at least 1GB even 2GB will be better.  Maybe consider a 2nd NIC (if not already) and setup a fault tolerant network connection/adaptive load balancing to reduce a point of failure or to better server large network connection flow.

Hope it helps!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mrpc_cambodiaAuthor Commented:
Thanks for your comment. But  I still have another doubt and hopefully you will help me clear it out.

Let's say I buy another server for the Exchange mail server. So I will have two servers. one for active directory and other one for mail server.

what if I want to use SSL to secure users accessing their email from a remote place, do I need to buy two SSL certificates from a CA for both of my servers? or I need to buy a certificate for my Exchange server only? because I want to my users to access their email using OWA, OMA, RPC Over HTTP.

Please help me clear this confusion out?


You should only need one purchase one certificate,  this will allow SSL connections from the internet to your front end server (in your case the exchange server).  Just remember if you allow the public to connect directly to your mail (exchange) server without going through a gateway system (eg ISA 2004) you are reducing the security of your exchanger server.  If you are careful with your anti-virus etc you should be able to minimise the impact this might have.  

Araski - can you justify the remark about: "...if you allow the public to connect directly to your mail (exchange) server without going through a gateway system (eg ISA 2004) you are reducing the security of your exchanger server. "

How does having an Exchange server directly exposed to the internet reduce the security of the Exchange server?
With proper precautions there is no reduction in the security of an Exchange server by having it directly exposed to the Internet. You will find that most Exchange installations are configured in that way.

Putting something in front of the Exchange server is always a good idea, and will only increase the security of the Exchange deployment. However done incorrectly a gateway server like ISA can actually decrease the overall network security.

Hi Guys,

My contention is that you can never be too careful.  Yes, it is true that a lot of setups have the exchange server connecting directly to the internet but having a properly configured gateway server (im my opinion anyway) simply adds another level of protection.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.