Domain controller vs member server questions

I have two servers both a member of the same domain.  One is a domain controller running active directory.  I brought the new one in as a member server in the same domain.  Since the member server is in the same domain will the active directory on the domain controller control the access to the member server?  Can I promote the member server to a domain controller and if I do is there any impact on the member server or the files?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1)  Yes, the domain controller hosting AD can be used to control access to the member server.
2)  Promoting it to DC should have no impact at all - except that local logons are more tightly controlled.  Note that if you run Exchange on this server you CANNOT promote it.  Changing the role of an Exchange server will break Exchange.

Other than that, you should be good.

Hi a182612,
to answer the first question: yes, Active Directory controls (by means of Kerberos authentication) access to all objects in the domain, including folders and files on each member server (this means, that you can create discretionary access control lists on those objects, using active directory elements, such as users and groups).
Second one: if you promote the server to domain controller, there will be no significant alterations on the files. The only possible drawback I can think of right now, is that if you use local users to give permissions on the files, you will face problems: on domain controllers, in fact, you cannot manage local users, only domain users.
As for the impact on the server, it depends on the size of your domain (number of users). Remeber, however, that it is strongly recommended to have more than a domain controller in each domain.

a182612Author Commented:

Can the member server still control it's own local accounts if I don't promote it to a domain controller?
Yes, sure.
Anyway it is recommended to use domain accounts, whenever possible, because they are easier to maintain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.