Domain controller vs member server questions

Posted on 2006-03-21
Last Modified: 2007-11-27
I have two servers both a member of the same domain.  One is a domain controller running active directory.  I brought the new one in as a member server in the same domain.  Since the member server is in the same domain will the active directory on the domain controller control the access to the member server?  Can I promote the member server to a domain controller and if I do is there any impact on the member server or the files?
Question by:a182612
    LVL 51

    Expert Comment

    1)  Yes, the domain controller hosting AD can be used to control access to the member server.
    2)  Promoting it to DC should have no impact at all - except that local logons are more tightly controlled.  Note that if you run Exchange on this server you CANNOT promote it.  Changing the role of an Exchange server will break Exchange.

    Other than that, you should be good.

    LVL 11

    Expert Comment

    Hi a182612,
    to answer the first question: yes, Active Directory controls (by means of Kerberos authentication) access to all objects in the domain, including folders and files on each member server (this means, that you can create discretionary access control lists on those objects, using active directory elements, such as users and groups).
    Second one: if you promote the server to domain controller, there will be no significant alterations on the files. The only possible drawback I can think of right now, is that if you use local users to give permissions on the files, you will face problems: on domain controllers, in fact, you cannot manage local users, only domain users.
    As for the impact on the server, it depends on the size of your domain (number of users). Remeber, however, that it is strongly recommended to have more than a domain controller in each domain.


    Author Comment


    Can the member server still control it's own local accounts if I don't promote it to a domain controller?
    LVL 11

    Accepted Solution

    Yes, sure.
    Anyway it is recommended to use domain accounts, whenever possible, because they are easier to maintain.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now