Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Domain controller vs member server questions

Posted on 2006-03-21
Medium Priority
Last Modified: 2007-11-27
I have two servers both a member of the same domain.  One is a domain controller running active directory.  I brought the new one in as a member server in the same domain.  Since the member server is in the same domain will the active directory on the domain controller control the access to the member server?  Can I promote the member server to a domain controller and if I do is there any impact on the member server or the files?
Question by:a182612
  • 2
LVL 51

Expert Comment

ID: 16247733
1)  Yes, the domain controller hosting AD can be used to control access to the member server.
2)  Promoting it to DC should have no impact at all - except that local logons are more tightly controlled.  Note that if you run Exchange on this server you CANNOT promote it.  Changing the role of an Exchange server will break Exchange.

Other than that, you should be good.

LVL 11

Expert Comment

ID: 16247765
Hi a182612,
to answer the first question: yes, Active Directory controls (by means of Kerberos authentication) access to all objects in the domain, including folders and files on each member server (this means, that you can create discretionary access control lists on those objects, using active directory elements, such as users and groups).
Second one: if you promote the server to domain controller, there will be no significant alterations on the files. The only possible drawback I can think of right now, is that if you use local users to give permissions on the files, you will face problems: on domain controllers, in fact, you cannot manage local users, only domain users.
As for the impact on the server, it depends on the size of your domain (number of users). Remeber, however, that it is strongly recommended to have more than a domain controller in each domain.


Author Comment

ID: 16248295

Can the member server still control it's own local accounts if I don't promote it to a domain controller?
LVL 11

Accepted Solution

elbereth21 earned 2000 total points
ID: 16248311
Yes, sure.
Anyway it is recommended to use domain accounts, whenever possible, because they are easier to maintain.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question