We help IT Professionals succeed at work.

Domain controller vs member server questions

a182612
a182612 asked
on
Medium Priority
1,417 Views
Last Modified: 2007-11-27
I have two servers both a member of the same domain.  One is a domain controller running active directory.  I brought the new one in as a member server in the same domain.  Since the member server is in the same domain will the active directory on the domain controller control the access to the member server?  Can I promote the member server to a domain controller and if I do is there any impact on the member server or the files?
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2005

Commented:
1)  Yes, the domain controller hosting AD can be used to control access to the member server.
2)  Promoting it to DC should have no impact at all - except that local logons are more tightly controlled.  Note that if you run Exchange on this server you CANNOT promote it.  Changing the role of an Exchange server will break Exchange.

Other than that, you should be good.

Hi a182612,
to answer the first question: yes, Active Directory controls (by means of Kerberos authentication) access to all objects in the domain, including folders and files on each member server (this means, that you can create discretionary access control lists on those objects, using active directory elements, such as users and groups).
Second one: if you promote the server to domain controller, there will be no significant alterations on the files. The only possible drawback I can think of right now, is that if you use local users to give permissions on the files, you will face problems: on domain controllers, in fact, you cannot manage local users, only domain users.
As for the impact on the server, it depends on the size of your domain (number of users). Remeber, however, that it is strongly recommended to have more than a domain controller in each domain.

Cheers!

Author

Commented:

Can the member server still control it's own local accounts if I don't promote it to a domain controller?
Yes, sure.
Anyway it is recommended to use domain accounts, whenever possible, because they are easier to maintain.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.