Can Hub & Cas servers act as domain controllers?

We have two Exchange 2007 (SP2) servers running in CCR mode with two Hub & Cas servers in NLB. We would like to know if we can free up a couple of our servers by using the Hub & Cas servers as domain controllers as well? The Exchange and Hub & Cas servers are running on Windows 2003 machines.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Glen KnightCommented:
They can but if you already have exchange roles on the server they will need to be removed before you promote the servers to domain controllers.

Running DCPROMO on a server with Exchange roles installed (either to promote or demote the server) will result in breaking Exchange.
Khurram Ullah KhanCommented:
I will not recommend it becuase;
1. You need to open ports for accessing CAS for OWA clients from internet. Domain controller with CAS role will be a big security risk in this case.
2. You need to also install IIS on it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Glen KnightCommented:
There is no more risk than every Small Business Server 2008 installation.

You have to install IIS on EVERY Exchange installation, it's a requirement.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Khurram Ullah KhanCommented:
demazter, i think you miss the catch here, Author wants to install Active directory services on HUB and CAS role. how come its not more risky than the normal SBS 2008 installation?
Glen KnightCommented:
Because an SBS install has the HUB & CAS role on it does it not?
Khurram Ullah KhanCommented:
yes correct but not the Active directory services
Glen KnightCommented:
Small Business Server has Active Directory Installed on it.

It cannot function without it, it MUST be a Domain Controller and it MUST have all the 5 FSMO roles, that is how SBS works
Khurram Ullah KhanCommented:
Right, my mistake it has also AD roles on it.
cpcitAuthor Commented:
It is not recommended because it may result in kerberos issues and will affect AD stability.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.