End User Resources on a Domain Controller

Posted on 2011-10-04
Last Modified: 2012-05-12
Greetings all,

Many years ago I was building my first AD domain.  A document I had found stated that end user resources such as share data and applications should not be installed on domain controllers.  Domain controllers provide redundancy only if they can be rebooted with no significant affect on production.

I need to back up this theory so anyone have a bookmark to the best practices document that states this or some other documentation to back up this theory?
Question by:yccdadmins
    LVL 15

    Accepted Solution

    LVL 11

    Expert Comment

    So other then MS best practices, there is no guide that tells you what you should do. For us in technical support, we leardn from being on the bleeding edge. Right to the point. THe OS partition of the Domain Controller should not contain any applications or shares. You may install the DC roles that are necessary like file sharing etc... THe data partition is fair game. You could put shares there. However, you have to put the right hardware to handle the job, for example a raid controller with fast drives, etc...To contracdict, that you have the whole SBS line of Operating systems. If you look at the specs on those machines and what they run, they violate many a best practice indeed. All I can tell you is that the server has to be built with the right hardware to accomplish the givven task. It is best to have a pristine DC, I will be honest, I dont see that but in about of 20% of senarios,

    I hope this helps with an oppinion, try to design your DC to be recoverable and keep your data on a seperate array, you will be fine as long as you have a backup


    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now