• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

End User Resources on a Domain Controller

Greetings all,

Many years ago I was building my first AD domain.  A document I had found stated that end user resources such as share data and applications should not be installed on domain controllers.  Domain controllers provide redundancy only if they can be rebooted with no significant affect on production.

I need to back up this theory so anyone have a bookmark to the best practices document that states this or some other documentation to back up this theory?
1 Solution
Jaroslav MrazCTOCommented:
So other then MS best practices, there is no guide that tells you what you should do. For us in technical support, we leardn from being on the bleeding edge. Right to the point. THe OS partition of the Domain Controller should not contain any applications or shares. You may install the DC roles that are necessary like file sharing etc... THe data partition is fair game. You could put shares there. However, you have to put the right hardware to handle the job, for example a raid controller with fast drives, etc...To contracdict, that you have the whole SBS line of Operating systems. If you look at the specs on those machines and what they run, they violate many a best practice indeed. All I can tell you is that the server has to be built with the right hardware to accomplish the givven task. It is best to have a pristine DC, I will be honest, I dont see that but in about of 20% of senarios,

I hope this helps with an oppinion, try to design your DC to be recoverable and keep your data on a seperate array, you will be fine as long as you have a backup


Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now