Ask the Expert

Does an Active Directory need to have only AD domain controllers?

We are going to rebuild our Windows 2003 Active Directory Servers. Our AD servers are currently being used as SMS and antivirus servers also. I have talked to others and have been advised that the AD should have AD controllers only. I cannot find anything on the Microsoft Web site to support this comment. Your input is appreciated. Thanks in advance.

    Requires Free Membership to View

While it's not a hard-and-fast rule, most AD administrators will tell you that a domain controller should not run other applications. Since your domain controllers are the "keys" to your network "kingdom", you should do your best to isolate them from attack. By adding additional applications to run on a DC, you are increasing the number of ways that a malicious user can attack that DC. Depending on the size of your network, having dedicated domain controllers may also improve performance in terms of user authentication, logon times, etc.

This was first published in March 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: