Q

Does an Active Directory need to have only AD domain controllers?

Expert Laura E. Hunter explains to a reader why it is preferred to have an Active Directory with AD domain controllers.

We are going to rebuild our Windows 2003 Active Directory Servers. Our AD servers are currently being used as SMS and antivirus servers also. I have talked to others and have been advised that the AD should have AD controllers only. I cannot find anything on the Microsoft Web site to support this comment. Your input is appreciated. Thanks in advance.

While it's not a hard-and-fast rule, most AD administrators will tell you that a domain controller should not run other applications. Since your domain controllers are the "keys" to your network "kingdom", you should do your best to isolate them from attack. By adding additional applications to run on a DC, you are increasing the number of ways that a malicious user can attack that DC. Depending on the size of your network, having dedicated...

domain controllers may also improve performance in terms of user authentication, logon times, etc.

This was first published in March 2006
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close