- domain controller advise
- Posted by fred on March 3rd, 2004
Hi there,
I would like to implement either win2k AD or win2k3 AD. I
will therefore have 1 DC and 3 member servers. The 3
member servers will be purely application servers
supporting a citrix load balanced farm. So I need to have,
as part of this design, a certifcate server and possibly a
web server.
Is this a good design? Is running a web server on a domain
controller bad practise? I assume so but also assume it to
not be impossible to manage.
Any advise would be very much appreciated.
Regards,
Fred.
- Posted by Simon Geary on March 3rd, 2004
You should always have at least two DC's for redundancy in any AD design.
The certificate server for TS will have to be installed on the DC but it is
bad practice to install a web server on a DC due to the open ports that are
required. As you point out, the risks can be managed with effective security
measures like a firewall but leave the web server on one of the member
servers if you can.
"fred" <fred@discussions.microsoft.com> wrote in message
news:626f01c400e7$02228a80$a101280a@phx.gbl...
- Posted by cdavis@shell.monmouth.com on March 3rd, 2004
First use Win2003 AD. It has more fexibility in it. Second
your web servr should be on one of your member servers.
For security and performance purposes, it is wise to have
them on server other then the DC
