AD & File/Print on same server?

[John]

Hi,

There are recommendations on placing AD and file/print servers on different
hardware (or virtual server). For small sites (<30 users) it is not cost
effective to place two separate servers there. WAN links are slow, less than
128 kbps.

Are there some specific reasons why you definitely must not consider
combining these two servers into single one? I'm aware that if you give some
extra rights for printer admins on that one DC, they are effective on all
DCs. Can this or something else cause problems? File/print admins are
naturally not given full admin rights on server, and it is the same team
that manages file/print servers globally.

Please share your opinions,

Regards, John

 

[Simon Geary]

You are correct that it is never recommended to combine a DC with any other
server functionality but alas sometimes economic reality has to kick in. Any
extra services running on a DC or any other users with admin rights all
reduce the security of the entire Active Directory. A good solution for you
might be to run the physical server as file\print and run a virtual DC
inside it. This keeps the two functions separate while still only having one
server. I suggest you have a read of this white paper from Microsoft that
talks about using Virtual Server for DCs.

http://www.microsoft.com/downloads/...5d-f7a3-4209-8ed2-e261a117fc6b&displaylang=en

 

[Nik]

Why not install a virtual printserver on DC? to isolate the print services.
It is possible but not recommended to install DC in a virtual machine
according to that white paper. I think to senario with DC and print services
on the same box is possible without major problems, with a little bit of
preparation such as:
printer driver testing before implementation.
Not to use any NT4 drivers which operates i kernel mode and are the number
one print services killer.

/nik

 

[Andrei Ungureanu]

the file&printer function will use more resources from the machine then the
AD ...so that's why is not a good ideea to put it in a virtual machine.
But combining file&printer role with the DC looks ok for me. If you have
resources put a separate HDD for AD and make regular backups.

 

[Bruce Sanderson]

You might want to consider the Microsoft Small Business Server product. It
combines Windows Server with a set of tools and other MS software. I
haven't personally used it, but those that have mostly consider it a very
good fit for small network situations.
http://www.microsoft.com/windowsserver2003/sbs/default.mspx