inline
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
If the applications are Paintbrush and Notepad you are fine with running
them on the same server. If they are Exchange and SQL Server 2005 then they
should be on seperate servers. The two examples I have given are extremes,
but my point is there is no way any one can make a decision based on the
information you have provided. My examples try to point out the complexity
of the app can dictate what you want to intermix with one another. This
really has nothing to do with AD. So as you make your decision you want to
try and keep systems that could be loading exe's and dll's into the windows
and system32 folder and polluting things seperate as much as possible, since
naming could be similar and they could step on one another. You can also
get yourself in trouble if one machine goes down (Say you have to upgrade
it, or apply an application patch) multiple apps are taken down. Memory,
disk, network and cpu demands can also dictate where you want to place apps.
The best thing for you might be to review Virtual services. This way you
can run multiple apps on a single piece of hardware.
Placing DNS on a DC is the way to go you can integrate it with AD. There is
some discussion on placing dhcp on a DC and some security concerns. I read
through the article on this and it is extremely minor an das long as the DC
is internal the threat is very small. If I had to build a new system I
would probably place dhcp on a member server though, just because that is
the recommended path by Microsoft.
Having your apps on member servers is the correct architecture. Avoid
placing apps on DC's
