Trying to understand a Domain Controller

[morland]

Exactly what do we mean when we hear/use the term "Domain Controller"? What sort of services run on the server that is designated as the Domain Controller? Is this the server on which DHCP and DNS and maybe some other services also run? What are the mininum specs for a Domain Controller server for say 30 - 50 users and would the standard version of Windows 2003 be sufficient for this?

Can we have more than 1 servers in an organization but only 1 of those designated as the domain controller? And last question: Can we have MS-Exchange running on the domain controller?

I know I have asked many questions in 1 post but will be grateful for a reply.

Thanks.

[MrJinje]

1) What is a domain controller or D.C.

Short answer - It is a server that maintains and provides a security database for the organization. If I were to really dumb it down, I would say it is like the Master Control Program from Tron. In a corporate environment every aspect of a domain computer can be controlled via the settings at Domain Controller.

2) What Services - Don't have a definite list, let me poke around MSDN. Off top of my head, with a standalone machine, DHCP, DNS, and a few specific to Active Directory and the various Domain Roles. Also security services like kerberos and probably a few others things I am forgetting.

3) DHCP DNS - Usually/Maybe in smaller/midsize environments, but most larger companies I've work with prefer non-windows alternatives for these important things.

4) 30-50 users on 2K3 standard, likely can be done with an older laptop. Newer QUAD Xeon's with plenty of RAM can scale to thousands of users, assuming only the DC/ Active Directory roles. Not saying you should buy an old laptop, just saying that you can do more with your DC in a smaller environment (Exchange Server is good example).

5) More than 1 DC. Actually having multiple DC's is preferred as they replicate between each other to maintain copies of the aforementioned security database. No single point of failure.

6) Exchange does work from a DC. As does SQL Server, Sharepoint, and about 95% of all applications. Have a look at Small Business Server

Edited December 1, 2009 by MrJinje

[cluberti]

Works and works well are two different things though - especially if we're talking about x86. Running Exchange on an x86 server properly requires you to use the /3GB switch in boot.ini, which means 1GB for kernel-mode VA. Most of what a DC does won't work well with 1GB VA when you scale more than 5 - 10 users, and you'll be slowing down your DC (and causing disk swap hits to boot, never good on an Exchange server). Small Business Server has special code for these products to work "better" in these environments, so unless you're running Exchange/DC/kitchen sink on an SBS server specifically, the best answer is to not do it because the regular versions of these other Microsoft server products aren't designed to minimize the impact that they put on the x86 Windows kernel VA - they're designed to have the resources to themselves.

If we're talking about 75 users or less, using SBS is actually a good idea (saves money) if the server underneath is beefy enough to handle the load and you don't mind having a single point of failure for your services in your domain. However, if we're talking about anything above that (or if you need more than one DC in the environment for redundancy/fault tolerance), it's always best to keep things like Exchange and SQL on their own servers. You can put things like DHCP and DNS on the DCs in the environment, but I'd always shy away from Exchange, SQL, or any other server product (even running a print server on a DC can cause issues I've seen many times).

[morland]

Thanks MrJinje and cluberti,

Appreciate your replies and recommendations. I think I'll just do with a simple machine for the Domain Controller and a separate server for MS-Exhange.

Thanks again.