Setup question

Setup question

Post by John » Sun, 07 Mar 2004 07:18:33


I have an interesting set up question.

I have 3 server that i will use to host websites and various services in a
hosting centre. 2 servers will be W2003 Server running IIS, JRun and other
application servers. The other will be a SQL server. All 3 servers have 2
NICs. 1 connecting each server to a gigabit switch as a kinda mini LAN and
the other directy to the WAN hub which the location center provides. Admin
will be Remote Desktop Connection

I reckon i should set up an active directory domain to easy administration
etc. Is this a bad idea?

Also one of the servers needs to host DNS for all our domains (200 odd).
Can i do this and also have an active directory DNS?

I hope this makes sense, if not, please respond to the group and i'll

I'm open to all suggestions, but cant buy anymore hardware!!

Thanks in advance, and sorry for the xpost, not sure which group was the
most appropriate.

Setup question

Post by Deji Akomo » Sun, 07 Mar 2004 08:08:03

> I reckon i should set up an active directory domain to easy administration
It's not a bad idea.


You know you could run DNS on a very cheap clone desktop, right? Just making
sure that you know you don't need a "Server"-level, expensive hardware for
this purpose at all.


Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


Setup question

Post by Enkid » Sun, 07 Mar 2004 09:24:02

On Fri, 5 Mar 2004 22:18:33 -0000, "John" < XXXX@XXXXX.COM >

I think it's not a good idea. AD gives you a single sign, and this
means that if one machine is compromised, then all machines may be
compromised too. If they are standalone machines then each one would
have to be compromised individually. Of course there are pros and cons
to this.
Yes. There is no such thing as "an active directory DNS" in the sense
that it is in some way special. It is merely a DNS service that Active
Directory *uses*. It could be on the moon providing it can support
your SRV records. It doesn't have to be a Microsoft DNS server. Some
people use Novell or Bind DNS servers.

So that was the long answer. The short answer is, yes, you can use the
same DNS server, provided it supports SRV records, which Windows 2000
DNS does.




Setup question

Post by John » Mon, 08 Mar 2004 04:10:52

> I think it's not a good idea. AD gives you a single sign, and this

But if i want the server to communicate (for backups etc) seamlessly I need
accounts on each that tie up anyway. What does MS say about web server on a

Setup question

Post by Ace Fekay » Mon, 08 Mar 2004 08:39:45

John < XXXX@XXXXX.COM > posted their thoughts, then I offered mine

For an external Internet webserver, not a good idea at all. It's a security
risk to expose a domain controller to the outside world. Better to have it
on a stand alone. As long as you know the credentials to communicate between
servers thru DCOM or XML, that's all you need.

For an internal corporate only intranet webserver, that would be fine, but
really not recommended depending on the web apps and features you have
installed. Besides, a computer promoted to a DC will slow everything down
due to the default disabling of the write cache. For internal use, rather
have it on a member server, not a DC.


Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory