0

I have read some answers in forums that an Active directory and exchange in one server is not an advisable setup. Is it true? Can you explain to me why? By the way its just for our project in school, and we are using windows server 2003. thanks

Bon
  • 103
  • 2
  • Generally it won't handle a large load. If you're just doing a small school project then it at least _used_ to work - I can only really attest to Exchange 2000 for certain though, that was the last version I worked with professionally. You might look and see if they still make SBS (Small Business Server) which included both. – Mark Allen Feb 22 '13 at 08:27
  • but let's say an organization that has 110+ workstations, should we separate both of them? – Bon Feb 22 '13 at 08:31
  • @Bon yes you should separate both of them. Both products were designed to run on their own machines, and Exchange is/was RAM intensive and very disk intensive. As an aside, Active Directory actually started out as Exchange's directory before it was made into what it is now. (See: Exchange 5.5 and earlier.) – Mark Allen Feb 22 '13 at 18:56

1 Answers1

0

Sure it is. Generally, running several services in one box is not good idea, because: 1. In case of crash (hardware failure, BSoD, etc.) ALL your services are down. 2. When one service is compromised, you cannot trust the others. 3. It is good to have two domain controllers to have a failover. Also there are other reasons.

However, if it's a school project, and downtime is not very big problem, you might set up single server. But don't forget to make backups.

gevial
  • 1,264
  • 8
  • 13
  • let's the scenario is for large company,can you cite other reasons why it is not advisable to run several services in one box? thanks – Bon Feb 22 '13 at 08:34
  • Generall speaking, exchange tends to be quite heavy on RAM and disk for medium-large applications. Exchange will take almost all the RAM on the system, which is why it tends to be installed on it's own server to avoid resource issues. – tombull89 Feb 22 '13 at 08:39
  • I mention the most important reasons and they are sufficient to set up services separately. But okay. In addition: performance (as tombull says), access delegation for company admins, public access (exchange should be accessible from the internet, AD - never). – gevial Feb 22 '13 at 08:43
  • In what sense does it affect performance, access delegation for company admins and public access. Can you elaborate more? Sorry just a newbie here – Bon Feb 22 '13 at 08:56
  • It should be clear that if several applications want to write to disc simultaneously, the have to share the resources. It means that every app would write to disc twice slower than it could. In addition, Exchange may provide service for external users or for remote workers, thus being accessible from the outer world (internet). It raises the chance to be under attack. AD is vital for the whole infrastructure and it provides no service for outer world. That is why it must be accessible only from LAN. Having both services in single box, it is impossible to reliably protect AD. – gevial Feb 22 '13 at 09:04