Better to share File Services role with Active Directory DC role OR with the RDS Terminal Server role?

Question

We are a small business setting up a new server... budget is limited of course.

I have ~500GB of data to share that needs to be stored locally on the single server we have.

Host Server: Dell Poweredge T610, 24GB RAM, Xeon CPU, RAID6 4TB etc...

Windows Server 2012 R2 STANDARD licence, HYPER-V Core role installed on Host.' -VM1: Active Directory DC/DNS/DHCP -VM2: RDS Terminal Server

My question is, which VM should I store the file services role & file server data VHDX on? I would create a second VHDX for the files but which should I attach it to & run the role?

My first thought was the RDS server because you shouldn't do file servers on a DC as it disables write cache etc... but my concern is since some of our awful legacy apps may require local admin access on the RDS server this makes file permissions useless, therefore it would be better to host it from the DC VM so we can enforce permissions (we can't afford another server 2012 licence to put file services on a separate VM)... but does Active Directory disable write caching on ALL disks/attached VHDX or only on the one which the directory database resides?

Thanks!

Answer 1

A third VM would, obviously, be the most desirable but, obviously, another Windows Server license costs money.

Active Directory will only disable write caching on volumes where the database files are located. Adding a dedicated volume for file service would be fine in that respect.

Of all the roles to "share" on a DC a file server is probably the least worrisome from a security perspective since AD already uses File and Print Sharing for the SYSVOL. You're not really adding any attack surface so long as you're not inappropriately sharing AD-related files.