16

I know that it has been officially unsupported forever and yet I have seen or heard about many small business installations of a single host running AD DS and Exchange simultaneously. For a resource-strapped small business the savings are compelling.

So assuming that we know somehow that usage requirements will never grow beyond 25 users, say 10 simultaneously,

  1. How "bad" is it really these days to run both Exchange and AD DS on the same machine (sans virtualization of any kind)?
  2. What specifically is bad about it? (Name the top 1 or 2 reasons that come to mind besides "Microsoft says so")
  3. What can be done to mitigate the "bad"ness, if anything?

You can assume that the business in question either:

  1. has a single physical on-site server with a reasonable commercial ISP or
  2. has a pool of virtual resources that is already tapped out and they do not want to spend more.

The situation I have in mind is the second, with just one VM that could possibly be a candidate for adding Exchange because it is the only Windows VM and has enough excess memory to make it happen.

In any case, the reasoning may not be all that, well, reasonable, but let's say those are the constraints you have to work with.

ewwhite
  • 194,921
  • 91
  • 434
  • 799
tacos_tacos_tacos
  • 3,220
  • 16
  • 58
  • 97
  • 1
    Number of users isn't the only factor, there's also the volume of email, speed of network, and other factors to consider. – barbecue Oct 04 '15 at 16:34
  • @barbecue let's assume we're talking about "reasonable" rates of usage, say, 20 MB per user per day in each direction or a total of 1000 MB / 24 hours =(1000*1024*1024)/(3600*24) or < 14 kbps on average – tacos_tacos_tacos Oct 04 '15 at 16:38
  • 2
    https://technet.microsoft.com/en-us/library/ms.exch.setupreadiness.warninginstallexchangerolesondomaincontroller(v=exchg.160).aspx – Ryan Ries Oct 04 '15 at 16:48
  • 2
    "You must make sure that the domain controller Exchange 2016 is installed on is a global catalog server." and "Exchange services may not start correctly when the domain controller is also a global catalog server." So the setup may just not work at all. – Michael Hampton Oct 04 '15 at 17:03
  • *It seems that you already know that this is against best practice - what do you want from us?_* – user9517 Oct 04 '15 at 17:18
  • 1
    @Iain I think I made that pretty clear... I want to know *why* it is not best practice and *what* can be done to mitigate the negative effects. – tacos_tacos_tacos Oct 04 '15 at 17:35
  • 1
    @tacos_tacos_tacos The [reasoning behind why](https://technet.microsoft.com/en-us/library/ms.exch.setupreadiness.warninginstallexchangerolesondomaincontroller(v=exchg.160).aspx) it's not a best practice was posted earlier. Nothing can be done to mitigate the ill effects. You're fighting the wrong battle. This should be about getting the resources to do this the right way rather than getting someone to cosign on a plan to do the wrong thing. – ewwhite Oct 04 '15 at 17:42
  • Nobody posting here has a perfect environment. Everyone has to make compromises. The question being asked is *how* bad it is, not whether or not it's bad. – barbecue Oct 04 '15 at 19:47
  • 4
    Well, for one thing, Exchange wants to talk to Active Directory before shutting down the Exchange Active Directory Topology Service. If they're on the same box (as they are in the discontinued SBS line), Exchange can sit there for 30 minutes spinning away going "Bueller... Bueller..." waiting for a domain controller to answer it. So you'll want a second DC. Also, it's not supported to demote a DC with Exchange on it. – Katherine Villyard Oct 04 '15 at 23:15
  • @KatherineVillyard +1 I wish you would answer with that information or a bit more, that's kind of what I was looking for more of... the specific implementation details that break Exchange or break AD DS when on the same machine. – tacos_tacos_tacos Oct 04 '15 at 23:17
  • @tacos_tacos_tacos Happy to oblige! – Katherine Villyard Oct 04 '15 at 23:21
  • 2
    tbh this seems like a troll question. There's no reason not to virtualise, if they don't have the resources for a second VM then they don't have the resources to add exchange. Its an arbitrary hypothetical constraint which makes it off topic. – JamesRyan Oct 05 '15 at 10:47
  • 2
    @JamesRyan not a troll question, and that's not true. The OS takes up memory, you know that. Exchange + OS memory requirements are strictly greater than Exchange memory requirements. – tacos_tacos_tacos Oct 06 '15 at 01:32
  • 1
    In modern virtualisation common objects in memory are deduplicated and Exchange requires vastly more memory than the OS in the first place. – JamesRyan Oct 06 '15 at 09:00

4 Answers4

12

Assuming a virtualized environment, just install Exchange onto its own VM. When you phrase a question with "how bad is it", you know that what you're doing is against best practices... So the best approach is to avoid it in the first place.

Can you provide some information about why you wouldn't be willing to separate the duties? E.g. what is preventing you from doing the right thing? Budget? Cost? Resources?

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • Poster specifically mentioned no virtualization. – barbecue Oct 04 '15 at 16:38
  • But with Microsoft server solutions, isn't the barrier to entry for virtualization super-low? Like Linux and KVM/LXC, there's no reason the OP couldn't virtualize the workload. – ewwhite Oct 04 '15 at 16:40
  • Agreed, technically there might not be a reason, but there can be non-technical (political) reasons. – barbecue Oct 04 '15 at 16:41
  • @ewwhite updated question to give a bit of color... let's say virtualization is not an option because they don't have the resources or they are alreayd virtualized and cannot support virtualization on top (i forget the name of the setting in vmware) – tacos_tacos_tacos Oct 04 '15 at 16:44
  • It sounds like the political and resource battle is the real issue here. I'd definitely say this is a case of doing it right. If things are already virtualized, I'm sure it's possible to find more resources within the existing setup. A DC doesn't require much. – ewwhite Oct 04 '15 at 16:51
  • 4
    If you're already virtualized, and cannot have more than one guest for some reason, then Server Essentials would probably be a good option. But if you don't have the resources to manage a simple hypervisor with two guests, you may not have the resources to manage Exchange and AD on the same machine either. Separate VMs would actually be easier to support in my opinion. – barbecue Oct 04 '15 at 16:54
10

For a small organization it MIGHT be ok. One of the main reasons to run Exchange on its own server is that Exchange is deliberately designed to try to as much RAM as possible to improve performance. Obviously that will impact other services running on the same machine.

Also, Exchange is highly dependent on Active Directory, and having both on the same machine could lead to AD being starved for resources by Exchange right at the time it's most needed. There are also problems with service start order, and various other gotchas. It is possible to work around these kinds of issues, but doing so will require more effort than you'd have to expend on two separate servers.

That said, it's all about the actual workload, and if email volume is low, users aren't doing extraordinary things (torrenting all day, bulk mailing, etc) you'd probably be fine.

Such a configuration is actually supported by Microsoft in their Small Business/Server Essentials products, which allow DC, Exchange, and SQL Server all to run on a single machine.

Server Essentials is a very limiting option, and really not scalable. If you're absolutely sure you'll never exceed 25 users, it might be an option.

If you must go with such a configuration, doing so with a product that is actually supported for this use case will help when you have problems, as you'll be able to get vendor support.

barbecue
  • 342
  • 1
  • 15
  • 3
    +1 for mentioning that Server Essentials (formerly known as "Small Business Server") is designed for exactly this size business to run AD and Exchange (and also some other stuff too). – Moshe Katz Oct 04 '15 at 21:44
6

Well, for one thing, Exchange wants to talk to Active Directory before shutting down the Exchange Active Directory Topology Service. If they're on the same box (as they are in the discontinued SBS line), Exchange can sit there for 30 minutes spinning away going "Bueller... Bueller..." waiting for a domain controller to answer it. So you'll want a second DC. Honestly, even with a second DC, I have a shutdown script on the SBS server that shuts down the Exchange services before anything else.

Also, it's not supported to demote a DC with Exchange on it. Something to keep in mind.

I'm not really concerned about the load. As barbecue points out in his/her answer, the SBS line was targeted at installations about your size (less than 75 users for classic SBS). I'm pretty sure the box could handle the load, if it was a reasonable server.

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
-2

If you're certain your server is beefy enough, go ahead and it, but set the maximum RAM on exchange (and SQL if you put this here), see http://www.bursky.net/index.php/2012/05/limit-exchange-2010-memory-use/

You are basically recreating server essentials / small business server; however I could see someone ending up in a scenario where scaling up looks more attractive than out and so the 25 isn't really a hard limit.

joshudson
  • 403
  • 4
  • 10