Announcement

Collapse
No announcement yet.

Exchange On AD Server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange On AD Server

    were planning on setup up exchnage on a server thats the file server and AD server and hardware wise the server will handle it...but i was wondering...security wise? were planning on setting up with exchnage 2003 and OWA? any suggestion??

  • #2
    Re: Exchange On AD Server

    I wouldn't do it.
    Best practise is to install Exchange on a separate server that is NOT a domain controller.

    As to whether the server can handle it, that is a debatable point. You haven't said how many users you have, or how the server is configured. Having lots of RAM or high processor is not enough. Exchange is storage heavy as it is a high transactional database. If you have a single RAID array for example, then the server almost certainly cannot handle many users as it will be thrashing itself. Exchange servers are configured in a different way to file servers as they have unique needs to scale correctly and give you decent performance.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange On AD Server

      I would follow up Simon's excellent post with a question for you, though. How many users do you expect to support? If it less than 50 to 100, maybe you should consider Small Business Server. Even above the 100 user mark, it is often difficult to justify buying so many servers. But, putting Exchange on a domain controller is not a "best practice" in larger organizations.

      Jim McBee

      Comment


      • #4
        Re: Exchange On AD Server

        SBS 2003 supports up to 75 users -- no more
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Exchange On AD Server

          were running or they are lol 2 physical intel xeons 2.66 and 8gb of ram.....in hardware raid 1....and its only ganna be 5-10 users and really thanks for your opinions...but how about secuirty wise?? getting hacked and stuff??

          and heres my question i have only done exchange for my self twice...but those times it has been on servers that are domain controllers..if i run it on a seperate server...the other server knows that is has exchnage?? and how?? is the set up any diffrent?? from when i do the set up on the domain controller?...
          i know its a dumb question but like when i go to users and computers on my controller?? is the exchange task? just ganna magicly? apeear?

          Comment


          • #6
            Re: Exchange On AD Server

            When you do an Exchange setup you run "ForestPrep" and "DomainPrep" steps.
            This tells AD that there is Exchange available and adds all the Exchange attributes to AD objects

            When you install an Exchange server it effectively tells AD "HERE I AM" and then, as they say, the rest is history....

            The Exchange Server gets the special version of Active Directory Users and Computers with the Exchange tabs. You can run the exchange setup on any computer (XP or Server) and select "Admin Tools Only" to install that and system manager
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Exchange On AD Server

              and secuirty?? wise? if ur also ganna use owa but only 3 users are allowed to use it?? are u like asking to get hacked lol? thats my question??if u run AD and exchnage on same machine and OWA to? big secuirty issue?

              Comment


              • #8
                Re: Exchange On AD Server

                IIS 6 has never been compromised. It has always been an application on the server that was the way in. If you take the required precautions then you limit the risk. There is always a risk that someone will attack the server. However most attacks are after your bandwidth and are on SMTP to send spam. However if you have something of high value, or something a certain group would consider of high value (you are a software developer for example) then you may be of higher risk.

                There is little to be gained security wise.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Exchange On AD Server

                  ok...i understand you guys a lil more...now...so in other words ya recommend exchange on diffrent server more becuase of resources that exchange uses then on the security side...wich is still a concern...but not as much as the performance side correct??

                  Comment


                  • #10
                    Re: Exchange On AD Server

                    I would never do it this way myself. This server was installed before my time. We have 45 users, at one time 65. Our Exchange 2003 is installed on a DC with all FSMO roles.

                    Performance is fine.

                    Security is fine.

                    My concern is always on disaster recovery. Having Exchange on a DC makes the recovery process more difficult.

                    Keep in mind once you install Exchange on a DC, you can never demote that DC unless you remove Exchange first.

                    Comment

                    Working...
                    X