Announcement

Collapse
No announcement yet.

SQL on Domain Controller

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SQL on Domain Controller

    Hi,


    due to some reason we are planning to install sql on domain controller though its not recommended..

    I wanted to know, will I face any problem while installing sql on one of the DC

    wht will be the issue/problem with security if we install SQL on DC.

    Thanks in advance

    Rgds

  • #2
    Re: SQL on Domain Controller

    SQL servers are more vulnerable to attacks thus it's not recommended its services live in a DC. One compromised SQL service then might be used to compromise other vital services running in the DC.
    If you have got no other option but to install it there, i'd recommend as a security precaution to run its services under different Win accounts
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: SQL on Domain Controller

      Personally, for me, domain controllers are domain controllers and NOTHING else; except where it is not cost effective to install a file server as well in which case they can serve data shares.

      I won't put printing, SQL, Exchange, Web services (ESPECIALLY NOT web services) or FTP on a domain controller; or almost anything else you can think of either. Domain controllers contain the very heart of your (Microsoft-centric) computing operations and should be completely separate from other services with only the absolute necessary stuff running on them.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: SQL on Domain Controller

        Can you explain why you need SQL ?

        SQL will also take a lot of ram, and if someone is running intensive queries on it it might slow down domain operations.

        I have seen SQL Express running on domain controllers and it was working fine, but again, with the prices of servers nowadays, there is no good reason to do it. (I know how cheap businesses are run though, worked for one or two, and every single time, attempts to save money by going cheap and not following good practice ended up in costing MUCH MORE within a year or two).

        And I just remembered, you might not be able to demote the DC without uninstalling SQL if you install it on a DC.
        Last edited by gepeto; 2nd July 2008, 15:35. Reason: Demote
        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

        Comment


        • #5
          Re: SQL on Domain Controller

          If the server can handle the performance you're fine. Just make sure the SQL service runs under a user account with no privileges versus the Local System account.

          Comment


          • #6
            Re: SQL on Domain Controller

            Originally posted by Stonelaughter View Post
            Personally, for me, domain controllers are domain controllers and NOTHING else; except where it is not cost effective to install a file server as well in which case they can serve data shares.

            I won't put printing, SQL, Exchange, Web services (ESPECIALLY NOT web services) or FTP on a domain controller; or almost anything else you can think of either. Domain controllers contain the very heart of your (Microsoft-centric) computing operations and should be completely separate from other services with only the absolute necessary stuff running on them.
            This is pretty much my sentiments.

            I'm trying to get that changed at my place now.

            Comment


            • #7
              Re: SQL on Domain Controller

              I also agree. I only use domain controllers for AD, DHCP, DFS root servers, and DNS and nothing else. I have seen too many domain controllers that were used as backup servers, AV master servers, workstations, etc.

              Comment


              • #8
                Re: SQL on Domain Controller

                Hi All,

                Happy to see answer,

                The situation and financial condition demand to put the sql on DC, this is the 1st time we are not following good practices of MS.

                The probe is we have SQL located on Head office on member server and this server is access by remote users only and complaining that the performace or access to application is very slow which is causing their daily work.

                We have discuss with application owner and he suggested that put that application on remote site, Since we have not budgeted and no WKS available in spare, & the only option is DC which reside in that location.

                I wish I could have win2k8 and virtualize the server. (can we viirtualize the existing DC and virtualize the servers)

                Many Thanks

                Rgds

                Comment


                • #9
                  Re: SQL on Domain Controller

                  Originally posted by wullieb1 View Post
                  This is pretty much my sentiments.

                  I'm trying to get that changed at my place now.
                  Any admin will strongly agree, but it just doesn't go that way with small businesses. If hardware costs don't tip you over then the software licenses will.

                  Comment


                  • #10
                    Re: SQL on Domain Controller

                    Originally posted by muneer_bom3 View Post
                    Hi All,

                    Happy to see answer,

                    The situation and financial condition demand to put the sql on DC, this is the 1st time we are not following good practices of MS.

                    The probe is we have SQL located on Head office on member server and this server is access by remote users only and complaining that the performace or access to application is very slow which is causing their daily work.

                    We have discuss with application owner and he suggested that put that application on remote site, Since we have not budgeted and no WKS available in spare, & the only option is DC which reside in that location.

                    I wish I could have win2k8 and virtualize the server. (can we viirtualize the existing DC and virtualize the servers)

                    Many Thanks

                    Rgds
                    Maybe look into terminal services before doing anything else.

                    Comment


                    • #11
                      Re: SQL on Domain Controller

                      Originally posted by Meekrobe View Post
                      Any admin will strongly agree, but it just doesn't go that way with small businesses. If hardware costs don't tip you over then the software licenses will.


                      Yep and i never mentioned we were a small business.

                      For small businesses there is a product called Small Business Server that is designed to do this kind of thing.

                      Comment


                      • #12
                        Re: SQL on Domain Controller

                        Originally posted by Meekrobe View Post
                        If the server can handle the performance you're fine. Just make sure the SQL service runs under a user account with no privileges versus the Local System account.
                        I think when you install SQL on a DC it will force you to use domain accounts and it gives them the proper permissions locally.

                        Also, about virtualization, I wouldn't recommend virtualizing domain controllers on a Windows machine. If it was a vmware esx box, OK, but if it's Windows, and it seems you probably only have one domain controller, how is the host going to boot and have service accounts log in to the domain if the DC vm hasn't started yet? Unless you make it a standalone, and standalones suck
                        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                        Comment

                        Working...
                        X