Microsoft Exchange Server on domain controllers

  • Article

If you are running Exchange Server on a domain controller without Small Business Server, be aware of the following issues:

  • Exchange Server and Active Directory are both resource-intensive applications. There are performance implications to be considered when both are running on the same computer.
  • If Exchange Server is running on a domain controller, you must also make that domain controller a global catalog server. For more information about creating a global catalog server, see the Microsoft Knowledge Base article 313994, "How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000" (https://go.microsoft.com/fwlink/?linkid=3052&kbid=313994).
  • Several Exchange Server directory components, such as Directory Service Access (DSAccess), Directory Service Proxy (DSProxy) and the Message Categorizer will not fail over to any other domain controller or global catalog server.
  • You should not take advantage of the /3GB startup switch in Windows because it could cause Exchange Server to consume all memory, thus reducing the memory available for Active Directory.
  • System shutdown will take considerably longer if the Exchange Server services are not stopped before shutting down or restarting the server.
  • This configuration is less secure because Exchange administrators will have local administrative access to Active Directory, enabling them to elevate their own privileges. In addition, any security vulnerability found in either Exchange Server or Active Directory exposes the other to compromise.
  • If you are running Exchange Server 2003 or Exchange Server 2007 on a domain controller, using the domain controller promotion tool (DCPromo) to change the computer role is not supported, and is known to break components such as Microsoft Outlook® Mobile Access.
  • Running Exchange Server 2003 or Exchange Server 2007 on a clustered node that is also an Active Directory domain controller is not supported and should never be done. This means that if you are running Exchange 2000 Server on a node in a cluster that is also a domain controller, you must demote the server to a member server prior to upgrading from Exchange 2000 Server to Exchange Server 2003.

Find more information at below TechNet article:

This Exchange server is also a domain controller, which is not a recommended configuration
https://technet.microsoft.com/en-us/library/aa997407(EXCHG.80).aspx