Running applications on Domain Controller: Risk?

N

nitrobass24

[H]ard|DCer of the Month - December 2009
Joined
Apr 7, 2006
Messages
10,466
Is there any reasons why a company should not run a financial application on a domain controller, besides performance/uptime?

The external auditors are flipping a shit because my client is running ADP(payroll) on a domain controller. I just dont see what the big deal is.
 
We have two domain controllers at each geographic location. They do DC only, period, nothing else, ever.

Any more roles that you add to the Domain Controllers are basically putting the machine at risk for something to happen or to be compromised.
 
For the most part you shouldn't run anything that isn't necessary on a infrastructure server. If for no other reason that people can at least try to work if an update brings down the app server but if the infrastructure is down they are dead in the water.
 
DeChache said:
For the most part you shouldn't run anything that isn't necessary on a infrastructure server. If for no other reason that people can at least try to work if an update brings down the app server but if the infrastructure is down they are dead in the water.
Click to expand...

that's my mentality... but i don't have a problem with running VMs on an infrastructure machine.... if it can handle it... i put my apps in those...
 
Besides the issues presented above, I prefer not to put all my eggs in one basket. If it can be afforded, I like to dedicate servers to specific apps.
 
corge said:
Any more roles that you add to the Domain Controllers are basically putting the machine at risk for something to happen or to be compromised.
Click to expand...

Ok what are these risks?

Sorry for being dense but im just trying to obtain a full understanding.

Things that i have seen.
  1. Application update takes this DC offline.
  2. Application runs poorly
 
The less you do on a DC, the better.
Also, depends on the size of your company, as....if your DC has to run a "large network"...and it gets screwed trying to allocate much of its processing power to some bloated accounting app like QuickBloatPro...all the clients of the network suffer..slow logins, slow DNS replies, way behind print jobs, etc.

Sometimes you'll install software that borks up your computer. Imagine installing something on a domain controller...that tanked it? Oh boy...company is screwed for at least a few hours now...

I remember a couple of years ago.....this architect firm I helped do some work on. They had a DC...their domain controller.
It also was a terminal server...for remote users.
It also had Timberline installed on it...
And..it also was used locally..by some lady in the office...who sat down in front of it and used it as a regular workstation..yes....checking e-mail...surfing the web...oh yeah. :rolleyes:

Now...they always had problems with it. Go figure..... :p Had to frequently be rebooted for various reasons. :eek:
 
nitrobass24 said:
Ok what are these risks?

Sorry for being dense but im just trying to obtain a full understanding.

Things that i have seen.
  1. Application update takes this DC offline.
  2. Application runs poorly
Click to expand...

extremely poorly written software can sometimes require OS reloads... which when talking about DCs is generally a bad thing...
 
nitrobass24 said:
Ok what are these risks?

Sorry for being dense but im just trying to obtain a full understanding.

Things that i have seen.
  1. Application update takes this DC offline.
  2. Application runs poorly
Click to expand...

Security. One exploit and you open up the DC to compromise. You want the lowest attack surface possible on a DC.
 
YeOldeStonecat said:
The less you do on a DC, the better.
Also, depends on the size of your company, as....if your DC has to run a "large network"...and it gets screwed trying to allocate much of its processing power to some bloated accounting app like QuickBloatPro...all the clients of the network suffer..slow logins, slow DNS replies, way behind print jobs, etc.

Sometimes you'll install software that borks up your computer. Imagine installing something on a domain controller...that tanked it? Oh boy...company is screwed for at least a few hours now...

I remember a couple of years ago.....this architect firm I helped do some work on. They had a DC...their domain controller.
It also was a terminal server...for remote users.
It also had Timberline installed on it...
And..it also was used locally..by some lady in the office...who sat down in front of it and used it as a regular workstation..yes....checking e-mail...surfing the web...oh yeah. :rolleyes:

Now...they always had problems with it. Go figure..... :p Had to frequently be rebooted for various reasons. :eek:
Click to expand...


OMG :eek::eek::eek::eek::eek:

Its like my worst nightmare.

I have a client using their "server" as a workstation but its just running the master quickbooks install.
 
on each of our domain controllers we run AD and DNS. on one of them its also running DHCP.
 
You must log in or register to reply here.
Back
Top