I am a system administrator for a small firm. Now we consider to rollout Windows Server 2008 R2 for the firm. We plan to implement Active Directory. We would also like to upgrade RDMS, from SQL server 2000 to SQL Server 2014.
We can afford to buy just one server due to size of our organization, so we plan to implement both of AD and SQL Server 2014 on the same machine. However, Microsoft recommends not to install SQL Server 2014 on a domain controller.
I have checked the reasons, but I don’t understand what is the problem, so if someone answers my questions bellow, it’s really helpful.
- You cannot run SQL Server services on a domain controller under a local service account. →If we run SQL Server on a domain controller under a domain user account, what would happens?
- After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller. →We plan to promote our server to a domain controller before installing SQL server 2014 and don’t plan to de-promote to member server because it’s our only server. Is our plan wrong?
- After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member. →We don’t plan to de-promote to member server because it’s our only server. Is our plan wrong?
- SQL Server failover cluster instances are not supported where cluster nodes are domain controllers. →We don’t plan to install failover cluster, so we think that it’s not problem. Are we wrong?
- SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail. →Because We have just one server, so it never be a read-only domain controller, so we think that it’s not problem. Are we wrong?
Actually, I guess if we clear (1), we can install SQL server 2014 on our domain controller.
Thanks for reading all of sentences. I hope someone give us answers.
asked Apr 23 ’15 at 5:54
i m not aware of any technical limitation stopping you from doing this, but it just doesn t sound like a good idea to me. I would try to find a way to keep your domain controller seperate from your SQL Server. If you have a small organisation a PC might be good enough as a DC. Could you virtualise them? if you cant afford hardware what about SQL Azure? Peter Apr 23 ’15 at 9:39
The points you have listed are shown in BOL here. and even though it quotes:
SQL Server Setup will not block installation on a computer that is a domain controller
It states on this KB article that the setup will fail, although the applies to only list up to 2012 version.
One main reason you are going to have against doing this is Microsoft Support. As it states in documentation you should not install it, they are not likely going to provide support. Especially if you experience any security or performance issues. Unless you fork over a good bit of money they are probably not going to do much for you.
I have never seen a company put these two roles together out of choice. I hate to say it but if they need to run an application in SQL Server and it is going to be a mission critical application there is no reason for them not to invest in running that application. Hardware is cheap these days and it does not take much for AD to run if your organization is that small. You could even go and get 2 or 3 year old hardware for that matter.
Now with that said, Window Small Business server used to be the one stop shop for a situation like you describe. It is an AD, Exchange, and web server all on in one; and if I recall also had an installation of SQL Server but I can’t remember. I setup one of these servers for a department one time.
However with Window Server 2012 they changed this to Window Server Essential Edition. and I am not sure what roles you get with this Edition. I would suggest though you simply spend the money to get Standard Edition. A feature you get with Standard is licensing to run two guest OS virtual machines via Hyper-V. If you size the hardware appropriately it will allow you to run your SQL Server instance in one VM and then your application in the second VM. Although your performance is all on one server it provides a boundary separation and would be a fully supported setup by Microsoft. Just my two cents.
answered Apr 29 ’15 at 4:18
The reasons you gave are the primary reasons for avoiding the combination of SQL Server and a domain controller. I’ll add two more:
- it can be a security risk if your SQL Server is accessed by a machine that is exposed to the Internet (such as a web server)
- SQL Server has the potential to starve Windows for resources – which would effectively shut down your domain controller and, in turn, your network
That said, it’s not necessarily uncommon to see SQL Server installed on a domain controller in a small business – you only have so many resources to go around, and you sometimes have to make do with what you have.
The bottom line: Avoid combining server roles if you can. If you must combine AD and SQL Server, be aware of the risks, and do what you can to mitigate them.
[Disclaimer: I would never consider combining AD and SQL Server in anything other than a very small business. There are too many risks, and server loads are usually much heavier.]
answered Apr 29 ’15 at 2:47
There is also the issue of disk performance for services and applications other than AD-DS on the DC, however that can be fixed by installing SQL Server and placing the DBs and log files on a different disk than the one holding the NTDS.DIT AD database.
answered Jan 15 ’16 at 22:06
2017 Stack Exchange, Inc