Exchange Server

Problems with Exchange 2003 Installed on Domain Controllers

Why is it NOT recommended to install Exchange Server 2003 on a computer that is also a Domain Controller?

There are a few issues you should be aware of before installing Exchange Server 2003 on a computer that is also configured as a Domain Controller.

  • The server must NOT be a cluster. Exchange 2003 clusters co-existing on Active Directory servers is not supported by Microsoft.
  • Installing Exchange 2003 and Active Directory on the same server has a significant performance impact.
  • The server must be a Global Catalog server (not just a DC).
  • DSAccess/DSProxy/Cat will not load-balance or fail-over to another DC/GC.
  • Avoid the use of the /3GB switch, otherwise the Exchange cache might monopolize system memory. Additionally, the number of user connections should be very low, therefore the /3GB switch should not be required.
  • All services run under LocalSystem so there is a greater risk of exposure should a security bug be found (e.g. a bug in AD which allows an attacker to access the AD will also allow them to access Exchange, and vice-versa)
  • If Exchange administrators will be able to logon to the local server. Because they have physical console access to a DC, potentially they can elevate their permissions in the AD.
  • It may take approximately 10 minutes for the server to shutdown. This is because the AD service (LSASS.EXE) shuts down before the Exchange services, and DSAccess will go through several timeouts before shutting down. The workaround for this issue is to manually stop the Exchange services (specifically the Store) before initiating a system shutdown or restart.

Note: You may want to read the following article for more info – Slow Shutdown of Exchange 2003 Server Installed on DC.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Related Topics:

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: