Sunday, January 27, 2013 11:21 PMnew to servers, can anyone tell on my PDC what is the basic roles and features I should have. Also I and installing a SDC I woud like to install SCCM on it is this a good Idea, Thanking all in advance
Sunday, January 27, 2013 11:56 PM
I am not sure but by PDC you mean 'primary domain controller'? That is no longer in Active Directory since Windows NT, instead now you have a PDC Emulator domain fsmo role. The PDC emulator does these things among others:
•Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
•If a logon authentication fails at a given DC in a domain due to a bad password, the DC will forward the authentication request to the PDC emulator to validate the request against the most current password. If the PDC reports an invalid password to the DC, the DC will send back a bad password failure message to the user.
•Account lockout is processed on the PDC emulator.
•The PDC emulator FSMO also fulfills the role of the PDC in the NetLogon Remote Protocol methods described in [MS-NRPC] section 3. Therefore, the PDC emulator FSMO MUST support and perform all PDC specific functionality specified in that section. Every DC, other than the PDC emulator FSMO, MUST NOT perform this functionality.
You should not install any other programs such as system center or exchange. This is a best practice recommandation not that you can't technically do it. It's recommended you don't install additional services on a DC for a lot of reasons, one that comes to mind with SCCM is that it installs IIS and it might present security issues.
I am not sure if microsoft supports this configuration but I think they might because there are clients that have branches an maybe one server that is a DC.
Look at this blog post for more info about FSMO roles: http://tigermatt.wordpress.com/tag/pdc-emulator/
- Edited by Marius EneMVP Sunday, January 27, 2013 11:59 PM
Monday, January 28, 2013 12:16 AM
If you're wanting best practice then you can install DNS on both of the DCs but nothing else, you definitely should not install SCCM on a DC, it is very disk intensive, and would also require you to install SQL Server and IIS which you also don't want on a DC.
Keep your DCs simple, separate, and just for keeping your domain up, everything else goes on another server.
If this is a lab rather than production then yes, you can do all these as you wish.
Monday, January 28, 2013 12:41 AMI also found this older thread with a similar issue, so check it out: http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/0bcf2bfb-d1c9-4b4c-83f2-952038661ad8
Monday, January 28, 2013 1:40 AM
Thanks so best practice is to intall dchp, AD, DNS on the BDC, and SCCM on a third server. This is a virtual lab enviroment.
Monday, January 28, 2013 6:03 AM
There is no such thing from PDC and BDC it used to be in Nt 4.0. Starting from Windows 2000 all the domain controllers are multi master which means at the same time they can replicate read and write.
It completely depends upon the scenario and organization. if the organization is large I would only install the dns role on the server, as a matter of fact I have also seen people installing the DHCP role on the hardware due to non availability of the hardware.
SCCM should be installed on the member server for the security reasons
- Marked As Answer by Jeremy_WuMicrosoft Contingent Staff, Moderator Wednesday, January 30, 2013 8:26 AM