where should the line be drawn on what services a DC should be used for

Giganews Newsgroups
Subject: where should the line be drawn on what services a DC should be used for
Posted by:  Jim in Arizona (tiltowa…@hotmail.com)
Date: Wed, 15 Apr 2009

I'm working at a manufacturing plant that's currently under constructions.
We have two DCs, one is local (server 2008) and the other is hosted on the
net (server 2003).

The local DC is being used for not just a DC and DNS, but as a file, print
and IIS server.

At what point should the line be drawn at how many uses a DC should be sued
for? I was always taught that the DC was one of the most important computers
in your network and should be treated very securely. If that is the case,
shouldn't the DCs be left to just being DCs and not a swiss army knife of

My goal is to move IIS off the DC and put it on a new server, along with
SQL. This new server would also host the Fishbowl server (it's currenlt on a
personal laptop which I need to get off of for numerous reasons). I need to
convince management that a DC should only be used for the primary purpose of
active directory (user/computer account authentication), DNS and DHCP (and
whatever else I may be forgetting at the moment that a DC does), and not for
a dozen other things.

I was looking for a webpage somewhere on Microsoft that may say something
about a DC only being used as a DC and nothing more for security reasons but
haven't been able to find much.

Can someone help me out on this? Is it really ok to use a DC for pretty much
everything or, if not, where can I find documentation saying otherwise?