Domain Controller

Issue

Because domain controllers are so critical, they must be well secured and they should not run any services other than those required by a domain controller. If you run Microsoft® SQL Server™ or Internet Information Services (IIS) on a domain controller, there is a higher risk of it being compromised if an intruder is able to break into the SQL Server or IIS service. As a result, we recommend that you separate domain controllers from other services like SQL Server and IIS.

Solution

Make sure your domain controllers are well secured against physical and network-based access. We recommend that domain controllers be dedicated machines and not run other services, such as IIS and SQL Server.

Additional Information

When to create a domain controller