Is it acceptable to install an additional domain controller on a database server?

I have my first domain controller on an Amazon EC2 instance, which is only used for service and administrative accounts for a handful of servers.

I would like to avoid the expense of another server just for an additional domain controller, and was wondering if I could install it on the database server.

Given the light domain usage scenario, would the additional domain controller significantly affect the performance of the database server? Are there other reasons why I shouldn't take this approach?

Edit: Removed the terms "primary" and "backup" DCs. :)

Update: The DB Server is SQL 2008 R2 on Win 2008 R2. The domain controller is SQL 2008 SP2.


Solution 1:

DC services would eat up a bit of RAM and hardly any CPU resources at all as long as you do not have excessive AD updates or user authentication requests to this DC, so performancewise you are likely not to notice any difference.

There might be security implications, though. A database service is presumably run in some priveleged context like LocalSystem which would allow an attacker ultimate access to your entire AD if he succeeds breaking into the database service. There may be cases where this is not a concern, but mostly it should be.

Solution 2:

I think you're going to get two different answers, both of which are correct:

  1. No it not acceptable and stuff is either going to break, or not be supported. Here is a similar thread http://forums.techarena.in/active-directory/1244416.htm

  2. You're going to see answers that say, "I've done this for x number of years and never had a problem."

Both answers are going to be correct. It really depends on your situation. Myself, I would do it in a test bed or non-production environment (developer environment). I wouldn't do it in a production environment.