Should all my DCs run on Server Core?

By | October 27, 2008

 

Last week I initiated a discussion on the ActiveDir.org mailing list about running Windows Server 2008 Domain Controllers on Server Core.  I was curious to see whether there were any good reasons why all DCs (RODCs and RWDCs) should not be run on Server Core as a best practice.   The conclusion reached was that, with the possible exception of smaller organisations, the benefits of Server Core far outweigh any limitations.

Why Server Core is a good thing

  • Because it installs only a subset of the full operating system, Server Core provides a smaller surface area for potential security compromise.
  • Server Core requires fewer patches, thereby reducing both the administrative overhead and the potential risk of instability.
  • Server Core has a lower system resource overhead, delivering a better bang-for-buck for your server hardware investment.
  • Because of it’s small footprint, Server Core lends itself to virtualisation, again delivering a better return on your hardware investment.

Server Core sounds perfect, so why isn’t everyone using it?

  • There is no UI, which means that administrators unfamiliar with the command line have to get to grips with new ways of doing things.  Having said that, you still have the option to run all of the AD admin tools remotely by running RSAT on a machine running VISTA or the full UI version of Windows Server 2008.
  • DC promotion becomes a little more long-winded as it requires you to create an answer file and run DCPROMO in unattended mode.
  • The .NET Framework (and hence Powershell) is not supported, which means you cannot run code locally that requires the Framework.  There are however a number of workarounds to this and changes coming in Powershell 2.0 improve the options for running cmdlets against remote computers.

Despite the minor inconveniences for administrators I would recommend using Server Core for all your Windows Server 2008 Domain Controllers.  For me benefits are too compelling not to.   I predict that as more Windows Server 2008 forests are deployed, Domain Controllers on Server Core will start to be considered best practice.  I also believe that Server Core will become the primary Windows Server platform within the next 10 years, with the full UI version either vanishing altogether or becoming marginalised for use only in small organisations. 

But then I chose Betamax over VHS, so what do I know. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.