Because domain controllers are so critical, they must be well secured and they should not run any services other than those required by a domain controller. If you run SQL Server or Internet Information Services (IIS) on a domain controller, there is a higher risk of it being compromised if an intruder is able to break into the SQL or IIS service. As a result, it is recommended that you separate domain controllers from other services like SQL and IIS.
Make sure your domain controllers are well secured against physical and network-based access. It is recommended that domain controllers be dedicated machines and not run other services, such as IIS and SQL.
When to create a domain controller
⌐ 2002 Microsoft Corporation. All rights reserved.