Windows 2003 - Server Roles

Microsoft's slogan of - 'Easy to deploy, use, and manage' - does have a ring of truth.
However, it does rely on you having the knowledge and skill to make your Windows
Server 2003 fulfil its potential. I must confess that even though I am familiar with the
different types of server, every time I checked with the 'Configure Your Server Wizard', I
found at least one feature that I would otherwise have missed, so my mantra became 'Give the wizard a chance'.

Roles for your Windows 2003 Server

Domain Controller
DNS (WINS)
DHCP
File Server
Print Server
Application Server
Mail Server
Terminal Services
RAS - Dial-in or VPN
Streaming Media

Certain server roles are best combined, for example domain controller, DNS, and DHCP,
whilst other roles are better on their own server, for example I would separate email
(Exchange) from Terminal Services.

Domain Controller
Active Directory is a huge topic in itself. While DCPROMO is easy to run, planning of
both the physical and the logical structure is the key to a trouble free active directory.
Good news, in Server 2003 you can rename the both the domain itself and the domain
controller (Renaming was greyed out in Windows 2000).
Domain controllers do not have to be your most powerful machines, however they must
be reliable and always available to answer logon requests. Decide which DCs will hold
which FSMO (Flexible single master operations) role. By default, only the first server is
a GC (Global Catalog). Having at least one GC on each site will improve any service
which makes and LDAP request for Active Directory names.
Install the Replication Monitor from the Support folder of the Server CD

DNS (Domain Name System) Role

Active Directory absolutely relies on DNS, this is why you must become an expert on
configuring DNS. Once DNS is setup, it runs itself thanks to the new dynamic
component hence DDNS. TCP/IP knowledge plus understanding of how DNS works is
essential when troubleshooting connectivity problems.
What DNS does is enable client machines to resolve servers IP addresses. Once the
client finds the server, Active Directory uses LDAP to locate services like Kerberos,
Global Catalog that clients request.
Your first domain controller can be tricky to setup. To begin with plan then check the
Computer Name found in the System Icon. Before you run DCPROMO make sure you
have the correct Primary DNS Suffix, drill down through the More.. button.
My tactic is to do as little configuring of the forward lookup zone as possible and leave it
all to the DCPROMO wizard. Once Active Directory creates the forward lookup zone, I
configure Active Directory integration to to replicate DNS records to the other servers.
Then I manually create the reverse lookup zone, add PTR records and check with
NSLOOKUP.
If you are troubleshooting DNS _SRV records, try stopping and starting the
Netlogon service.
Make it your reflex to install DNS on domain controllers.
(All I want to say about WINS is plan to phase it out, you only need it for Windows 9x
clients.)

DHCP (Dynamic Host Control Protocol) Role

I used to think you needed a DHCP server on every Subnet, but now I recommend just
two DHCP servers to share each scope, with a DHCP relay agent on each subnet. DHCP
fits in well with DNS and domain controllers, so I would install DHCP on selected
domain controllers.
Once you have installed DHCP, there is much configuration work. But before you do
anything else, you must Authorize the DHCP servers in Active Directory. I believe this
authorization is a device to make you stop and think 'do I need another DHCP server?'
Officially the authorization is to prevent rogue techies installing an extra DHCP server
when it takes their fancy.
Now you are ready to decide which of the numerous Scope Options to configure e.g. 003
Router,006 DNS Servers.

File Server Role

Unlike the above roles, file servers should be member servers, installing Active Directory
here would be a disadvantage. Here are is your checklist of features for a file server that
you might wish to deploy.

Disk Quotas - NTFS partitions

Share and NTFS Permissions - Share Wizard, here is a wizard I really like
Offline Settings for laptops
DFS and or RAID
Indexing service (Forgotten Service)
RAID and or DFS?
New feature - Shadow Copies

File servers have always combined well with print servers.

Print Server Role

Print servers probably show the greatest variation of machine, from dedicated print
servers, you get printers hanging off domain controllers to 'Jet Direct' printers with their
own network cards. In my experience there is a contrast between the software settings
which are easy to configure and the hardware which constantly cries for attention e.g.
paper jam, 'out of toner'. Here is a checklist to for the software components of your print
server:

Add Printer Wizard - same as ever

Drivers for Windows 9x clients
Change Spooler to another volume
Printer Priority
Network Printers
Web Based Printing (Clients)

Application Server Role

The sort of applications that I mean are database, e.g. SQL or web e.g. IIS.
There is rarely any advantage in installing Active Directory on Application servers, and
often this combination creates problems as Active Directory and application services
fight for resources or control of components. So install Application servers on their own
member server.
Authentication is important for all server roles, but fail to tie down permissions on an
application server and you could get sensitive company information being made available

to everyone. Failure to control security could also invite hackers to attacking your data.
So, delve into all aspects of security on your database servers.
There are extra hardware considerations for your application server. Pamper your
database 'crown jewels' with hardware RAID. Get a trial of clustering. Clustering is
technically interesting, is the way of the future and it will take reliability to another level.
Convince who ever holds the purse strings that the greater availability and less downtime
will pay for clustering.

Mail Server Role

Mail servers benefit from being on their own server, separate from domain controllers
and separate from database servers like SQL. Your checklist should include:

Authentication
DNS (MX) record
Site Connectors, SMTP connectors
SMTP service, SMTP virtual server object
POP3 and IMAP server objects
Fire Wall
Configuring Mailboxes
OWA (Outlook web access)
(Client's Outlook)

Install WinRoute from the Exchange 2000 CD to check mail routing

Streaming Media
Rather exotic perhaps, but if you do need to support clients who need audio or video
services, then there is a separate Windows Media Service to install through Add Remove
Programs, Windows Settings.

Terminal Services Role

Terminal services is Microsoft's thin client solution. The Windows 2003 server does all
the processing, and the clients connect from a machine which essentially becomes a
dumb terminal. Terminal Services is built into Windows Server 2003, it is not a separate
product as it was in NT 4.0. However it lies dormant and you need to install it thought
the Add or Remove Programs / Windows Components. You will also need to install
Terminal Service Licensing on one of your servers. Check out special group for Terminal
Server Licencing in Built-in folder of Active Directory Users and Computers.

The main question is which mode will you run terminal? Remote Desktop for
Administration or Application mode.
When you install the programs for Terminal Services check out - special 'Transforms'
method. 32 Bit programs should be o.k. Also search websites for scripts to make any
non Microsoft applications operate in multi session mode.
Group Policy. There are Group Policies just for Terminal services, e.g. Do not let users
accidentally Shut Down the terminal server when they think they are shutting down their
own machine!
Permissions. By default every user can access a terminal server, perhaps you wish to
change this.

RAS and VPN server

The RAS or Routing and RAS has come along way from its NT 4.0 days. The fact that it
is now built in and installed by default is in an indication of its more robust nature and
greater importance. There are lots of components and technologies to understand and
configure to make a successful RAS server:

RAS hardware or a fast internet connection if you are relying on VPN.

DHCP Relay agent or a special IP range for clients.
Extra 'Remote Access Policies' to control dial up users
User properties, Dial-up tab to allow and control Remote Access Permission
Other optional considerations NAT (Network Address Translation), RADIUS
service with your ISP.