Is it best practice to join an IIS-6 (run on Windows 2003 server) to a
Windows 2003 Active Directory Domain ? Do you have any references/articles
about this subject ?

TIA

Thomas

Thomas McFarlane wrote:
> Is it best practice to join an IIS-6 (run on Windows 2003 server) to a
> Windows 2003 Active Directory Domain ? Do you have any
> references/articles about this subject ?

Not sure of any articles, but in general I would say yes, because:
1) You can manage the policies and patches for the server centrally
2) You get the domain security model implemented (e.g. users can use their
domain accounts to log on to your web applications)
3) You can use Kerberos authentication for web apps, if required

It depends on the situation. I guess there are circumstances when you would
want the server to be completely standalone, but if it's going to be a
webserver for your internal organisation apps then I don't see why you
wouldn't want to put it in the domain.

Thanks Leon for quick response. My application server (IIS-6) is for
Internet only. Not intranet. You are right, for internal usage, it does make
sense to make IIS member of AD. But my AD ADmin. insists to make all
application servers (IIS & SQL) as members of AD.

Thomas

"Leon Mayne [MVP]" <l.rmv.mayne [at] uea.ac.uk> wrote in message
news:OQG7qECxFHA.2348 [at] TK2MSFTNGP15.phx.gbl...
> Thomas McFarlane wrote:
>> Is it best practice to join an IIS-6 (run on Windows 2003 server) to a
>> Windows 2003 Active Directory Domain ? Do you have any
>> references/articles about this subject ?
>
> Not sure of any articles, but in general I would say yes, because:
> 1) You can manage the policies and patches for the server centrally
> 2) You get the domain security model implemented (e.g. users can use their
> domain accounts to log on to your web applications)
> 3) You can use Kerberos authentication for web apps, if required
>
> It depends on the situation. I guess there are circumstances when you
> would want the server to be completely standalone, but if it's going to be
> a webserver for your internal organisation apps then I don't see why you
> wouldn't want to put it in the domain.
>

On Wed, 28 Sep 2005 05:23:26 -0400, "Thomas McFarlane"
<TM [at] HotMeal.Com> wrote:

>Is it best practice to join an IIS-6 (run on Windows 2003 server) to a
>Windows 2003 Active Directory Domain ? Do you have any references/articles
>about this subject ?

Since it's an intranet, joining the domain makes sense. Then you can
manage them with AD policies, use AD accounts for access and so on.
But it's not critically necessary, and depends a lot on your company's
policies and strategy, as well as network topology.

Jeff