When deploying equipment, avoid making your Microsoft Exchange Server computer a primary domain controller. If the primary domain controller becomes unavailable, an alternate domain controller must be promoted to the role of primary domain controller. If the Microsoft Exchange Server computer is not the primary domain controller, you do not have to worry about promotions and demotions of domain controllers in a recovery situation.
Some companies prefer to place the Microsoft Exchange Server on a backup domain controller in the Accounts domain so that a second computer is not required for Windows NT authentication in remote offices. This can save the cost of purchasing another computer. However, make sure you take into account the additional RAM overhead required for the Windows NT security accounts manager as well as the Microsoft Exchange Server memory requirements. Windows NT domain controllers require RAM equal to 2.5 times the size of the security accounts manager.
If the Microsoft Exchange Server computer is a member server and not a primary domain controller or backup domain controller, additional memory overhead for the domain security accounts manager is not required. However, for remote offices, companies can save money by using the local Microsoft Exchange Server to provide authentication, serve as a backup domain controller, and provide messaging services.
Important For a proper directory service restore, access to the original security accounts manager is required. Do not install a Microsoft Exchange Server computer in a domain that does not have a backup domain controller.
An alternative is to place the Microsoft Exchange Server computer in a large resource domain that trusts each account's domain. In this case, Microsoft Exchange Server can be placed on a backup domain controller without incurring significant memory overhead because the security accounts manager for the Microsoft Exchange Server resource domain will be relatively small in size.