One vs. many domain user accounts in a server farm

Posted by mjustin on Server Fault See other posts from Server Fault or by mjustin
Published on 2011-01-12T06:26:32Z Indexed on 2011/01/12 6:55 UTC
Read the original article Hit count: 228

Filed under:

windows-server-2008

|

domain

|

user-management

We are in a migration process of a group of related computers (Intranet servers, SQL, application servers of one application) to a new domain. In the past we used one domain user account for every computer (web1, web2, appserver1, appserver2, sql1, sqlbackup ...) to access central Windows resources like network shares. Every computer also has a local user account with the same name.

I am not sure if this is necessary, or if it would be easier to configure and maintain to use one domain user account.

Are there key advantages / disadvantages of having one single user account vs. dedicated accounts per computer for this group of background servers? If I am not wrong, one advantage besides easier administration of the user account could be that moving installed applications and services around between the computers does not require a check of the access rights anymore. (Except where IP addresses or ports are used)

© Server Fault or respective owner

Related posts about windows-server-2008

Password policy problem windows server 2008

as seen on Server Fault - Search for 'Server Fault'
Hi, I'm creating a domain and I need to make users that can have an empty password but administrators have to comply with password complexity how to I solve this problem? Thanks in advance >>> More
SAP DCOM Connector on Windows Server 2008

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anybody know, if it is possible to use the "old" SAP DCOM Connector on a Windows Server 2008 ? I want to migrate a old ASP Web Solution with DCOM Connection to SAP from Windows 2000 Server to Windows 2008 Server. When I try to install the DCOM Connector I get the Error Message: "Setup could… >>> More
Windows Server 2008 R2: AD Module for Windows PowerShell

as seen on Internet.com - Search for 'Internet.com'
Windows Server 2008 R2 includes a new Active Directory module for Windows PowerShell, a consolidated group of 76 cmdlets that can perform a host of tasks against Active Directory's various services. >>> More
Windows Server 2008 Directory Services, Group Policy Preferences - More Control Panel Settings

as seen on Internet.com - Search for 'Internet.com'
In Windows Server 2008, Group Policy Preferences makes it possible to reap the chief benefits of an Active Directory environment by simplifying client management. Control Panel Settings nodes in the Group Policy Management Editor makes this possible. >>> More
Windows Server 2008 R2: Introducing the AD Administrative Center

as seen on Internet.com - Search for 'Internet.com'
The Active Directory Administrative Center in Windows Server 2008 R2 is a significant improvement over its predecessor. Although not without limitations, it offers beefed-up management of AD objects, new navigation capabilities, better task-based management options, and improvements to the properties… >>> More

Related posts about domain

In WHM - Addon Domain Matches Primary Domain From Separate Account - I can't delete the addon domain

as seen on Server Fault - Search for 'Server Fault'
I have an account (domian1.com) with the an addon domain (domain2.com) that matches the primary domain (domain2.com) of a separate account. I believe it was created renaming the primary domain of the second account. I want to delete the addon domain from domain1.com. However when I try i get the error: … >>> More
Trust my work domain on a Dev Domain without a domain level password

as seen on Server Fault - Search for 'Server Fault'
I setup a virtual machine to host a dev version of TFS (to test plugins on). Getting a computer on my work domain requires large amounts of red tape and paperwork that I would rather not do. I created my own domain the the VM and I would like to trust all users from my work domain on that VM Domain… >>> More
NFS (with Kerberos) mount failing due to "Server not found in Kerberos database" error

as seen on Server Fault - Search for 'Server Fault'
When running: `sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt` I get this error on the client: mount.nfs4: access denied by server while mounting sol.domain.com:/ And on the server syslogs UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for nfs/ip-#-#-#-#.ec2.internal@SOL… >>> More
Server 2003 on domain wont let domain user have local profile

as seen on Server Fault - Search for 'Server Fault'
I have a few servers that are acting in this behavior, you log in and always get put into a temporary profile. The server is licensed for TS. The user I am testing with has local admin rights so it doesn't seem to be a permission issue on the server. I'll first get a message that the users roaming… >>> More
Problem with redirecting *.domain.com & domain.com to www.domain.com for HTTPS

as seen on Stack Overflow - Search for 'Stack Overflow'
We have a site I'll call acme.com. Most of the time you see http://www.acme.com and sometimes we redirect you to https://www.acme.com. We want to redirect anyone going to http://acme.com or http://*.acme.com to http://www.acme.com, and the same for https. (It's mainly to avoid the alert you get if… >>> More