Why is Sage removing this restriction now?

A recent upgrade of Sage 100 Contractor enforced a restriction on installing on a domain controller. Microsoft recommends against installing SQL Server on a domain controller and does not support SQL Server on a read-only domain controller, and because you must install Database Administration on a SQL Server instance, we wanted to help our customers avoid problems that could arise with unsupported configurations.

However, since implementing this restriction, a number of customers currently using a domain controller server for Sage have told us that enforcing this restriction imposes a hardship. Therefore, our 2016 year-end release (version 20.4) will no longer prevent you from installing on a domain controller, should you choose to do so.

I’ve been thinking of installing Sage 100 Contractor on my domain controller. Can I?

With the year-end release, you will be able to install Sage 100 Contractor on a domain controller. However, we strongly recommend that you install on a separate machine.

Why does Sage recommend using separate machines for the database server and the domain controller?

Sage recommends following industry best practices regarding SQL Server configuration. The reasons include:

• Microsoft does not recommend it
  • For security and performance reasons, we recommend that you do not install a standalone SQL Server on a domain controller – see the first sentence in the tech article Can I Install SQL Server on a Domain Controller?
• Performance
  • It is hard to tune servers that run multiple applications, as different applications may require mutually exclusive configurations.
  • Performance may not be an issue for small businesses with only a handful of users, but it may be for larger businesses with more users.
• Security
  • Your server is only as secure as the least secure component. If combined with your SQL Server, your domain controller will be subject to a myriad of SQL security vulnerabilities.
  • Deploying single application servers reduces the risk that one compromised application on a multi-application server will be used to compromise the others.
• Isolation
  • Avoid combining server roles if possible. Microsoft recommends that you “isolate services” instead – see Security considerations for a SQL Server Installation.
  • SQL Server is an enterprise level, server family of products. Competing needs for CPU, Memory and IO usage puts a big load on your server. Promoting the same server to a domain controller that may also be responsible for authentication activities, increases that strain on the server.
  • What if you have to reboot your domain controller? Each reboot will impact your SQL Server as well (and vice versa).
  • If your Database Administrator (DBA) needs access to the server and you have combined it with the domain controller, you are in a precarious situation. Do you want your DBA handling your domain controller? The situation is of less concern if you have a one-person IT shop, but it doesn't resolve the need to be extra cautious when securing both the database server and domain controller without breaking one or the other.
• Restrictions
  • You cannot install SQL Server on a read-only domain controller.
  • You cannot run SQL Server services on a domain controller under a LocalService account, a NetworkService account, or Service SID (like NT Service\MSSQLServer). Your only available option is to use the LocalSystem account.
  • Best practice when promoting a server to a domain controller dictates that you uninstall SQL first and then reinstall SQL after.

I don’t have complex needs, and I still plan to install on my domain controller. How can I download the software that will let me do this?

Download and install the year-end release (version 20.4), which no longer prevents you from installing on a domain controller. The expected release date is December 21, 2016.