I have inherited a Win SBS 2K8 server which is also being used as an application server - it has a mix of SQL Server 2005/2008 database instances on it (100% of these were setup by programs which installed them ... I suppose that at least some of them are 'Express' instances).
Lately, this setup has come to bite - in particular it would seem that one of the programs can't setup the SQL Server 2005 database instance to reference a machine-local security group - because DC's don't apparently support the notion of local groups.
Although there's a chance I might be able to shoe-horn the program on somehow, I am probably better to take these services off the DC, right?
Do I need to rebuild by DC so that is 'stays pure' as a matter of course? If yes, then which version of Win SBS Server do you recommend? I know that we'd appreciate 2008 R2 on account of its CA's ability to distribute per-machine certificates via SCEP. But SBS 2011 is available and I'm not heavily invested in 2008, so I might as well switch when I rebuild?
Is there any acceptable virtualisation strategy to get both the DC and the app-server on the same box?
Thank-you for advising me on the least-pain route (long term).
If it were me, I would simply setup a new box as a member server and migrate the databases there. Then, uninstall the instances and delete the MSSQL directories on the DC. You shouldn't expect to see any lingering issues on the DC, at least, in my experience, I haven't.