Here is my suggestion for how to couple those together.
- E-Dom Active Directory: Single / On its own. Provides stability of your network if issues come up with other services used throughout your network.
- NFS File Share: Can be mixed with Sharepoint
- E-Coll Exchange Server: Single / On its own.
- Sharepoint: Can be mixed with NFS Share
- PBX Server: Deff on its own, you may need to reboot this from time to time.
- E-Sec NPS: IF it's a Microsoft NPS, can work with AD. Otherwise Alone.
- Certificate Authority: This can be the DC, Not sure why they told you otherwise? I would do some research on that one just in case but we do it all the time and never had issues.
- E-Art Wireshark: On its own
Pretty much any databases you want to keep running on their own except for some limited exceptions. Active Directory is a database, so while you can even pair it with the NPS server, it is a better idea to keep the NPS on its own. However this depends on budgets and licensing and whatnot, they could run together since they are both Microsoft products and NPS relied on the directory at the end of the day.
Then you have your other network services servers, NFS, SharePoint, PBX, exchange, etc. The trick to these other servers is that they could need a reboot from time to time or run into issues and you want your company to be able to keep working if per se your e-mail server is trashed tonight. So you separate these, that way one issue with one thing won't cover 2 other systems, etc. Limits your scope of impact when something goes wrong.
On the same note, your NPS and Wireshark server could work together as well if they are running on the same OS type, just like file-sharing services (SharePoint, NFS) could be paired together. More reliable if you separate everything but again, depends on your budget and cost.
