Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 515
  • Last Modified:

how to locate active directory

Hello
I have a active directory domain in the local network.
On the domain controller, there is Exchange 2000 back-end server. In addition it has DNS. the IP address of a domain controller is unreal. for example let me say 10.10.10.1
In addition to local network I have a DMZ network. On the DMZ, I have a member server. Another DNS is located on that server but its IP address is real which is 193.140.91.23. My problem is that: I have to add the member server which is on the DMZ network to the domain which is on the local intranet. Because I will setup the exchange 2000 front-end server on the member server. however although I can ping domain controller from the member server, I cannot join the domain. Because the active directory can not be located. I think I should create the SRV record on the DNS which is on the member server but I dont know how I can do that.
Could you help me?
Best Regards
Thanks
0
emrahtufan
Asked:
emrahtufan
  • 7
  • 5
  • 2
1 Solution
 
JConchieCommented:
Bring the member server inside your firewall and onto the interior Lan.  Give it a static ip address on that Lan.  Disable it's DNS service.  Point it to the DNS on your current DC and then run DCPromo on it.  Don't try to promote it to a DC while it is still on the DMZ.

At that point, after it is a DC you can put it back on the DMZ if that is your intention........the wording of your question is not clear about that...............But if you do, be aware that putting an unprotected DC out on your DMZ is creating a HUGE SECURITY HOLE in your network........one that I, 4000 other EE experts and about 4.2 million script-kiddies world wide, could drive a Mack Truck through..........but by all means, if you don't mind you data looted, and your network trashed, proceed..............
0
 
JConchieCommented:
Sorry, just re-read and realized you are not talking about promoting the member server to a DC, (not sure where I got that idea.....but it is Friday morning :-)  )   just joining it to the domain.......still the easiest way to do that is to bring it in onto the lan and then join it to the domain.  

Still not sure about what you mean with your references to "Exchange 2000 back-end server" and "Exchange 2000 front-end server"..........Exchange 2000 is a backend........it's clients, such as  Outlook, Outlook Express and OWA are the frontends.  It is not necessary to put mail servers, web servers, etc out on a DMZ.  Fairly simple and much more secure to keep them on the lan and use one-one Nat to access through the firewall.
0
 
Netman66Commented:
I think by front-end he means either a relay server or OWA.

Either way the server shouldn't need to be part of the domain.

0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Netman66Commented:
I think by front-end he means either a relay server or OWA.

Either way the server shouldn't need to be part of the domain.

0
 
Netman66Commented:
I think by front-end he means either a relay server or OWA.

Either way the server shouldn't need to be part of the domain.

0
 
Netman66Commented:
Oops...sorry for the triple post!
0
 
emrahtufanAuthor Commented:
What I Mean by ront-end server is outlook web access.
In fact on the member server that I mentiıned there will be a web server that carries the web site of organization. I think this server shouldnt be on the internal LAN. (or am I wrong).  
I'm planning toesatblish  this member server on the DMZ network and I also setup a front-end server on that member server in order to enable OWA. In addition, as far as I know, because the mailboxes is located on the back-end server (so in the internal LAN), this architecture becomes more secure. But in order to setup an exchnage server on the member server, there should be an active directory in the environment. This active directory is located in LAN and I cannot communicate with it.
Thanks
0
 
Netman66Commented:
I understand what you are trying to do - and it will work just fine.

Your DMZ server does not need to be part of the domain (thus Stand-Alone).  OWA is a separate product to install that requires Exchange present in your organization but not necessarily on the same server.

The only thing you need to do is to allow the OWA client access through your internal firewall so it can reach the Exchange server.

No need for DNS on this DMZ server either.  Just have your ISP add DNS info for your web server and your domain and you should be set.

0
 
emrahtufanAuthor Commented:
I think I get the point but in this case I should ask another question. If I dont need to front-end server how can I send e-mail to the recepients who is not from my company. Because my internal server has unreal IP. So it has no connection with the internet.
Thanks
0
 
Netman66Commented:
I think you misunderstood me.

You do need a server in the DMZ if you want Exchange inside your firewall - you would make that server a Relay server for only your email domain (both inbound and outbound).  Your ISP must register an MX record for your mail domain and point it to the DMZ server.  You would then allow relaying to your internal server for only your domain.

The OWA component can be installed on the DMZ server to allow your employees access to their Exchange mail via the Internet.

Your internal Exchange server should have Internet access through the firewall.

This article describes one type of setup using Exchange on both sides of your firewall.

http://support.microsoft.com/default.aspx?scid=kb;en-us;280132&Product=exch2k

This article describes what I have tried to explain.

http://support.microsoft.com/default.aspx?scid=kb;en-us;293800&Product=exch2k

Hope that clears things up.

0
 
JConchieCommented:
I guess I'm missing something here......we are running both exchange 5.5 and OWA inside our SonicWall Pro200 on our lan, with no problems at all.  We also moved our webserver off the DMZ (after it got hacked) and put it on the lan, using 0ne-to one NAT.  Again, no problems.

Why all this fuss with extra machines out on the DMZ?
0
 
JConchieCommented:
PS.  Since you only gave Netman a "C", you obviously were un-happy with his answer.  I would suggest that you ask the mods to reopen this question and have a look at my suggestion .......putting the exchange server inside your firewall and using one-to-one nat to address the issue of "Because my internal server has unreal IP."

There is no need to spend money setting a second server on the DMZ
0
 
Netman66Commented:
One to one NAT does nothing to stop unauthorized traffic from getting inside your firewall through the very ports you're mapping.  

Not sure why the C grade either...if he's not yet satisfied he should keep asking until he is.....

A DMZ should also be protected by a firewall - not left wide open.

0
 
JConchieCommented:
Yes, one to one nat lets everyone in that port............but that's what good network security is for........and if you are just allowing pop and smtp through that port, it's pretty hard for anyone to do any damage.  
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now