Solved

how to locate active directory

Posted on 2003-10-31
14
506 Views
Last Modified: 2010-04-14
Hello
I have a active directory domain in the local network.
On the domain controller, there is Exchange 2000 back-end server. In addition it has DNS. the IP address of a domain controller is unreal. for example let me say 10.10.10.1
In addition to local network I have a DMZ network. On the DMZ, I have a member server. Another DNS is located on that server but its IP address is real which is 193.140.91.23. My problem is that: I have to add the member server which is on the DMZ network to the domain which is on the local intranet. Because I will setup the exchange 2000 front-end server on the member server. however although I can ping domain controller from the member server, I cannot join the domain. Because the active directory can not be located. I think I should create the SRV record on the DNS which is on the member server but I dont know how I can do that.
Could you help me?
Best Regards
Thanks
0
Comment
Question by:emrahtufan
  • 7
  • 5
  • 2
14 Comments
 
LVL 18

Expert Comment

by:JConchie
ID: 9659053
Bring the member server inside your firewall and onto the interior Lan.  Give it a static ip address on that Lan.  Disable it's DNS service.  Point it to the DNS on your current DC and then run DCPromo on it.  Don't try to promote it to a DC while it is still on the DMZ.

At that point, after it is a DC you can put it back on the DMZ if that is your intention........the wording of your question is not clear about that...............But if you do, be aware that putting an unprotected DC out on your DMZ is creating a HUGE SECURITY HOLE in your network........one that I, 4000 other EE experts and about 4.2 million script-kiddies world wide, could drive a Mack Truck through..........but by all means, if you don't mind you data looted, and your network trashed, proceed..............
0
 
LVL 18

Expert Comment

by:JConchie
ID: 9659122
Sorry, just re-read and realized you are not talking about promoting the member server to a DC, (not sure where I got that idea.....but it is Friday morning :-)  )   just joining it to the domain.......still the easiest way to do that is to bring it in onto the lan and then join it to the domain.  

Still not sure about what you mean with your references to "Exchange 2000 back-end server" and "Exchange 2000 front-end server"..........Exchange 2000 is a backend........it's clients, such as  Outlook, Outlook Express and OWA are the frontends.  It is not necessary to put mail servers, web servers, etc out on a DMZ.  Fairly simple and much more secure to keep them on the lan and use one-one Nat to access through the firewall.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 9661758
I think by front-end he means either a relay server or OWA.

Either way the server shouldn't need to be part of the domain.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 9661764
I think by front-end he means either a relay server or OWA.

Either way the server shouldn't need to be part of the domain.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 9661776
I think by front-end he means either a relay server or OWA.

Either way the server shouldn't need to be part of the domain.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 9661777
Oops...sorry for the triple post!
0
 

Author Comment

by:emrahtufan
ID: 9662304
What I Mean by ront-end server is outlook web access.
In fact on the member server that I mentiıned there will be a web server that carries the web site of organization. I think this server shouldnt be on the internal LAN. (or am I wrong).  
I'm planning toesatblish  this member server on the DMZ network and I also setup a front-end server on that member server in order to enable OWA. In addition, as far as I know, because the mailboxes is located on the back-end server (so in the internal LAN), this architecture becomes more secure. But in order to setup an exchnage server on the member server, there should be an active directory in the environment. This active directory is located in LAN and I cannot communicate with it.
Thanks
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 51

Expert Comment

by:Netman66
ID: 9663015
I understand what you are trying to do - and it will work just fine.

Your DMZ server does not need to be part of the domain (thus Stand-Alone).  OWA is a separate product to install that requires Exchange present in your organization but not necessarily on the same server.

The only thing you need to do is to allow the OWA client access through your internal firewall so it can reach the Exchange server.

No need for DNS on this DMZ server either.  Just have your ISP add DNS info for your web server and your domain and you should be set.

0
 

Author Comment

by:emrahtufan
ID: 9666941
I think I get the point but in this case I should ask another question. If I dont need to front-end server how can I send e-mail to the recepients who is not from my company. Because my internal server has unreal IP. So it has no connection with the internet.
Thanks
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 100 total points
ID: 9667031
I think you misunderstood me.

You do need a server in the DMZ if you want Exchange inside your firewall - you would make that server a Relay server for only your email domain (both inbound and outbound).  Your ISP must register an MX record for your mail domain and point it to the DMZ server.  You would then allow relaying to your internal server for only your domain.

The OWA component can be installed on the DMZ server to allow your employees access to their Exchange mail via the Internet.

Your internal Exchange server should have Internet access through the firewall.

This article describes one type of setup using Exchange on both sides of your firewall.

http://support.microsoft.com/default.aspx?scid=kb;en-us;280132&Product=exch2k

This article describes what I have tried to explain.

http://support.microsoft.com/default.aspx?scid=kb;en-us;293800&Product=exch2k

Hope that clears things up.

0
 
LVL 18

Expert Comment

by:JConchie
ID: 9672550
I guess I'm missing something here......we are running both exchange 5.5 and OWA inside our SonicWall Pro200 on our lan, with no problems at all.  We also moved our webserver off the DMZ (after it got hacked) and put it on the lan, using 0ne-to one NAT.  Again, no problems.

Why all this fuss with extra machines out on the DMZ?
0
 
LVL 18

Expert Comment

by:JConchie
ID: 9672591
PS.  Since you only gave Netman a "C", you obviously were un-happy with his answer.  I would suggest that you ask the mods to reopen this question and have a look at my suggestion .......putting the exchange server inside your firewall and using one-to-one nat to address the issue of "Because my internal server has unreal IP."

There is no need to spend money setting a second server on the DMZ
0
 
LVL 51

Expert Comment

by:Netman66
ID: 9672822
One to one NAT does nothing to stop unauthorized traffic from getting inside your firewall through the very ports you're mapping.  

Not sure why the C grade either...if he's not yet satisfied he should keep asking until he is.....

A DMZ should also be protected by a firewall - not left wide open.

0
 
LVL 18

Expert Comment

by:JConchie
ID: 9672852
Yes, one to one nat lets everyone in that port............but that's what good network security is for........and if you are just allowing pop and smtp through that port, it's pretty hard for anyone to do any damage.  
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A Short Story about the Best File Recovery Software – Acronis True Image 2017
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now