Posted on 2004-10-19
Last Modified: 2010-04-10
I'm back again with more questions. I've attempted this one for 3 weeks before I asked. here it goes:

I have two servers. for this purpose we will call them A1 and A2.
A1 is the primary domain controller.
A2 is a secondary domain controller. <- if I have it set up right.
I've tried having 2 domains:
A1 - a.)
A2 - b.)
doesn't work. they don't share. and I don't like that setup. I need one domain

I need both servers to be on the same domain.
I need them to share the active directory attributes.
I need them to work together to offer different services.
A1 is a login server, DHCP, DNS, Web Interface
A2 is a exchange server and file server
and in 4 months there will be a A3, as a web server (but we dont have to deal with that today)
Now, A1 has two nic cards. Intranet and Internet. works correctly (thanks to this site), A2 connects to a hub that the clients also pull from, do I need to move the server to be parrellel with A1? For example, use a simple hub from the cable modem, run cables into both servers, and have 2 nic cards in each conputer, so then I can run those 2nd cards out to the main hub? Is that confusing? See I ask, because when I get this problem fix, I'm installing a firewall in front of my front-end servers. so it will be Modem->firewall server->TLGS1 and TLGS2->9 clients.

I will be adding more points to this question, because I typed it I relized I am confused as I typed it. I think some of my problem in the arceticutre (sp) of the network.

Please help with any comments I will try and report results.

Question by:iwalmsley
  • 4
  • 4
LVL 16

Accepted Solution

JammyPak earned 50 total points
ID: 12349102
A2 doesn't need to be a domain controller unless you want it to perform domain logins. Just make it a member of the domain (run dcpromo to demote it, and then add it to the domain in the 'System' settings (properties of 'My Computer', or System icon in the control panel).

if it is a domain member, then it will have access to all user accounts in the domain - you can create the file shares and add permissions to domain users and groups, and also run exchange on that server

from what I read in the question, I'm don't see why A2 would need to have 2 nics...however, when you install the firewall, you'll need to setup address translation so that the public IP address that your MX records point to (ie. where the mail gets delivered to) is then mapped to the internal IP address that A2 is using. once the FW is there, I don't see why A1 needs to have 2 nics either, but that's another story!


Expert Comment

ID: 12350597
The following web site and its subsequent links have always been a great help to me in setting up AD domains etc..


Author Comment

ID: 12352126
cool. I will try that when I get to the office this evening, i think that will get me in the right direction. About the firewall I use 2 nic cards there and take 1 out of the A1 machine, correct? I only forward the ports I need to the server that serves that application. i.e. points to my public ip (i can't remember the port, but lets say 1040) I would forward port 1040 to the local ip of A2 correct? A1 only uses Terminal Services so I would have to let those ports thru the firewall as well. All other communication is outbound. Correct?
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 12354983
Ok.. worked on what you said. I dcpromo the A2 machine, everything is good. Was having problems installing Exchange is said something about finding the Active directory, needed to logon to a windows 2000 domain.. I installed ADC (Active Directory Connector) included on the exchange disc, and those errors went away, now I receive this error:
"The componet "Microsoft Exchange Messenging and Collobration Services" cannot be assigned the action 'install' because the NNTP componet of Microsoft Internet Information Services IIS is not installed".
Ok - So I try to go to Start-Programs-Administative Tools- I don't have those tools. Even if I log off and log in to A2, (instead of the domain) they are not there.
I can share files and access the servers, PART A of my question has been solved, just not exchange.
LVL 16

Expert Comment

ID: 12357664
For exchange - you can add the NNTP component - go in to 'Add/Remove Programs' and switch to 'Windows Components' , then go into 'Application Server', then Details, and IIS, then Details, and select the 'NNTP Service'

for the Firewall - yes, you're right - there's 2 NICs in the firewall - one private (inside), one public (outside). You then configure port forwarding for only the ports you need to only the servers you need. for example, for mail, you'll need to forward tcp port 25 to the internal address of the exchange server. the steps will be different depending on the firewall, but that's what you need to do.

once the web server is in, you'll need to forward tcp port 80 to it.

Author Comment

ID: 12372009
Ok.. JammyPak: thanks. how do i find proof that AD is being used from A1? I want to make sure that before I delelte Exchange on A1 (where is was before) that it works. Any tests I can perform? Raised points for followup. thanks
LVL 16

Expert Comment

ID: 12372187
on A1, when you login, in the 'Log in to' drop-down box, select the Domain and try logging in as a domain user account.

Author Comment

ID: 12373167
Thanks!!! Log on was sucessful. So with what you said, I will be able to use my AD users from A1, in my exchange on A2. I think that's another question, so I award points to you. Thanks. If I'm wrong with my assesment about, please post and I'll ask another question in this forum.

Thanks again.
LVL 16

Expert Comment

ID: 12373509
Yes, A2 is in the domain, so the domain users are available to it

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question