Posted on 2004-10-19
Medium Priority
Last Modified: 2010-04-10
I'm back again with more questions. I've attempted this one for 3 weeks before I asked. here it goes:

I have two servers. for this purpose we will call them A1 and A2.
A1 is the primary domain controller.
A2 is a secondary domain controller. <- if I have it set up right.
I've tried having 2 domains:
A1 - a.) domain.com
A2 - b.) mail.domain.com
doesn't work. they don't share. and I don't like that setup. I need one domain

I need both servers to be on the same domain.
I need them to share the active directory attributes.
I need them to work together to offer different services.
A1 is a login server, DHCP, DNS, Web Interface
A2 is a exchange server and file server
and in 4 months there will be a A3, as a web server (but we dont have to deal with that today)
Now, A1 has two nic cards. Intranet and Internet. works correctly (thanks to this site), A2 connects to a hub that the clients also pull from, do I need to move the server to be parrellel with A1? For example, use a simple hub from the cable modem, run cables into both servers, and have 2 nic cards in each conputer, so then I can run those 2nd cards out to the main hub? Is that confusing? See I ask, because when I get this problem fix, I'm installing a firewall in front of my front-end servers. so it will be Modem->firewall server->TLGS1 and TLGS2->9 clients.

I will be adding more points to this question, because I typed it I relized I am confused as I typed it. I think some of my problem in the arceticutre (sp) of the network.

Please help with any comments I will try and report results.

Question by:iwalmsley
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 16

Accepted Solution

JammyPak earned 200 total points
ID: 12349102
A2 doesn't need to be a domain controller unless you want it to perform domain logins. Just make it a member of the domain (run dcpromo to demote it, and then add it to the domain in the 'System' settings (properties of 'My Computer', or System icon in the control panel).

if it is a domain member, then it will have access to all user accounts in the domain - you can create the file shares and add permissions to domain users and groups, and also run exchange on that server

from what I read in the question, I'm don't see why A2 would need to have 2 nics...however, when you install the firewall, you'll need to setup address translation so that the public IP address that your MX records point to (ie. where the mail gets delivered to) is then mapped to the internal IP address that A2 is using. once the FW is there, I don't see why A1 needs to have 2 nics either, but that's another story!


Expert Comment

ID: 12350597
The following web site and its subsequent links have always been a great help to me in setting up AD domains etc..



Author Comment

ID: 12352126
cool. I will try that when I get to the office this evening, i think that will get me in the right direction. About the firewall I use 2 nic cards there and take 1 out of the A1 machine, correct? I only forward the ports I need to the server that serves that application. i.e. mail.domain.com points to my public ip (i can't remember the port, but lets say 1040) I would forward port 1040 to the local ip of A2 correct? A1 only uses Terminal Services so I would have to let those ports thru the firewall as well. All other communication is outbound. Correct?
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.


Author Comment

ID: 12354983
Ok.. worked on what you said. I dcpromo the A2 machine, everything is good. Was having problems installing Exchange is said something about finding the Active directory, needed to logon to a windows 2000 domain.. I installed ADC (Active Directory Connector) included on the exchange disc, and those errors went away, now I receive this error:
"The componet "Microsoft Exchange Messenging and Collobration Services" cannot be assigned the action 'install' because the NNTP componet of Microsoft Internet Information Services IIS is not installed".
Ok - So I try to go to Start-Programs-Administative Tools- I don't have those tools. Even if I log off and log in to A2, (instead of the domain) they are not there.
I can share files and access the servers, PART A of my question has been solved, just not exchange.
LVL 16

Expert Comment

ID: 12357664
For exchange - you can add the NNTP component - go in to 'Add/Remove Programs' and switch to 'Windows Components' , then go into 'Application Server', then Details, and IIS, then Details, and select the 'NNTP Service'

for the Firewall - yes, you're right - there's 2 NICs in the firewall - one private (inside), one public (outside). You then configure port forwarding for only the ports you need to only the servers you need. for example, for mail, you'll need to forward tcp port 25 to the internal address of the exchange server. the steps will be different depending on the firewall, but that's what you need to do.

once the web server is in, you'll need to forward tcp port 80 to it.

Author Comment

ID: 12372009
Ok.. JammyPak: thanks. how do i find proof that AD is being used from A1? I want to make sure that before I delelte Exchange on A1 (where is was before) that it works. Any tests I can perform? Raised points for followup. thanks
LVL 16

Expert Comment

ID: 12372187
on A1, when you login, in the 'Log in to' drop-down box, select the Domain and try logging in as a domain user account.

Author Comment

ID: 12373167
Thanks!!! Log on was sucessful. So with what you said, I will be able to use my AD users from A1, in my exchange on A2. I think that's another question, so I award points to you. Thanks. If I'm wrong with my assesment about, please post and I'll ask another question in this forum.

Thanks again.
LVL 16

Expert Comment

ID: 12373509
Yes, A2 is in the domain, so the domain users are available to it

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question