Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win



Posted on 2004-10-19
Medium Priority
Last Modified: 2010-04-10
I'm back again with more questions. I've attempted this one for 3 weeks before I asked. here it goes:

I have two servers. for this purpose we will call them A1 and A2.
A1 is the primary domain controller.
A2 is a secondary domain controller. <- if I have it set up right.
I've tried having 2 domains:
A1 - a.) domain.com
A2 - b.) mail.domain.com
doesn't work. they don't share. and I don't like that setup. I need one domain

I need both servers to be on the same domain.
I need them to share the active directory attributes.
I need them to work together to offer different services.
A1 is a login server, DHCP, DNS, Web Interface
A2 is a exchange server and file server
and in 4 months there will be a A3, as a web server (but we dont have to deal with that today)
Now, A1 has two nic cards. Intranet and Internet. works correctly (thanks to this site), A2 connects to a hub that the clients also pull from, do I need to move the server to be parrellel with A1? For example, use a simple hub from the cable modem, run cables into both servers, and have 2 nic cards in each conputer, so then I can run those 2nd cards out to the main hub? Is that confusing? See I ask, because when I get this problem fix, I'm installing a firewall in front of my front-end servers. so it will be Modem->firewall server->TLGS1 and TLGS2->9 clients.

I will be adding more points to this question, because I typed it I relized I am confused as I typed it. I think some of my problem in the arceticutre (sp) of the network.

Please help with any comments I will try and report results.

Question by:iwalmsley
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
LVL 16

Accepted Solution

JammyPak earned 200 total points
ID: 12349102
A2 doesn't need to be a domain controller unless you want it to perform domain logins. Just make it a member of the domain (run dcpromo to demote it, and then add it to the domain in the 'System' settings (properties of 'My Computer', or System icon in the control panel).

if it is a domain member, then it will have access to all user accounts in the domain - you can create the file shares and add permissions to domain users and groups, and also run exchange on that server

from what I read in the question, I'm don't see why A2 would need to have 2 nics...however, when you install the firewall, you'll need to setup address translation so that the public IP address that your MX records point to (ie. where the mail gets delivered to) is then mapped to the internal IP address that A2 is using. once the FW is there, I don't see why A1 needs to have 2 nics either, but that's another story!


Expert Comment

ID: 12350597
The following web site and its subsequent links have always been a great help to me in setting up AD domains etc..



Author Comment

ID: 12352126
cool. I will try that when I get to the office this evening, i think that will get me in the right direction. About the firewall I use 2 nic cards there and take 1 out of the A1 machine, correct? I only forward the ports I need to the server that serves that application. i.e. mail.domain.com points to my public ip (i can't remember the port, but lets say 1040) I would forward port 1040 to the local ip of A2 correct? A1 only uses Terminal Services so I would have to let those ports thru the firewall as well. All other communication is outbound. Correct?
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 12354983
Ok.. worked on what you said. I dcpromo the A2 machine, everything is good. Was having problems installing Exchange is said something about finding the Active directory, needed to logon to a windows 2000 domain.. I installed ADC (Active Directory Connector) included on the exchange disc, and those errors went away, now I receive this error:
"The componet "Microsoft Exchange Messenging and Collobration Services" cannot be assigned the action 'install' because the NNTP componet of Microsoft Internet Information Services IIS is not installed".
Ok - So I try to go to Start-Programs-Administative Tools- I don't have those tools. Even if I log off and log in to A2, (instead of the domain) they are not there.
I can share files and access the servers, PART A of my question has been solved, just not exchange.
LVL 16

Expert Comment

ID: 12357664
For exchange - you can add the NNTP component - go in to 'Add/Remove Programs' and switch to 'Windows Components' , then go into 'Application Server', then Details, and IIS, then Details, and select the 'NNTP Service'

for the Firewall - yes, you're right - there's 2 NICs in the firewall - one private (inside), one public (outside). You then configure port forwarding for only the ports you need to only the servers you need. for example, for mail, you'll need to forward tcp port 25 to the internal address of the exchange server. the steps will be different depending on the firewall, but that's what you need to do.

once the web server is in, you'll need to forward tcp port 80 to it.

Author Comment

ID: 12372009
Ok.. JammyPak: thanks. how do i find proof that AD is being used from A1? I want to make sure that before I delelte Exchange on A1 (where is was before) that it works. Any tests I can perform? Raised points for followup. thanks
LVL 16

Expert Comment

ID: 12372187
on A1, when you login, in the 'Log in to' drop-down box, select the Domain and try logging in as a domain user account.

Author Comment

ID: 12373167
Thanks!!! Log on was sucessful. So with what you said, I will be able to use my AD users from A1, in my exchange on A2. I think that's another question, so I award points to you. Thanks. If I'm wrong with my assesment about, please post and I'll ask another question in this forum.

Thanks again.
LVL 16

Expert Comment

ID: 12373509
Yes, A2 is in the domain, so the domain users are available to it

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question