?
Solved

difficulty in adding a second domain controller windows 2003 server

Posted on 2006-06-30
4
Medium Priority
?
299 Views
Last Modified: 2010-04-18
Hi Experts,
I have a DC running 2003 enterprise AD
i have 3 other servers, all on the same domain.
One of my servers is in the DMZ and serves as a Secure Gateway for a citrix server.
Some of the reading I have done suggests it is not a good idea to keep the SG server on the same domain as the rest.
How difficult is it to make that SG server a domain controller (probably using the wrong term)  

I would like the SG to have abc.com domain instead of the abc.net domain.

If you could give me a step by step on this I would appreciate it.  I'm not an expert.
0
Comment
Question by:Quadeeb2003
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 17021630
Is it necessary to even have the DMZ server be a DC?

You should be able to setup this server to host an IIS (web) front-end for the Citrix server and have clients connect using the ICA client.  This way only a very small hole needs to be open to the real domain.

0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 17021685
I have SG server hosting IIS and WI, but it is on the same domain.
A benefit of switching the server to its own domain is I can use an outside CA certificate for my server on that domain.  The FQDN of my internal network cannot have a outside CA certificate because the domain is public.  ABC.net for example.
If the SG server becomes a DC for a different domain, I make a few trusts from my DC, and I would imagine I would be in business.

It is a new server, there are no apps other than citrix, and reinstalling would be a snap.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 17021704
I suppose it would work although I'm not sure you really need it to be a DC.  You should be able to use ADAM for authentication and keep it entirely separate.

However, yes, I agree that a different domain would be proper - if the current domain was compromised then your entire AD would be exposed.

0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 17022207
So, any idea how to get it done?
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question