Installing linksys router in front of domain controller?

We have a windows domain controller server, which is currently acting as our gateway and firewall. We want to install a linksys router and convert the domain controller server to a simple file server.

Reason being is this is a small home office setup (3 of us), and the IT person that set it up for them origonally sold them on the idea of a bigger and more complex setup than what was needed, and now we are trapped having to pay him to configure anything for us because the setup is far to complicated for me or anyone to manage.

I want to convert the setup to a simpler setup with each of our computers connecting to the router and then a network share on the server to access our files.

It seems simple in theory, my question is do we have to disable any services or software on the server? Maybe restore the server to factory defaults and configure it again?

As of right now, it controls everything, so I assume that I would need to disable DNS and DHCP?

Thanks for your help!

What needs to be done here? Do I need to disable
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


You would need to demote the server by running the dcpromo wizard at the server console, and choosing the option to Demote it and uninstall Active Directory from the server. If you want the router to handle DNS and DHCP, you would need to uninstall these roles server-side by using the 'Manage your Server' wizard.

Don't forget that if you demote it from Domain Controller, all the workstations have to be moved back into a non-managed workgroup, and this means you would no longer have any password synchronization between stations. You would have to keep user accounts and their passwords the same on the server and all the workstations, otherwise you can just imagine the Administrative nightmare you will end up in.

Personally, I would look to learn how to use Active Directory to its full potential, and then leave the server as a Domain Controller and utilise its immense number of features in the future. It really is a timesaver in any environment with more than 1 PC (and, sometimes a server can be justified in single PC environments).

jdeschnerAuthor Commented:
Thanks for the info. I had an idea of the steps, but I wasn't exactly sure what they would be.

As for learning active directory, Is it possible to keep the server as a domain controller, but still utilize a router to access the internet?

What brought this on is our server was down a few days ago when we came in, and we had no internet access what-so-ever until the IT guy got here. As our business is 100% internet based, this is not good... we can handle not having our files for a few hours, but not being able to respond to email or man our live chat system costs us allot of money.

Assuming I move forward with my origonal plan, I assume I would get everyone moved back to a workgroup and thier user accounts tranfered before going ahead with this?

Thanks again!


Hey Jared,

> As for learning active directory, Is it possible to keep the server as a domain controller, but still utilize a router to access the internet?

It certainly is, and that would be my preferred configuration. I would never use a Domain Controller as a gateway, simply because it is an unnecessary security risk and performance detriment on the server. I suspect the IT guy would have installed Server 2003's Routing and Remote Access feature in order to configure the server as a router, and it is very easy to change the setup back.

The procedure would be:

1. Disable the Routing and Remote Access service from 'Services' in Administrative Tools.
2. Disconnect the cable going to your router/modem from the server's NIC card, leaving the other cable to your internal network switch in tact.
3. Install the Linksys device and plug it directly into the main network switch - NOT the server's NIC.
4. Disable the Network Card you unplugged the cable from on the server (in Control Panel > Network Connections), or even better, remove it from the server. I'd suggest before doing either, you modify the network card's properties to set its IP configuration back to 'Obtain IP and DNS automatically', since this will prevent any future conflicts.
5. Change the server's remaining NIC so the Default Gateway is set as the IP of the linksys router. Update the server's DHCP pool settings and any statically IP assigned devices to reference the linksys -not the server- as the router/gateway.

If you did want to still demote it from a DC after doing this, I'd suggest you think again. It really is quite simple to pick up and learn Active Directory in no time, and once you realise the power it gives you, I can't tell you how much you would miss it if you uninstalled it. Plus, file sharing across a workgroup is a lot more difficult than on a domain.

By the way, this server isn't running the Small Business Server Operating System, is it? (If it is, you'll see on the server logon screen "Windows Server for Small Business Server" in the graphic. Let me know if it is - that is VERY important.

Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

jdeschnerAuthor Commented:
Yes, it is running Windows Server 2003 for Small Business Server.
Which Linksys router were you considering, btw?  RVS4000?
Or did you want to add wireless access, too?
jdeschnerAuthor Commented:
Nothing fancy, we have a BEFSR81 (8 port Etherfast Cable/DSL Router) sitting here ready to go. Wireless is not required.

Since the server is running Small Business Server, unfortunately you CANNOT demote it from its Domain Controller role. If you do this, you will break the server since it breaches the SBS licensing restrictions; this means you must keep the server as a Domain Controller, so don't follow my above instructions on how to demote it. If you were to demote it, the server would restart on regular intervals (roughly every hour) in protest of it breaking the licensing agreement.

However, you can change the router out and stop the server acting as a gateway. It is quite simple, and in SBS it is much simpler. Change over the network cables as I mentioned, disable the NICs, then, on the server, open the Server Management console, go to the Internet & Email section and click 'Connect to the Internet'. Follow the wizard and enter all the information when prompted. See for a detailed guide to the wizard.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jdeschnerAuthor Commented:
Everything worked out great. We got it re-configured to work with the router, and we are maintaining the Domain Controller setup. Thanks for your help!
jdeschnerAuthor Commented:
Thanks for your help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.