How to configure 3 servers in my network?

I have three servers in my network all behind a firewall.  I am looking for an answer to the best practice on how to configure my network.  This is the functionality I need to support:

1. Mail Server (Exchange)
2. Web Server (IIS)
3. File Server

Currently, this is split into two domains: 1 machine is the mail server and webserver.  It is in it's own domain on the private network (  It is running AD and DNS, and is a DC.  One other server is the file server, and it is in another domain (.org).  It is running AD, is a DC, and is running DNS.  The final server is also in the .org domain, and is currenlty just a back for the main server's AD, so it is also running AD, is a DC, and is running DNS.

My question is this.  Should I keep it this way?  It seems like they should all be in the .net domain, using the same AD.  That way, I don't have to run the Exchange server as a DC, and can demote it to a member server using the AD from the "main" server.  The last server I can use as a backup server in case one of the other servers goes down.

Any comments or suggestions are welcome as to how to configure these servers.

Who is Participating?
MesthaConnect With a Mentor Commented:
Running DCPROMO on an Exchange server is not supported. That will usually break Exchange.
If you only have three servers then ideally they need to be in the same AD domain, two as domain controllers and one as a member server for Exchange. However if you have a public web site running on a server that really shouldn't be part of the domain at all.

mdiehly64Author Commented:
Ok, so  you would recommend this:

Server1: DC / File Server (
Server2: DC / File Server (
Server3: Member Server/Exchange (member of
Server4: Standalone (no AD)/ Web Server (no AD)

All behind a firewall with forwarding rules.  It sounds like I'd have to reinstall a server (or demote my current backup DC), make it a member server, install Exchange, then move my mailbox store to the new server.  Then remove Exchange from the first server and it becomes a DC for  Then just run DCPROMO on the third server to demote it, then run DCPROMO again to join the domain.  It also sounds like you are recommending that a new machine be set up as the webserver (it gets almost no traffic).
If the web server gets no traffic, then unless the web site is doing something that means it needs to have network access, throw it out to a host. Web hosting is cheap these days, with more bandwidth than you will ever get - much cheaper and more secure than running your own server.

mdiehly64Author Commented:
Since we aren't using OWA, and I already have a machine provisioned for the web, I think I'll keep it in-house.  Zero cost that way, and if I keep it seperate from the domain, I should be ok.  I may even put it in a DMZ by itself.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.