How to configure 3 servers in my network?

Posted on 2009-04-23
Last Modified: 2012-05-06
I have three servers in my network all behind a firewall.  I am looking for an answer to the best practice on how to configure my network.  This is the functionality I need to support:

1. Mail Server (Exchange)
2. Web Server (IIS)
3. File Server

Currently, this is split into two domains: 1 machine is the mail server and webserver.  It is in it's own domain on the private network (  It is running AD and DNS, and is a DC.  One other server is the file server, and it is in another domain (.org).  It is running AD, is a DC, and is running DNS.  The final server is also in the .org domain, and is currenlty just a back for the main server's AD, so it is also running AD, is a DC, and is running DNS.

My question is this.  Should I keep it this way?  It seems like they should all be in the .net domain, using the same AD.  That way, I don't have to run the Exchange server as a DC, and can demote it to a member server using the AD from the "main" server.  The last server I can use as a backup server in case one of the other servers goes down.

Any comments or suggestions are welcome as to how to configure these servers.

Question by:mdiehly64
    LVL 65

    Accepted Solution

    Running DCPROMO on an Exchange server is not supported. That will usually break Exchange.
    If you only have three servers then ideally they need to be in the same AD domain, two as domain controllers and one as a member server for Exchange. However if you have a public web site running on a server that really shouldn't be part of the domain at all.

    LVL 1

    Author Comment

    Ok, so  you would recommend this:

    Server1: DC / File Server (
    Server2: DC / File Server (
    Server3: Member Server/Exchange (member of
    Server4: Standalone (no AD)/ Web Server (no AD)

    All behind a firewall with forwarding rules.  It sounds like I'd have to reinstall a server (or demote my current backup DC), make it a member server, install Exchange, then move my mailbox store to the new server.  Then remove Exchange from the first server and it becomes a DC for  Then just run DCPROMO on the third server to demote it, then run DCPROMO again to join the domain.  It also sounds like you are recommending that a new machine be set up as the webserver (it gets almost no traffic).
    LVL 65

    Expert Comment

    If the web server gets no traffic, then unless the web site is doing something that means it needs to have network access, throw it out to a host. Web hosting is cheap these days, with more bandwidth than you will ever get - much cheaper and more secure than running your own server.

    LVL 1

    Author Closing Comment

    Since we aren't using OWA, and I already have a machine provisioned for the web, I think I'll keep it in-house.  Zero cost that way, and if I keep it seperate from the domain, I should be ok.  I may even put it in a DMZ by itself.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now