ADDC in server 2008

I assume you mean that it is running as a domain controller?

You first mistake is to have multiple network cards on an AD DC. Bad move.

Secondly a pure 2008 AD DC is not an internet gateway, will not act as such and is not designed as such. Why can the PC's not directly access the internet ?

buy a ethernet router

To Neilsr, thank you for this useful information, I will do exactly as you said.

Now I have server running as a domain controller and DHCP with only one Ethernet connected to switch and all clients got their IPs from DHCP and I joined them to the domain.

Domain controller server IP:
IP: 192.168.0.1
SM: 255.255.255.0
DG:
DNS: 192.168.0.1
Now how I can also make them access internet??

dear Neilsr I have faith that you can help me on this. I did as you said, and now i have one running domain controller with DHCP, and all clients connected and joind to the domain. I can install and run another server to be internet gateway if that is possible, but please guid me how?

many thanks

maybe i need to install over the new server forefront TMG 2010.. this will not be an issue, jusy please show me the way.

If you add the public ip address to the workstation PC as alternated DNS setting can you access the internet.

If you can access the internet with the above setting add the public ip address to the DHCP server to to push the private and public DNS setting to client PC.

NEVER add the public IP as an alternate DNS in a domain environment.. Your wok stations should ONLY ever have the IP of your AD DNS server as its DNS.
What you can do is add the internal IP of you internet router(?) as the default Gateway address for all your workstations, assuming that your internet gateway device  has an internal IP address on the same subnet as your domain computers of 192.168.0.x

yes you are right nelisr,,,

•      DNS has to be installed on a domain controller or AD will never work. The DC should point to itself as primary DNS and another DC as secondary. If you don't have another DC, the secondary should be blank. Do not, under any circumstances, put an external DNS server into the configuration for any machine that is part of the domain. This means DCs, member servers and clients.

Your client should point to the DC for DNS and nothing else. Do not put your ISP's DNS servers on any machine in the domain. Where they do need to (optionally) go is in the DNS forwarders tab on the DNS server. I say optional because you could also just use the root hints built into the DNS server.

http://forums.anandtech.com/archive/index.php/t-2010329.html

neilsr i will try changing DG for the router internal ip...

changing DG will not resolve this problem, because you point your DNS to AD/DC server DNS and as you know ISP needs also a DNS which you should point to it too to resolve internet address.

I think i have to make another server as internet gateway!! what do you think ?

Now, I want to configure the conditional forwarders so that I can specify the specific DNS server for clients so they can access internet .. can you please write it step by step... forgive i bother you so much ,,  :-)

okay i got it from here:
http://msmvps.com/blogs/ad/archive/2008/09/05/how-to-configure-conditional-forwarders-in-windows-server-2008.aspx

but when I delete the conditional forwarders server still forward the clients to internet why?

Because by default the DNS Knows about the root DNS servers. These always exist but of course you dont want to be using them all the time as they would soon collapse under the strain if we all used them!

So are you now all working ok?

Pardon me please for this question: is there a way to restore things and prevent server from forwarding DNS. I just want to know how to restore things like before?

Yes... you are really an expert. My best wishes to you... thank you so much...

I will post another question soon, and I would like to know how i can inform you so you can be there? Do i have to send you private email or something alerts you about my future questions?

many thanks