Newbie here. Have an SBS 2011 server.  I need to create a public URL
that can be accessed thru the internet by Active Directory user:  myappuser
Please provide the steps to accomplish this.  thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What are you trying to do with this url?  Do you already have the service up and running on your internal network?

If so, you just need to configure that subdomain to point to your external IP address through your domain name provider, and forward the ports needed for myapp through your firewall.

As far as access restrictions go, it really depends on what your app is.  You'll have to give us a *lot* more details here or we're just picking at straws.
vledAuthor Commented:
The app that will be running is a mobile app that will be setup by a third party software provider.  I'm not involved in that part, I just have to meet the requirements listed below:

What the software provider requires is this:

1. Is the Web Server role already installed in the server ?  
2. Is HTTP/HTTPS enabled on your router/firewall?
3.  What is the domain and credentials for the Active Directory user: myappuser ?
4.  What is the public URL for your web server?  ( Ex:
5.  What is the public ip address for your web server?

My answers so far, correct me if I'm wrong.
1.  Web server role is installed  - determined by going to Server Manager - roles - shows web server is installed.

2.  HTTP and HTTPS ( 80 and 443) are enabled via port forwarding in the router.

3.  The Active Directory user called myappuser is created and I have the internal domain name.  For now I will call the internal domain name "intdomain".

Number 4 and making sure the user myappuser can access the Public URL is what I need help with.

5.  I'm assumming that the public static ip address being used is the same one that the public URL that I need will be using.

If I can just get as far as creating the public URL and making sure that the AD user myappuser can access it via the internet, then the software app provider can take it from there.

The SBS 2011 server is working fine, they are hosting their email, their internet domain ( what I'm calling "mydomain" is registered at and I'm using's DNS services for their external DNS records - Have the A record pointing to the static public ip address of the SBS 2011 server , and the MX record pointing to  Their internet service provider has the reverse dns pointer.
Adam RayCommented:
Is the mobile app you mentioned going to be hosted by the third party, or are they going to install the app on your in-house server? (Their requirements seem to imply that they will be installing the app on your in-house server, but it's possible they will host the meat of the app and it just needs to communicate with your server for some of it's functionality.

In either case you really need to know what will be accessed/installed on your server.

I'm assuming you have the A records for AND both pointing to the static public IP of your SBS server. (The MX record you setup at points to the A record of setup at So I'll refer to as an A record, as it is the relevant DNS record for your question.)

SBS will have already configured IIS on your server so that the Default Website already is bound to If whatever the app installs on your server gets put on the Default Website, it would make sense to use as the "public URL" in question 4; especially if you have a 3rd party SSL certificate already set up.

But it's a whole different setup if this app will be installed on a different/new "website" in IIS. You would need to bind that website to a different hostname (e.g. and since they mention HTTPS you may also need a separate 3rd party SSL certificate and a second static public IP to forward to your SBS server--depending on the particulars of their needs.

Unfortunately unless they just need the access info to your server (un/pw, url, IP) to access an already existing service (e.g. Outlook Web Access or ActiveSync to a mailbox) you'll likely need to know more about what is going to be put on your server before you can provide them with the info.*

*If this is just a pre-installation survey you may not have to actually do anything to your server yet, they just want to know what the settings will be so they can get things started on their end.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

vledAuthor Commented:
Thanks to all for the info provided so far.  I tried to contact the developer but still have not heard from them.   Will post after I consult with them.
vledAuthor Commented:
After talking to the software app developer, they said they can use the default site accessed via  I just have to install a 3rd party SSL certificate. The app will be installed in the in-house SBS 2011.  So for now I think the problem is solved.

For my understanding:
Would it have been possible to create an A record for using the same static public ip address that is being used now by even if the isp already has a reverse dns for that same static public ip address for ?  

Any links or comments on how to create a new website in IIS and bind that website to a different hostname (e.g.  would be greatly appreciated.

I will wait another day or 2 before awarding points in case anyone has additional input. Thanks a Bunch!
Adam RayCommented:
When using HTTP in IIS 7 (What SBS 2011 uses) you can bind multiple DNS names to one website (e.g. the Default Website). Typically you would just use a single IP address for all DNS names (just set their DNS A records all to the same IP, or use CNAME records to point to the "primary" public DNS name.

But I'm not sure I would try that on an SBS server. It customizes the default website extensively and I wouldn't be surprised if specifying/binding a second DNS name to the default website created problems somewhere.

However--I don't have access to an SBS 2011 box at the moment to check--if the default website is already listening on *:80, meaning all IP addresses/host names not specified elsewhere, you likely could use a DNS name like and have it work just fine without having to change anything in IIS.

But all of that is moot point--it's only applies to HTTP. It's quite a bit more particular when using HTTP (SSL certificate.) The short version is that you can only use one SSL certificate per "website." And unless you get the super expensive certificates, a 3rd party certificate will only work for one DNS name. And with SBS 2011 it wouldn't make sense (may even cause problems if the certificate isn't for the DNS name specified in the SBS setup/wizards (e.g. or if you didn't use the SBS default sub domain of "remote".)

It will make your life allot easier if you get the 3rd party certificate for the DNS name that SBS is set to (and use the SBS wizards to install the certificate. And use that same DNS name for your app.

If you really want to use for your app, you should be able to provided that your app doesn't have to be installed on the default website. The steps for setting it up would be something like this:


Configure your router/firewall to forward the needed ports (e.g. 80,443) from a second public IP to your SBS box. (Not all routers support forwarding ports from multiple public IPs to a single private IP, if yours doesn't you could look at binding two private IPs to the primary LAN adapter on your SBS box (using netsh). But that make break parts of SBS,) so be sure to research it thoroughly before trying it.


In your DNS host, create an A record for your second public IP to point to


Create a new website in IIS and bind it to, port 80 for HTTP, port 443 for HTTPS


Install the 3rd party SSL cert for in the Computer Store, bind it to the new website in IIS.


Make sure the app is installed onto the new website and not the default website. (Remember the third part app developer may not support installing the app to anything other than the default website.)
P.S. If you use godaddy to get basic 3rd party certificate(s) search Google for GoDaddy SSL rather than going to directly. Discounts/coupon codes are readily available.
Adam RayCommented:
As a note/correction on my previous post... I think setting it up that way (using a second public IP--steps 1 and 2--will probably work just fine, but I don't think it would be necessary for IIS. Just setting the A record for to the primary public IP and then proceeding with step 3 should work just fine, I believe.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.