There are only three users and there are three servers when the network was
setup the person who installed the network made the first two servers as
Domain Controllers because one server is an exchange server and the other is
an application server and both domains can replicate each other from my
understanding and I think this is a trust domain structure (is this
correct), I am just trying to understand the lingo and be assured that this
is the best way to a secure a network and what is point of making the
exchange as a domain controller and part of trusted structure .

Does making the exchange as a trusted domain controller make the server
vulnerable?

Are there any ideas on whether this is the best approach or is there another
approach that may be better? and is this secure enght

Any ideas would be greatly appreciated as I am still learning and
experimenting.

Second the exchange server is runing as exchange as well as a dc and the
application server is also a seprate dc on the other hand they both
replicate but both are seprate DC. when I go inside Active Directory Site
the two domain are listed and I am 99% sure each one of them is a DC

I don't know why the exchange was setup on a server as a DC is there a
reason behind that.

Is it recommended that exchange should not be a DC and just a part
of DC. I think IIS is runing on the exchange box I have Outlook OWA runing
already

Thank You

Here are the possibilities of how the two domain controllers are configured

1. Two domain controllers in the same domain (No Trust here because they
belong to the same domain)
2. Two domain controllers in two domains in the same forest (Automatic
trust)
3. Two domain controllers in two domains int two different forests (With
explicit trust one way or two way trusts)
4. Two domain controllers in two domains in two different forests (No trust)

First you need to find which of these the configuration is. The list is from
most common down to least common.

The reason why the Exchange server may also be a DC is because you have
setup the Small Business Server Edition.

If you have not bought Small Business Server then you could have 1 DC, 1
Exchange Server and 1 app server which would make

1. Future migration easier
2. Isolate DC patching from Exchange patching
3. Improve performance

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subjected to the terms specified at
http://www.microsoft.com/info/cpyright.htm.



"msw" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> There are only three users and there are three servers when the network
> was
> setup the person who installed the network made the first two servers as
> Domain Controllers because one server is an exchange server and the other
> is
> an application server and both domains can replicate each other from my
> understanding and I think this is a trust domain structure (is this
> correct), I am just trying to understand the lingo and be assured that
> this
> is the best way to a secure a network and what is point of making the
> exchange as a domain controller and part of trusted structure .
>
> Does making the exchange as a trusted domain controller make the server
> vulnerable?
>
> Are there any ideas on whether this is the best approach or is there
> another
> approach that may be better? and is this secure enght
>
> Any ideas would be greatly appreciated as I am still learning and
> experimenting.
>
> Second the exchange server is runing as exchange as well as a dc and the
> application server is also a seprate dc on the other hand they both
> replicate but both are seprate DC. when I go inside Active Directory Site
> the two domain are listed and I am 99% sure each one of them is a DC
>
> I don't know why the exchange was setup on a server as a DC is there a
> reason behind that.
>
> Is it recommended that exchange should not be a DC and just a part
> of DC. I think IIS is runing on the exchange box I have Outlook OWA runing
> already
>
> Thank You
>
>