Best advice on managing 2 domains please...

[Ola]

Hello all,

I have had a domain (internal) ADC win2k for a while now,
it has worked perfectly well with no problem on our LAN
(File Server). I have now built another server(Web and
Mail) with our registered domain name. This domainname is
different from the domain on the first server, but is the
prefered domain name for our organization. I am about to
put this new domain on our LANand we do have a fractional
T1 to the internet with a NAT router, but was wondering if
I should run ADMT or let the two servers coexist and if
they do, do I need to migrate users on the first to the
second or a trust relationship would do, and secondly, I
am running DHCP on the new server, is it recommended to
let the first server that used to have a static internal
IP address get its IP from the second one or should it
remain static.

Thanks to all.

 

[Ace Fekay [MVP]]

In

Hello all,

I have had a domain (internal) ADC win2k for a while now,
it has worked perfectly well with no problem on our LAN
(File Server). I have now built another server(Web and
Mail) with our registered domain name. This domainname is
different from the domain on the first server, but is the
prefered domain name for our organization. I am about to
put this new domain on our LANand we do have a fractional
T1 to the internet with a NAT router, but was wondering if
I should run ADMT or let the two servers coexist and if
they do, do I need to migrate users on the first to the
second or a trust relationship would do, and secondly, I
am running DHCP on the new server, is it recommended to
let the first server that used to have a static internal
IP address get its IP from the second one or should it
remain static.

Thanks to all.

Suggest to let them coexist. If the purpose of the second machine is to just
host your domain name, then there is really no need, and recommended not to,
promote it into a domain. If you opt to also host your public domain name,
keep the DNS server for your for AD separate from your DNS for Internet
name, due to security reasons. If you did, I would suggest to forward from
the internal AD DNS to this other DNS.

All and any machines that run services, especially AD or Exchange *must*
have a static address (my opinion but is also the consensus among the
engineers). If IP the changes, it creates issues with resource access,
port-remaps, etc, and especially with AD, DNS, DHCP servers, etc. Only have
one DHCP on the network for your clients.

Now if you are running Exchange, I would suggest to install Exchange on the
current DC. I would change your external MX records to point to your WAN IP
and configure port-remap for port 25 to go to this machine. I would also
suggest to keep Exchange off a DC, due to too much overhead for one machine.
Keep in mind, Exchange can host mutliple domain names. Just to give you an
example, I am hosting 25 domains for my various customers on Exchange 2000
and the domains names have nothing to do with my current AD domain name.

If you were to decide to promote the machine (I really wouldn't), I wouldn't
migrate the users either, since choosing the same name for AD and your
external names causes numerous additional administrative overhead. The
preferred method is to choose a different name, and since you already have
that, you are already ahead of the game!



Suggest to make your current machine a member server in your current domain,
and install Exchange on it. Don't promote it.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory