Re: Setup for unexposed-to-internet domain.



In news:%231O%23QZXtGHA.3264@xxxxxxxxxxxxxxxxxxxx,
Alex Castillo <klmAlexCast_SlwMx@xxxxxxxxxxx> typed:
Hello ..!

On my network, I have three Windows 2003 Server and one Windows 2000
Server which runs different services (MS SQL, Lotus Notes, Sybase
SQL, etc)... I am using no domain for them... they are just part of a
workgroup.
Now, I would like to create a Domain, convert one of my W2003 Servers
to be a PDC for such Domain, and get the other three Win Servers into
the new Domain.

Well, technically there's no such thing as a PDC - all DCs are peers with
the exception of some special roles. But that's not important now. :)


While I'm giving access to my users to the internet, I'm doing so
using a separate router and firewall solution... that means no Server
is involved on delivering Internet Services to any one... and I would
like to keep that as it is.

Sure.

I have no Services been given to anyone outside the company, so I
will not have any name for my Win Servers published to the Internet,
and no one of those Servers will have a public IP address.

OK. But your router/firewall does, and it does NAT, right?

How can I setup that?

I think your subject line is a little misleading - because internet
connectivity and AD have nothing to do with each other. I think you're
really asking, "How do I convert my current Win2k/2003 workgroup to a
domain".

Short answer is: DCpromo.
Longer answer is: You may want to do a little reading before you start, but
overall this isn't that hard to do. DNS is the biggest potential gotcha.



I did some things, but I found several 'warning'
system events on my event log... I list them at the end.

Thank you for your help.

================================================
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11165
Date: 8/1/2006
Time: 8:40:42 AM
User: N/A
Computer: SLWMXWIN4
Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


<snip>

All your clients and servers must specify only your internal (aka AD
integrated, likely) DNS server IPs - no public IPs in their IP config. The
internal DNS server will handle resolution of external queries via
forwarders or root hints, depending on how you set it up.

I'd install DHCP server on one of your servers so all your clients get the
correct info automatically.

You may also want to install WINS (and set the node type in your DHCP scope
as 0x8 ...I think this is option 46).

Hope this helps get you started.


.

Relevant Pages

  • Re: been hit by hacker, servudaemon installed
    ... Every single one of the web servers and internet server operating systems ... Windows, Apache, you name it. ... commands they entered in your IIS server logs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: been hit by hacker, servudaemon installed
    ... >Every single one of the web servers and internet server ... >Windows, Apache, you name it. ... >commands they entered in your IIS server logs. ...
    (microsoft.public.inetserver.iis.security)
  • Re: login attempts
    ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ...
    (microsoft.public.win2000.security)
  • RE: 403 forbidden with new server
    ... if you add the windows server 2003 to your SBS 2003 ... How to install Small Business Server 2003 in an existing Active Directory ... How to configure Internet access in Windows Small Business Server 2003 ... configure ISA server as your Proxy ...
    (microsoft.public.windows.server.sbs)
  • RE: Windows Messenger - Auto Log Off
    ... > Thank you for posting in SBS 2003 newsgroup. ... > error event on the SBS 2003 premium server after upgraded to Windows ... > reset Internet Protocol. ...
    (microsoft.public.windows.server.sbs)
Loading