connecting three domains

[savvyuser]

Hi Experts,

Is it possible to network three domains joined altogether? I'm bit confused about the current configurations of the company in which I'm working. The situation is that the company has three servers, 1 server each domain. One server served email with 60 users then two servers are sql base server in which served 15 users each. All have DHCP, Active Directory and DNS services working. Now, in my workstation I have 3 NIC installed, network cards are connected onto 3 domains respectively. The heck is, everytime I want to connect services in any domains. I always unjoined my PC from email services then joined the domain I want to use and vice versa. It is not efficient in my work and very tedious. That's why I'm thinking of posting my concerns here so that I have an idea how to configure servers without harming them. By the way, the good thing is each domains are using different subnets. 192.168.7.xxx, 192.168.8.xxx and 192.168.9.xxx.

My second question is, does routing and remote access in windows 2003 can be used as a router to connect them? What should I put on the routing table? Does it have a routing table also.

Hope this would not bother my questions. Thanks for your help in advance.

 

[markdmac]

What a nightmare configuration.

I want to make sure I understand this right. You are saying that you have 3 seperate forests, each with a seperate domain?

Or are they all one forest and 3 seperate domains?

You can enable trusts between the domains so you would not need to change domain memberships.

The fact that you have 3 nics in your PC for this is rediculous. Buy a cheap switch on ebay!

You should be aware that there are major security issues with having SQL loaded on a domain controller. ANd Microsoft does not recommend running Exchange on a DC.

My complete recommendation would be to remove AD from the two SQL boxes and join them to the remaining domain.

Your most ideal situation would be to consolidate the SQL servers. Move all databases to one server and get AD off of it. Remove SQL and AD from the other server. Join it to the Exchange domain. Make it an Exchange server in the same Exchange site. Use the move mailbox wizard to move mailboxes to it. Then uninstall Exchange from the DC.

You would end up with:
1 SQL on a non-DC
2 DC just running AD/DNS File/Print etc
3 Exchange on a non-DC

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[savvyuser]

Yup, three separate forests and domains. Also three separate physical networks.

Can you elaborate if it is okay what are the security issues that would arise when my sql server has domain controller? I would like to know so that I have grounds to change configuration of our network to our boss. I don't have a wider knowledge about computers.

Thanks for sharing your thoughts. It's really appreciated.

 

[markdmac]

The reason you would NEVER want SQL on a DC is for security reasons. There is SQl code that can be executed that when done on a DC allows the user to become a Domain Admin.

Your configuration is non standard and wholely impractical and ignores all best practices.

Take a look at this link:

http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec04.mspx

Which states:

[red]Never install SQL Server on a domain controller.[/red]

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[savvyuser]

Alright, thank you so much....