Im currently using a W2k3 server as a NAT router, with 2 nics that I use to assign addresses to my LAN. On my LAN I have one domain controller and 3 other xp workstations. Originally I let my netgear router do all the DHCP/NAT and I had both of the computers as domain controllers. But when I setup the first one to do the NAT/DHCP itself, I was unable to get the DHCP server to authorize with Active Directory (the error was unable to contact active directory), so I removed it from the domain so it wouldnt have to and all works fine now. My question is, is it possible to have it be a part of the domain which is on my LAN? Im using my domain controller for internal DNS and the router for the external DNS. If more clarification is needed let me know, thanks.

Which of the two servers is the first DC in the domain? Before enabling DHCP/NAT on the server did you disable it on the router? If not, you should have. Two DHCP server's in one network like that will cause grief. If it were me, I'd bring it up as a standalone server and get DHCP/NAT working on it. Then decide if you really need it to be a DC.

The computer on the internal network is the first (and only right now)DC, the other computer is not. It originally was, but when I made the decision to do internal/external DNS I didn't want the zones to get mixed up. But I had to remove the computer from the domain(on the internal network)altogether because I couldnt connect to it when I set it up to do NAT. So, I have NAT/DHCP working on the standalone server on the external network, with my DC and workstations on the internal network. What I was wanting to do was join my standalone server to the domain (right now it is just part of a workgroup), not necessarily make it a DC since, from what I have read, you dont want two DC with 2 DNS servers hosting internal/external DNS. I hope Im not making it more complicated than it should be, because it's working fine. Let me know if you think I should just leave it as is.

It originally was, but when I made the decision to do internal/external DNS I didn't want the zones to get mixed up. There's no reason for DNS to get the zones mixed up. Properly configured on your DC, it will resolve internal requests. Requests for external resources will be forwarded (providing you've enabled and configured forwarding) to a DNS server on the internet. I always use the provider's DNS in cases like this. It almost sound to me like you presently have your DC running DNS and resolving internal requests....as it should. But, it sounds to me like you have it pointing to the standalone server for external requests. This doesn't make sense. Your DC's DNS should be forwarded to your ISP's DNS servers. This would make the standalone running DNS moot. You only need one DNS server in your AD environment. It can and will handle both internal and external requests. But I had to remove the computer from the domain(on the internal network)altogether because I couldnt connect to it when I set it up to do NAT Without more info, I couldn't tell you exactly why the above happened. To wager a guess, I'd say something to do with IP configuration or it's host records in DNS. What I was wanting to do was join my standalone server to the domain (right now it is just part of a workgroup), not necessarily make it a DC since, from what I have read, you dont want two DC with 2 DNS servers hosting internal/external DNS. As I said above, one DNS server will do both and that's the reason you don't need, or want, two DNS servers. As far as joining it to the domain as server (non-DC) that should be no problem. Just join it as you would any other client or server. First, ensure it has a valid IP in the same subnet as your domain, the DNS address points at your DC (DNS server) and the gateway and subnet mask are correct. If you removed it from the domain following the proper procedure, it should join quickly and easily. I hope Im not making it more complicated than it should be, because it's working fine. Let me know if you think I should just leave it as is. LOL - That's always a possibility. I know I've done that few times myself....overcomplicated things. It's easy to do. Unless you have a workgroup outside your domain, or want one, then by all means, join the server to the domain. What I think you should do isn't as important as what you need/want to do. I suspect if you take your time and do things like joining the server to the domain the proper way, everything should come together and work correctly for you. Don't be shy about reading up information on MS's web site. They have a ton. Unless this is a production environment (ie: this is a home network/domain you're working on) don't worry about messing things up. Breaking things and then fixing them, or redoing it from scratch, is a great way to learn and gain experience.

Thanks for the info, I'll give a little more detail. The reason for the two DNS servers is that I am running split dns, trying to host my registered domain, 1108.us, on the external network for ftp/web etc. I am then hosting 1108.us internally for my LAN also. From what I've read this is the best way to do it when doing NAT/DHCP also. I've been reading a ton of stuff, as I've only gotten into WS2K3/AD etc. two weeks ago, so I'm learning quite a bit although it seems every book/person does things a little differently. My goal is this: Host my domain on an internet accessible server, while running an internal dns server for the same domain for my LAN/workstations. I am also looking to setup a secondary DNS server for 1108.us at a different location although I'd like to get this running first. I'll post you the error I get when trying to join the domain. I think I understand it, but I'm not sure that it can be fixed, or needs to be. Thanks again.

Here's the error: The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain 1108.us: The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.1108.us Common causes of this error include the following: - The DNS SRV records required to locate a domain controller for the domain are not registered in DNS. These records are registered with a DNS server automatically when a domain controller is added to a domain. They are updated by the domain controller at set intervals. This computer is configured to use DNS servers with following IP addresses: 192.168.0.1 71.79.174.143 - One or more of the following zones do not include delegation to its child zone: 1108.us us . (the root zone) This is on the external server. Obviously it has no record for the internal domain controller because it is hosting the same domain. It also is using it's own DNS rather than the controllers. Alright let me know if you have any ideas, thanks.