Active directory configuration between Private and public network RRS feed

  • Question

  • We have setup Active directory in public network and configured additional domain controller in our private network.. every thing is successful. When we create any user in the public AD it is not getting updated in the private ADC, but working in reversal.

    When we tried to run sync commands it is saying that there is a dns issue..please let us know if we are doing any thing wrong and also let us know if we need to create any dns records..

    our public domain name is and this domain is mapped to public ip..

    Friday, December 6, 2013 3:13 AM


All replies

  • im not sure what you mean when you say you put one in public and one in private - are you saying you have a domain controller in your DMZ environment and DC in the same forest on your internal network with a firewall separating them?

    you need to make sure you have all relevant firewalls open. You also need to make sure each server can resolve it'self through DNS.

    What do you mean by the public domain is registered to the public IP?


    Denis Cooper


    Help keep the forums tidy, if this has helped please mark it as an answer

    My Blog


    Friday, December 6, 2013 9:48 AM
  • I have a dc setup with Public ip(Direct Public ip) and configured additional domain control in private ip.. This private ip is mapped to another public ip through firewall.

    DC of public ip is not getting replicated with ADC but ADC is getting replication from DC.

    To make DC replicated with my ADC, wht all the necessary DNS entries should be added..

    if still you are not able to understand my question.. the foolowing will be the simple question..

    How to setup Domain controller in public ip and additional domain controller in private ip of different location..

    Friday, December 6, 2013 12:23 PM
  • Hi,

    According to your description, there is one Domain Controller using Public IP address, right?

    Based on my research, it is not recommended to assign Public IP address to a Domain Controller, because it will bring many security issues to your Active Directory.

    I would suggest you deploy two sites, with both Domain Controllers using Private IP addresses. Domain Controllers can communicate with each other through VPN.

    If there is no way to assign Private IP addresses to these two Domain Controllers, you should at least place a Read-only Domain Controller in the perimeter network.

    Here are some similar threads below I suggest you refer to:

    Join Domain Controller Win 2008 R2 over Public IP from Outside the Company

    Domain Controller with public IP and only a software firewall

    I hope this helps.

    Best Regards,

    Amy Wang

    Wednesday, December 11, 2013 7:06 AM
  • HI 

    i have  public domain name . In my office i configure domain controller using .  problem is the AD member  can open  every site except . can any one help .   

    • Edited by Maung Tan Monday, September 9, 2019 1:34 PM
    Monday, September 9, 2019 1:30 PM