Your domain controller should absolutely NOT have a public ip address. The "best" configuration will depend on your specific needs and budget, but the minimum requirement will be a firewall of some type, and possibly an additional router, depending on your Internet connection. Only servers providing services to the Internet need static public ip addresses; all of your workstations can use dynamic port address translation (PAT) through one public address, unless you have more than ~60,000 workstations. If you don't understand NAT, PAT, and public vs. private ip addressing, I recommend that you hire a consultant. ============= If you have a block of real IP address assigned to you by your service provider and they are registered in your company name then you can assign those IP address to the servers you want. Assigning an IP address to a domain controller or an Exchange server is simple , just go the properties of the network card and assign the desired IP with a subnet mask and default gateway. ============= Be very careful assigning a public IP address to a host. You should have some method of filtering traffic, such as a firewall, to/from this host. Otherwise, all services running on that host will be exposed to the public internet. That is a frightening thought because there could be a vulnerable service exposed. Hackers could use this vulnerable service to exploit an "pwn" - or take over your server. The best method is to use some type of network address translation (NAT) and map an IP address to this host and filter traffic for specific ports as previously mentioned. Let us know if you need additional assistance. In the IT trenches? So am I - read my <a href="http://itknowledgeexchange.techtarget.com/it-trenches">IT-Trenches blog</a>

Your domain controller should absolutely NOT have a public ip address. The "best" configuration will depend on your specific needs and budget, but the minimum requirement will be a firewall of some type, and possibly an additional router, depending on your Internet connection. Only servers providing services to the Internet need static public ip addresses; all of your workstations can use dynamic port address translation (PAT) through one public address, unless you have more than ~60,000 workstations. If you don't understand NAT, PAT, and public vs. private ip addressing, I recommend that you hire a consultant. ============= If you have a block of real IP address assigned to you by your service provider and they are registered in your company name then you can assign those IP address to the servers you want. Assigning an IP address to a domain controller or an Exchange server is simple , just go the properties of the network card and assign the desired IP with a subnet mask and default gateway. ============= Be very careful assigning a public IP address to a host. You should have some method of filtering traffic, such as a firewall, to/from this host. Otherwise, all services running on that host will be exposed to the public internet. That is a frightening thought because there could be a vulnerable service exposed. Hackers could use this vulnerable service to exploit an "pwn" - or take over your server. The best method is to use some type of network address translation (NAT) and map an IP address to this host and filter traffic for specific ports as previously mentioned. Let us know if you need additional assistance. In the IT trenches? So am I - read my <a href="http://itknowledgeexchange.techtarget.com/it-trenches">IT-Trenches blog</a>