DHCP box and Windows 2003 Server Domain Controller documentation

[Guest Tarh ik]

Hi Everybody!

 

I'd really appreciate if someone could tell me about some documentation

I could read in the Microsoft Web Site that will help me understand how the

following four items can talk in the same language:

* A Router/DHCP Box (call it a D-Link, a Cisco, a 3Com, a Linksys, etc)

* Windows 2003 Server as a Domain Controller (with Active Directory)

* Windows Vista

* Windows XP

 

The reason I'm asking is because we are doing some weird stuff to keep

our network working, and although it works, these solutions might generate

some issues in the future.

 

Here is what we did:

 

* We installed the DNS services in our Domain Controller (Windows 2003

Server) so the XP computers could see each other. I feel that this was a

mistake as our Internet Service Provider is providing DNS services as well.

So far, they haven't been in conflict. Not yet, anyway.

* We assigned a static IP address to our Domain Controller.

* On the XP Computers, we explicitly set the primary DSN as our Domain

Controller and the secondary DSN as our DHCP/Router box, so the computers

could boot in a timely manner (without this, they don't do a thing for at

least 30 seconds right after login). This made me question the effectiveness

of the Dynamic Host Configuration Protocol.

* On the Vista computer, we had to add the domain name as the suffix in the

DSN configuration, so we could join it to the Domain.

 

Someone told me that we needed to install the DHCP services in the

Domain Server. That would mean to have two DHCP entities in the same network,

which usually causes network disconnections - I know that by experience.

 

These issues started when we migrated to Windows 2003 Server.

 

Any help is greatly appreciated!!!

 

Best Regards,

 

Tarh Ik

[Guest Lanwench [MVP - Exchange]]

Re: DHCP box and Windows 2003 Server Domain Controller documentation

 

Tarh ik <Tarhik@discussions.microsoft.com> wrote:

> Hi Everybody!

 

Hi - replies are inline.

>

> I'd really appreciate if someone could tell me about some

> documentation I could read in the Microsoft Web Site that will help

> me understand how the following four items can talk in the same

> language:

> * A Router/DHCP Box (call it a D-Link, a Cisco, a 3Com, a Linksys,

> etc)

 

Take DHCP off the router and put it on the server (disable it on the router

first or you won't be able to set it up)

> * Windows 2003 Server as a Domain Controller (with Active Directory)

> * Windows Vista

> * Windows XP

>

> The reason I'm asking is because we are doing some weird stuff to

> keep our network working, and although it works, these solutions

> might generate some issues in the future.

>

> Here is what we did:

>

> * We installed the DNS services in our Domain Controller (Windows 2003

> Server)

 

AD-integrated, one hopes....

> so the XP computers could see each other. I feel that this

> was a mistake as our Internet Service Provider is providing DNS

> services as well.

 

Ah. No, you definitely needed to do that. This is a big deal. You *have* to

have internal DNS set up properly if you want AD to work. None of your

workstations or servers should have anything other than the *internal*

AD-integrated DNS server IP in their ip config. Your DNS server (your DC)

should use forwarders to your ISP's DNS servers to handle external queries.

 

This is the first thing you need to fix - make sure you're running

AD-integrated DNS on your DC. Make sure your DC points *only* at its own LAN

IP for DNS and has the correct DNS suffix. Then, make sure your workstations

are set up the same way.

> So far, they haven't been in conflict. Not yet,

> anyway.

> * We assigned a static IP address to our Domain Controller.

 

I'd sure hope so!

>

> * On the XP Computers, we explicitly set the primary DSN as our Domain

> Controller and the secondary DSN as our DHCP/Router box,

 

No - take this out. Only one DNS server IP (unless you have multiple

internal DNS servers for your AD domain). Not the LAN IP of your router, and

not your ISP's DNS servers.

 

And you should really use DHCP for this - DHCP running on your DC, not on

your router.

> so the

> computers could boot in a timely manner (without this, they don't do

> a thing for at least 30 seconds right after login). This made me

> question the effectiveness of the Dynamic Host Configuration Protocol.

 

Nothing to do with DHCP - you've got DNS problems.

> * On the Vista computer, we had to add the domain name as the suffix

> in the DSN configuration, so we could join it to the Domain.

 

Your DHCP server should be dishing out the primary DNS suffix mydomain.local

(or whatever you use). To *all* workstations.

>

> Someone told me that we needed to install the DHCP services in the

> Domain Server. That would mean to have two DHCP entities in the same

> network, which usually causes network disconnections - I know that by

> experience.

 

No - see above.

>

> These issues started when we migrated to Windows 2003 Server.

 

From what? You can't have had a functional AD before. :-)

>

> Any help is greatly appreciated!!!

>

> Best Regards,

>

> Tarh Ik

 

Hope the above helps.

[Guest Danny Sanders]

Re: DHCP box and Windows 2003 Server Domain Controller documentation

 

> * We installed the DNS services in our Domain Controller (Windows 2003

> Server) so the XP computers could see each other. I feel that this was a

> mistake as our Internet Service Provider is providing DNS services as

> well.

> So far, they haven't been in conflict. Not yet, anyway.

 

Actually this is correct. AD MUST have a DNS server set up for the AD

domain. AD clients must point to the DNS server set up for the AD domain

ONLY. AD DCs MUST register their SRV records in DNS so AD clients can find

them. You don't want and your public ISP having anything to do with your

PRIVATE AD DNS records. You want your AD clients to look to your DNS server

first to be able to find resources on your domain. If they need resources

not on your domain (the entire Internet) you want to forward that request to

your ISP. In your case you would forward to your router which probably

forwards to your ISP.

> * We assigned a static IP address to our Domain Controller.

 

Correct

> * On the XP Computers, we explicitly set the primary DSN as our Domain

> Controller and the secondary DSN as our DHCP/Router box, so the computers

> could boot in a timely manner (without this, they don't do a thing for at

> least 30 seconds right after login). This made me question the

> effectiveness

> of the Dynamic Host Configuration Protocol.

 

I'm assuming you mean DNS not DSN? If so pointing AD clients to a DNS server

that is not setup for the AD domain (your router) as primary will cause long

log in times. An AD client using a DNS server not set up for the AD domain

(your router) and using that DNS server as Alternate (the way you have it

setup) will cause a whole different set of problems. Mapped drives get

disconnected, if the Primary DNS server goes down and the AD client has to

use the alternate DNS server that is not setup for the AD domain you will

see long log in times when that server is used.

> could boot in a timely manner (without this, they don't do a thing for at

> least 30 seconds right after login). This made me question the

> effectiveness

> of the Dynamic Host Configuration Protocol.

 

Actually this is a DNS issue. An AD client MUST find the SRV records for

your domain in order to *find* the domain. That is why you need a DNS server

set up for the AD domain. You must use a DNS server that supports SRV

records. Does your router support SRV records? Most likely not.

 

Basic AD DNS setup is install DNS on the DC. Point the DC to itself for DNS

in the properties of TCP/IP. When the netlogon service runs the server will

register it's SRV records the AD clients need to find, in DNS.

Point all AD clients to the DNS server setup for the AD domain ONLY. Servers

are AD clients also. This way AD clients will find the SRV records in the

DNS zone and login properly.

For Internet access configure the AD DNS server to forward requests and list

the (usually ISP's dns server but in your case you should use the router)

This is the ONLY place on an AD domain where your ISP's (your router) should

be listed. Only as a forwarder.

 

I would suggest turning off the DHCP on the router and use the DHCP on the

Windows 2003 server. Use the router as a forwarder on your AD DNS server.

 

 

hth

DDS

 

 

"Tarh ik" <Tarhik@discussions.microsoft.com> wrote in message

news:0285D5C8-E9F5-424B-A20F-DA56E7ABF23E@microsoft.com...

> Hi Everybody!

>

> I'd really appreciate if someone could tell me about some

> documentation

> I could read in the Microsoft Web Site that will help me understand how

> the

> following four items can talk in the same language:

> * A Router/DHCP Box (call it a D-Link, a Cisco, a 3Com, a Linksys, etc)

> * Windows 2003 Server as a Domain Controller (with Active Directory)

> * Windows Vista

> * Windows XP

>

> The reason I'm asking is because we are doing some weird stuff to keep

> our network working, and although it works, these solutions might generate

> some issues in the future.

>

> Here is what we did:

>

> * We installed the DNS services in our Domain Controller (Windows 2003

> Server) so the XP computers could see each other. I feel that this was a

> mistake as our Internet Service Provider is providing DNS services as

> well.

> So far, they haven't been in conflict. Not yet, anyway.

> * We assigned a static IP address to our Domain Controller.

> * On the XP Computers, we explicitly set the primary DSN as our Domain

> Controller and the secondary DSN as our DHCP/Router box, so the computers

> could boot in a timely manner (without this, they don't do a thing for at

> least 30 seconds right after login). This made me question the

> effectiveness

> of the Dynamic Host Configuration Protocol.

> * On the Vista computer, we had to add the domain name as the suffix in

> the

> DSN configuration, so we could join it to the Domain.

>

> Someone told me that we needed to install the DHCP services in the

> Domain Server. That would mean to have two DHCP entities in the same

> network,

> which usually causes network disconnections - I know that by experience.

>

> These issues started when we migrated to Windows 2003 Server.

>

> Any help is greatly appreciated!!!

>

> Best Regards,

>

> Tarh Ik

>

>

>

>

>

>

[Guest Tarh ik]

Re: DHCP box and Windows 2003 Server Domain Controller documentati

 

Re: DHCP box and Windows 2003 Server Domain Controller documentati

 

 

Hi Lanwench!!!

 

Thank you very much!!! This is starting to make sense now. Changing the

configuration of the Domain Controller will take some planning, but it is

certainly worth it!

 

Thanks!!! I owe you one!!!

 

Best Regards,

 

Tarh Ik

 

"Lanwench [MVP - Exchange]" wrote:

> Tarh ik <Tarhik@discussions.microsoft.com> wrote:

> > Hi Everybody!

>

> Hi - replies are inline.

>

> >

> > I'd really appreciate if someone could tell me about some

> > documentation I could read in the Microsoft Web Site that will help

> > me understand how the following four items can talk in the same

> > language:

> > * A Router/DHCP Box (call it a D-Link, a Cisco, a 3Com, a Linksys,

> > etc)

>

> Take DHCP off the router and put it on the server (disable it on the router

> first or you won't be able to set it up)

>

> > * Windows 2003 Server as a Domain Controller (with Active Directory)

> > * Windows Vista

> > * Windows XP

> >

> > The reason I'm asking is because we are doing some weird stuff to

> > keep our network working, and although it works, these solutions

> > might generate some issues in the future.

> >

> > Here is what we did:

> >

> > * We installed the DNS services in our Domain Controller (Windows 2003

> > Server)

>

> AD-integrated, one hopes....

>

> > so the XP computers could see each other. I feel that this

> > was a mistake as our Internet Service Provider is providing DNS

> > services as well.

>

> Ah. No, you definitely needed to do that. This is a big deal. You *have* to

> have internal DNS set up properly if you want AD to work. None of your

> workstations or servers should have anything other than the *internal*

> AD-integrated DNS server IP in their ip config. Your DNS server (your DC)

> should use forwarders to your ISP's DNS servers to handle external queries.

>

> This is the first thing you need to fix - make sure you're running

> AD-integrated DNS on your DC. Make sure your DC points *only* at its own LAN

> IP for DNS and has the correct DNS suffix. Then, make sure your workstations

> are set up the same way.

>

> > So far, they haven't been in conflict. Not yet,

> > anyway.

> > * We assigned a static IP address to our Domain Controller.

>

> I'd sure hope so!

> >

> > * On the XP Computers, we explicitly set the primary DSN as our Domain

> > Controller and the secondary DSN as our DHCP/Router box,

>

> No - take this out. Only one DNS server IP (unless you have multiple

> internal DNS servers for your AD domain). Not the LAN IP of your router, and

> not your ISP's DNS servers.

>

> And you should really use DHCP for this - DHCP running on your DC, not on

> your router.

>

> > so the

> > computers could boot in a timely manner (without this, they don't do

> > a thing for at least 30 seconds right after login). This made me

> > question the effectiveness of the Dynamic Host Configuration Protocol.

>

> Nothing to do with DHCP - you've got DNS problems.

>

> > * On the Vista computer, we had to add the domain name as the suffix

> > in the DSN configuration, so we could join it to the Domain.

>

> Your DHCP server should be dishing out the primary DNS suffix mydomain.local

> (or whatever you use). To *all* workstations.

> >

> > Someone told me that we needed to install the DHCP services in the

> > Domain Server. That would mean to have two DHCP entities in the same

> > network, which usually causes network disconnections - I know that by

> > experience.

>

> No - see above.

> >

> > These issues started when we migrated to Windows 2003 Server.

>

> From what? You can't have had a functional AD before. :-)

> >

> > Any help is greatly appreciated!!!

> >

> > Best Regards,

> >

> > Tarh Ik

>

> Hope the above helps.

>

>

>

[Guest Tarh ik]

Re: DHCP box and Windows 2003 Server Domain Controller documentati

 

Re: DHCP box and Windows 2003 Server Domain Controller documentati

 

 

Cool, thanks Danny!! This Active Directory is a very new concept to me.

Now things are starting to make sense!!

 

Thanks!!!!

 

Best Regards,

 

Tarh Ik

 

 

"Danny Sanders" wrote:

> > * We installed the DNS services in our Domain Controller (Windows 2003

> > Server) so the XP computers could see each other. I feel that this was a

> > mistake as our Internet Service Provider is providing DNS services as

> > well.

> > So far, they haven't been in conflict. Not yet, anyway.

>

> Actually this is correct. AD MUST have a DNS server set up for the AD

> domain. AD clients must point to the DNS server set up for the AD domain

> ONLY. AD DCs MUST register their SRV records in DNS so AD clients can find

> them. You don't want and your public ISP having anything to do with your

> PRIVATE AD DNS records. You want your AD clients to look to your DNS server

> first to be able to find resources on your domain. If they need resources

> not on your domain (the entire Internet) you want to forward that request to

> your ISP. In your case you would forward to your router which probably

> forwards to your ISP.

>

> > * We assigned a static IP address to our Domain Controller.

>

> Correct

>

> > * On the XP Computers, we explicitly set the primary DSN as our Domain

> > Controller and the secondary DSN as our DHCP/Router box, so the computers

> > could boot in a timely manner (without this, they don't do a thing for at

> > least 30 seconds right after login). This made me question the

> > effectiveness

> > of the Dynamic Host Configuration Protocol.

>

> I'm assuming you mean DNS not DSN? If so pointing AD clients to a DNS server

> that is not setup for the AD domain (your router) as primary will cause long

> log in times. An AD client using a DNS server not set up for the AD domain

> (your router) and using that DNS server as Alternate (the way you have it

> setup) will cause a whole different set of problems. Mapped drives get

> disconnected, if the Primary DNS server goes down and the AD client has to

> use the alternate DNS server that is not setup for the AD domain you will

> see long log in times when that server is used.

>

> > could boot in a timely manner (without this, they don't do a thing for at

> > least 30 seconds right after login). This made me question the

> > effectiveness

> > of the Dynamic Host Configuration Protocol.

>

> Actually this is a DNS issue. An AD client MUST find the SRV records for

> your domain in order to *find* the domain. That is why you need a DNS server

> set up for the AD domain. You must use a DNS server that supports SRV

> records. Does your router support SRV records? Most likely not.

>

> Basic AD DNS setup is install DNS on the DC. Point the DC to itself for DNS

> in the properties of TCP/IP. When the netlogon service runs the server will

> register it's SRV records the AD clients need to find, in DNS.

> Point all AD clients to the DNS server setup for the AD domain ONLY. Servers

> are AD clients also. This way AD clients will find the SRV records in the

> DNS zone and login properly.

> For Internet access configure the AD DNS server to forward requests and list

> the (usually ISP's dns server but in your case you should use the router)

> This is the ONLY place on an AD domain where your ISP's (your router) should

> be listed. Only as a forwarder.

>

> I would suggest turning off the DHCP on the router and use the DHCP on the

> Windows 2003 server. Use the router as a forwarder on your AD DNS server.

>

>

> hth

> DDS

>

>

> "Tarh ik" <Tarhik@discussions.microsoft.com> wrote in message

> news:0285D5C8-E9F5-424B-A20F-DA56E7ABF23E@microsoft.com...

> > Hi Everybody!

> >

> > I'd really appreciate if someone could tell me about some

> > documentation

> > I could read in the Microsoft Web Site that will help me understand how

> > the

> > following four items can talk in the same language:

> > * A Router/DHCP Box (call it a D-Link, a Cisco, a 3Com, a Linksys, etc)

> > * Windows 2003 Server as a Domain Controller (with Active Directory)

> > * Windows Vista

> > * Windows XP

> >

> > The reason I'm asking is because we are doing some weird stuff to keep

> > our network working, and although it works, these solutions might generate

> > some issues in the future.

> >

> > Here is what we did:

> >

> > * We installed the DNS services in our Domain Controller (Windows 2003

> > Server) so the XP computers could see each other. I feel that this was a

> > mistake as our Internet Service Provider is providing DNS services as

> > well.

> > So far, they haven't been in conflict. Not yet, anyway.

> > * We assigned a static IP address to our Domain Controller.

> > * On the XP Computers, we explicitly set the primary DSN as our Domain

> > Controller and the secondary DSN as our DHCP/Router box, so the computers

> > could boot in a timely manner (without this, they don't do a thing for at

> > least 30 seconds right after login). This made me question the

> > effectiveness

> > of the Dynamic Host Configuration Protocol.

> > * On the Vista computer, we had to add the domain name as the suffix in

> > the

> > DSN configuration, so we could join it to the Domain.

> >

> > Someone told me that we needed to install the DHCP services in the

> > Domain Server. That would mean to have two DHCP entities in the same

> > network,

> > which usually causes network disconnections - I know that by experience.

> >

> > These issues started when we migrated to Windows 2003 Server.

> >

> > Any help is greatly appreciated!!!

> >

> > Best Regards,

> >

> > Tarh Ik

> >

> >

> >

> >

> >

> >

>

>

>

[Guest Lanwench [MVP - Exchange]]

Re: DHCP box and Windows 2003 Server Domain Controller documentati

 

Re: DHCP box and Windows 2003 Server Domain Controller documentati

 

Tarh ik <Tarhik@discussions.microsoft.com> wrote:

> Hi Lanwench!!!

>

> Thank you very much!!! This is starting to make sense now.

> Changing the configuration of the Domain Controller will take some

> planning, but it is certainly worth it!

>

> Thanks!!! I owe you one!!!

>

> Best Regards,

>

> Tarh Ik

 

You're most welcome. This shouldn't be that big a deal to fix, really, esp.

on a small-ish network.

 

>

> "Lanwench [MVP - Exchange]" wrote:

>

>> Tarh ik <Tarhik@discussions.microsoft.com> wrote:

>>> Hi Everybody!

>>

>> Hi - replies are inline.

>>

>>>

>>> I'd really appreciate if someone could tell me about some

>>> documentation I could read in the Microsoft Web Site that will help

>>> me understand how the following four items can talk in the same

>>> language:

>>> * A Router/DHCP Box (call it a D-Link, a Cisco, a 3Com, a Linksys,

>>> etc)

>>

>> Take DHCP off the router and put it on the server (disable it on the

>> router first or you won't be able to set it up)

>>

>>> * Windows 2003 Server as a Domain Controller (with Active Directory)

>>> * Windows Vista

>>> * Windows XP

>>>

>>> The reason I'm asking is because we are doing some weird stuff

>>> to keep our network working, and although it works, these solutions

>>> might generate some issues in the future.

>>>

>>> Here is what we did:

>>>

>>> * We installed the DNS services in our Domain Controller (Windows

>>> 2003 Server)

>>

>> AD-integrated, one hopes....

>>

>>> so the XP computers could see each other. I feel that this

>>> was a mistake as our Internet Service Provider is providing DNS

>>> services as well.

>>

>> Ah. No, you definitely needed to do that. This is a big deal. You

>> *have* to have internal DNS set up properly if you want AD to work.

>> None of your workstations or servers should have anything other than

>> the *internal* AD-integrated DNS server IP in their ip config. Your

>> DNS server (your DC) should use forwarders to your ISP's DNS servers

>> to handle external queries.

>>

>> This is the first thing you need to fix - make sure you're running

>> AD-integrated DNS on your DC. Make sure your DC points *only* at its

>> own LAN IP for DNS and has the correct DNS suffix. Then, make sure

>> your workstations are set up the same way.

>>

>>> So far, they haven't been in conflict. Not yet,

>>> anyway.

>>> * We assigned a static IP address to our Domain Controller.

>>

>> I'd sure hope so!

>>>

>>> * On the XP Computers, we explicitly set the primary DSN as our

>>> Domain Controller and the secondary DSN as our DHCP/Router box,

>>

>> No - take this out. Only one DNS server IP (unless you have multiple

>> internal DNS servers for your AD domain). Not the LAN IP of your

>> router, and not your ISP's DNS servers.

>>

>> And you should really use DHCP for this - DHCP running on your DC,

>> not on your router.

>>

>>> so the

>>> computers could boot in a timely manner (without this, they don't do

>>> a thing for at least 30 seconds right after login). This made me

>>> question the effectiveness of the Dynamic Host Configuration

>>> Protocol.

>>

>> Nothing to do with DHCP - you've got DNS problems.

>>

>>> * On the Vista computer, we had to add the domain name as the suffix

>>> in the DSN configuration, so we could join it to the Domain.

>>

>> Your DHCP server should be dishing out the primary DNS suffix

>> mydomain.local (or whatever you use). To *all* workstations.

>>>

>>> Someone told me that we needed to install the DHCP services in

>>> the Domain Server. That would mean to have two DHCP entities in the

>>> same network, which usually causes network disconnections - I know

>>> that by experience.

>>

>> No - see above.

>>>

>>> These issues started when we migrated to Windows 2003 Server.

>>

>> From what? You can't have had a functional AD before. :-)

>>>

>>> Any help is greatly appreciated!!!

>>>

>>> Best Regards,

>>>

>>> Tarh Ik

>>

>> Hope the above helps.