Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Active directory in Windows server 2008R2, DNS configuration


  • Please log in to reply
8 replies to this topic

#1 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:04:05 AM

Posted 05 February 2011 - 10:54 PM

Hi guys,
Just a question. If somebody is installing Active Directory Domain Services, but their router is set up to handle DNS, DHCP, and so on, is there a way in the dcpromo.exe utility, when it asks you to install the DNS role, to tell the server that that particular role is being held by another device on the network? I'd really be interested to know. Thanks a lot.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:04:05 AM

Posted 06 February 2011 - 12:51 PM

When implementing an AD domain there are only really two options for DNS. One run the DNS server using a windows domain controller ( in either Primary/Secondary or Active Directory Intergrated modes) . Two run the DNS server on another machine using a compatible BIND DNS server. DNS is intergral to the proper functioning of AD since all of the naming, folder locations, server identities are handled through DNS names.

Your router more than likely does not actually "handle" DNS it only passes off the DNS IP addressing information from your ISP to the computers via DHCP. An actual DNS server contains a multitude of records that direct the accessing clients to specific IP's based on the DNS name. On another note using the DHCP server included with windows server is a very good idea over using the router to give addressing since it too is tightly integrated into DNS and AD you can avoid many issues by going this route.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:04:05 AM

Posted 06 February 2011 - 01:30 PM

Thanks. What I'm asking is, how to install that role without affecting the other members of the network, like my family for instance. Will having that installed on the server affect anything but the computers I tell it to? And what about the internet. If I set up DNS forwarding, that will still allow DnS to be passed off to my ISP so that external internet connectivity won't be disturbed, won't it? I'm just trying to get myself exposed to server roles, but at the same time, not disturbing those that don't need to be affected by my experiments and other doings. I am getting that server we talked about. Very soon too. And by the way, kind of off topic, but does Windows Server 2008 R2 foundation have any IIS limits? Thanks.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:04:05 AM

Posted 06 February 2011 - 03:46 PM

If you don't wish to add any of the other computers to the domain then don't use the DHCP on the server. You must use the DNS server however and then configure the DNS to forward to the addresses of your ISP. Even better I would add a router between you and them if you can so you can set up a good domain environment without the worry of affecting your family.

Not real sure about the foundation editionof 2008.
Get your facts first, then you can distort them as you please.
Mark Twain

#5 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:04:05 AM

Posted 06 February 2011 - 07:07 PM

My friend just also gave me a suggestion that I should install DNS on the server, then point all network adapters in the house to my router, the router gets the DNS information from the server, which in turn points the stuff to the public DNs servers at Google so that no connectivity is disturbed. He said that that also bypasses the issue of pointing my laptop's network adapter to a different DNS every time I'm away from my home network. Is that along the lines of what you're thinking?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#6 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:04:05 AM

Posted 07 February 2011 - 05:16 PM

That will only work if you have a static IP from your ISP so you can set the DNS address to point at your server. Otherwise, assuming your using a linksys or equivalent, there is no way to change only the DNS information given out via DHCP. Since you would be using DHCP on the laptop regardless of how you hook things up there should be little to no problem when you go elsewhere.

The best way is to isolate the server using an additional router and then there are no worries.

Oh and after looking a little bit I have not seen anything to suggest there is a limit on connections to a web server hosted via IIS. The only restrictiona are based on people logging on to the network, RRAS, and terminal server connections.
Get your facts first, then you can distort them as you please.
Mark Twain

#7 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:04:05 AM

Posted 07 February 2011 - 05:19 PM

Acording to my friend's situation, she was able to configure her WAN IP as static simply through her router, and she didn't have to ask her ISP. The Verizon folks only gave us one router, so another one would be very difficult. Unless I'm wrong about that?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#8 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,432 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:04:05 AM

Posted 07 February 2011 - 09:55 PM

Any standard consumer router like a linksys will work. Hook up the WAN port to a switch on your network and leave everything at the default but the IP address. Change it to a different network than your home machines. Then the only thing you will probably have to do it configure a static route on the router hooked up to the internet so the return packets can make it back to your servers network.


You don't have to ask but it will lead to problems if you have DHCP assigned IP addresses from your ISP. The problem with setting you IP static is that when the DHCP lease runs out the IP you are using could be reassigned to someone else and you would lose connectivity. Then you would have to re-enable it write the settings down and reset everything back to static just to do it all over again the next time the lease runs out.
Get your facts first, then you can distort them as you please.
Mark Twain

#9 chromebuster

chromebuster
  • Topic Starter

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:04:05 AM

Posted 07 February 2011 - 10:15 PM

Strange. I wonder if my friend also has a switch that he forgot to tell me about? I ask because he told me that the router should handle everything else but the DNS server, which would go to my server, and then my server would forward that back to my ISP. Do most average networks have switches on them? I have a router with only one ethernet port though, or oh yeah, that's on the modem. I don't think we have a switch. I'll ask my friend again about it. I'll even forward this thread to him. Thanks though. It's not coming up for a while, and besides, since the entire server setup and first startup's going to be my network's first demo to be viewable by the public on our web site, at least two of the other members will be there, and my friend to whom I keep referring will be on call for us to get us out of snags so that we get this done right the first time. This server's the Dell PowerEdge T110 I had mentioned in my last thread here. I'm actually getting one! I'm going to use it for all kinds of things (backup server, FTP Server, web server, demo server, mail server, and DNS server if possible). And oh yeah, you can't forget that I might fool with AD if I can work it out with office running for convenient access to working documents in case my laptop's in the other room. Another friend from RI says that I'll have a good time, and that's certainly part of it.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users