Bypass DNS server for out of office use

I'm not sure if this is in the right section, please forgive me if I'm wrong.
We are currently trying to add roughly 300 PC's and laptops to out new
domain but one thing is puzzling me.

We are setting the DNS server settings on the laptops to 10.11.254.1 and
10.11.254.2 (which are our DC's) in order to connect each of them to the
domain. However, our laptop users work from home at night and from customer
offices. If these laptops are not on our network at this point and are
looking for the specified DNS server, this will mean that they can't see them.
How can I get around this? Can I set an alternative public DNS server to
avoid problems?

Hello BeckyBoo123,

The users have to create a VPN connection to the network before.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I'm not sure if this is in the right section, please forgive me if I'm
> wrong. We are currently trying to add roughly 300 PC's and laptops to
> out new domain but one thing is puzzling me.
>
> We are setting the DNS server settings on the laptops to 10.11.254.1
> and 10.11.254.2 (which are our DC's) in order to connect each of them
> to the domain. However, our laptop users work from home at night and
> from customer offices. If these laptops are not on our network at this
> point and are looking for the specified DNS server, this will mean
> that they can't see them. How can I get around this? Can I set an
> alternative public DNS server to avoid problems?
>

Thanks for the reply Meinolf,

I can see what you are saying however due to our MD's decsion's they do not
want people out of the office to access the network for confidentiality
reasons.
Is there any other way?

"Meinolf Weber [MVP-DS]" wrote:

> Hello BeckyBoo123,
>
> The users have to create a VPN connection to the network before.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I'm not sure if this is in the right section, please forgive me if I'm
> > wrong. We are currently trying to add roughly 300 PC's and laptops to
> > out new domain but one thing is puzzling me.
> >
> > We are setting the DNS server settings on the laptops to 10.11.254.1
> > and 10.11.254.2 (which are our DC's) in order to connect each of them
> > to the domain. However, our laptop users work from home at night and
> > from customer offices. If these laptops are not on our network at this
> > point and are looking for the specified DNS server, this will mean
> > that they can't see them. How can I get around this? Can I set an
> > alternative public DNS server to avoid problems?
> >
>
>
>

Hello BeckyBoo123,

If they are not allowed to connect remote to the domain, they have to come
to your office to join the domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thanks for the reply Meinolf,
>
> I can see what you are saying however due to our MD's decsion's they
> do not
> want people out of the office to access the network for
> confidentiality
> reasons.
> Is there any other way?
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello BeckyBoo123,
>>
>> The users have to create a VPN connection to the network before.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I'm not sure if this is in the right section, please forgive me if
>>> I'm wrong. We are currently trying to add roughly 300 PC's and
>>> laptops to out new domain but one thing is puzzling me.
>>>
>>> We are setting the DNS server settings on the laptops to 10.11.254.1
>>> and 10.11.254.2 (which are our DC's) in order to connect each of
>>> them to the domain. However, our laptop users work from home at
>>> night and from customer offices. If these laptops are not on our
>>> network at this point and are looking for the specified DNS server,
>>> this will mean that they can't see them. How can I get around this?
>>> Can I set an alternative public DNS server to avoid problems?
>>>

Oh thats a pity.
Ok, so do you mean that we will have to set up a 3rd party software to
initiate the VPN connection or adjust the policy in some way to set it up?

I am a little confused, we currently use Open VPN for certain users but this
is no way linked to Active Directory.


"Meinolf Weber [MVP-DS]" wrote:

> Hello BeckyBoo123,
>
> If they are not allowed to connect remote to the domain, they have to come
> to your office to join the domain.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Thanks for the reply Meinolf,
> >
> > I can see what you are saying however due to our MD's decsion's they
> > do not
> > want people out of the office to access the network for
> > confidentiality
> > reasons.
> > Is there any other way?
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello BeckyBoo123,
> >>
> >> The users have to create a VPN connection to the network before.
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> I'm not sure if this is in the right section, please forgive me if
> >>> I'm wrong. We are currently trying to add roughly 300 PC's and
> >>> laptops to out new domain but one thing is puzzling me.
> >>>
> >>> We are setting the DNS server settings on the laptops to 10.11.254.1
> >>> and 10.11.254.2 (which are our DC's) in order to connect each of
> >>> them to the domain. However, our laptop users work from home at
> >>> night and from customer offices. If these laptops are not on our
> >>> network at this point and are looking for the specified DNS server,
> >>> this will mean that they can't see them. How can I get around this?
> >>> Can I set an alternative public DNS server to avoid problems?
> >>>
>
>
>

Please don't post the same question in different Groups with different
subjects. IT causes endless confusion.

I already dealt with this to a certain extent in another group.

Keeping the question to a single question in the same group under the same
subject in the same thread helps all of us to see what each other is
contributing to the thread. This allows us to follow each others ideas and
to add other ideas and options along the way.

You are not using DHCP. DHCP is a requirement here.

If you don't want them to connect to the company LAN that is fine,...But
then why are you expecting them to you your LAN's DNS??? if they aren't
connecting to the LAN?? It is pointless.

If the laptops are using DHCP then when they go home they would
automatically use the DNS of whatever their ISP connection is.

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"BeckyBoo123" <> wrote in message
news:F7B2EC04-3D56-4F2C-B666-...
> Oh thats a pity.
> Ok, so do you mean that we will have to set up a 3rd party software to
> initiate the VPN connection or adjust the policy in some way to set it up?
>
> I am a little confused, we currently use Open VPN for certain users but
> this
> is no way linked to Active Directory.
>
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello BeckyBoo123,
>>
>> If they are not allowed to connect remote to the domain, they have to
>> come
>> to your office to join the domain.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>
>> > Thanks for the reply Meinolf,
>> >
>> > I can see what you are saying however due to our MD's decsion's they
>> > do not
>> > want people out of the office to access the network for
>> > confidentiality
>> > reasons.
>> > Is there any other way?
>> > "Meinolf Weber [MVP-DS]" wrote:
>> >
>> >> Hello BeckyBoo123,
>> >>
>> >> The users have to create a VPN connection to the network before.
>> >>
>> >> Best regards
>> >>
>> >> Meinolf Weber
>> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> >> confers
>> >> no rights.
>> >> ** Please do NOT email, only reply to Newsgroups
>> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>> >>> I'm not sure if this is in the right section, please forgive me if
>> >>> I'm wrong. We are currently trying to add roughly 300 PC's and
>> >>> laptops to out new domain but one thing is puzzling me.
>> >>>
>> >>> We are setting the DNS server settings on the laptops to 10.11.254.1
>> >>> and 10.11.254.2 (which are our DC's) in order to connect each of
>> >>> them to the domain. However, our laptop users work from home at
>> >>> night and from customer offices. If these laptops are not on our
>> >>> network at this point and are looking for the specified DNS server,
>> >>> this will mean that they can't see them. How can I get around this?
>> >>> Can I set an alternative public DNS server to avoid problems?
>> >>>
>>
>>
>>

In message <196AD86D-0351-49B2-9467->
BeckyBoo123 <> was claimed to have
wrote:

>I'm not sure if this is in the right section, please forgive me if I'm wrong.
>We are currently trying to add roughly 300 PC's and laptops to out new
>domain but one thing is puzzling me.
>
>We are setting the DNS server settings on the laptops to 10.11.254.1 and
>10.11.254.2 (which are our DC's) in order to connect each of them to the
>domain. However, our laptop users work from home at night and from customer
>offices. If these laptops are not on our network at this point and are
>looking for the specified DNS server, this will mean that they can't see them.
>How can I get around this? Can I set an alternative public DNS server to
>avoid problems?

Generally your best bet is to assign DNS servers via DHCP rather then
group policy or hardcoding, this will ensure the laptop can find correct
DNS records from whatever network it's using at the time.

"BeckyBoo123" <> wrote in message
news:F7B2EC04-3D56-4F2C-B666-...
> Oh thats a pity.
> Ok, so do you mean that we will have to set up a 3rd party software to
> initiate the VPN connection or adjust the policy in some way to set it up?
>
> I am a little confused, we currently use Open VPN for certain users but
> this
> is no way linked to Active Directory.

Becky,

I haven't read the other post in the other group, but wihtout searching for
it, normally with a VPN, it would allow connectivity into the internal
network. Once the connection is made, then the laptop can be joined.
However, upon reboot, the new user cannot logon because the VPN connection
would need to be established PRIOR to the logon because there is no cached
credentials yet in order to logon by a user account in the domain that
hasn't been logged on yet. I don't know how OpenVPN works, such as that if
it will allow a Windows VPN setup to connect, but if it did, you can
configure the laptop to offer the ability to sign in with the VPN prior to
logon. This way the user can logon and the initial desktop will be
established.

However I'm seeing that you are not allowing access to the internal network.
This is twofold a catch-22, and a quandrum, because how else will the laptop
join the domain or even a user to logon??

Also, concerning DHCP, and once again without having to find that other post
of yours in the other group (another good reason to not multipost, rather
crossposting would have been the better choice), is that the VPN server must
be able to either offer it's own DHCP service with the internal DNS
addresses (not the ISP's) or pull DHCP addresses from the internal network's
DHCP server.

But getting back to your policies not allowing access, I guess this whole
thing may just be a moot point.

Let me know your thoughts and how you will decide to proceed, or need
additional help with VPNs.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer


For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay

BeckyBoo123 <> wrote:
> I'm not sure if this is in the right section, please forgive me if
> I'm wrong. We are currently trying to add roughly 300 PC's and
> laptops to out new
> domain but one thing is puzzling me.
>
> We are setting the DNS server settings on the laptops to 10.11.254.1
> and
> 10.11.254.2 (which are our DC's) in order to connect each of them to
> the domain. However, our laptop users work from home at night and
> from customer offices. If these laptops are not on our network at
> this point and are looking for the specified DNS server, this will
> mean that they can't see them. How can I get around this? Can I set
> an alternative public DNS server to avoid problems?

Use DCHP. Simple.