W2K3 AD on small home network

I have a home network I wish to setup W2K3 Active Directory and DNS on for 5
XP Pro (SP3) clients. The network address is 192.168.1.0 and I connect to
the Internet over a simple wireless router, which at present provides a DHCP
service. Currently the PCs (pre AD, so still in a workgroup) are picking up
a 192.168.1.x address and preferred DNS is 192.168.1.1. I guess DNS is
managed by the ISP.

My question is what is the best way to set up AD and DNS? Should I install
AD and let DNS install at the same time? Or should I configure DNS first? I
know that the server running AD should NOT be multi-homed, and at present it
is picking up a 192.168.1.2 address (and preferred DNS is 192.168.1.1) from
the router.

If I do configure DNS on the server for the 'mydomain.local' zone how do I
ensure it does not conflict with the DNS being provided by my ISP?

Thanks, Anastas

Hello Mikoyan,

Normally you should disable DHCP on the router, but as you need wireless
connectivity leave it running. Configure a fixed ip address for the DC/DNS
server and exclude this address from the DHCP range on the router. Make SURE
all domain machines use the DC/DNS server as DNS server address on the NIC,
NOT the router. You will run into trouble if the router is used for DNS on
the domain machines. Configure the FORWARDER on the DNS server properties
to your ISPs DNS server, so internet access is no problem.

Install DNS when running dcpromo, you will be asked for.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have a home network I wish to setup W2K3 Active Directory and DNS on
> for 5 XP Pro (SP3) clients. The network address is 192.168.1.0 and I
> connect to the Internet over a simple wireless router, which at
> present provides a DHCP service. Currently the PCs (pre AD, so still
> in a workgroup) are picking up a 192.168.1.x address and preferred DNS
> is 192.168.1.1. I guess DNS is managed by the ISP.
>
> My question is what is the best way to set up AD and DNS? Should I
> install AD and let DNS install at the same time? Or should I configure
> DNS first? I know that the server running AD should NOT be
> multi-homed, and at present it is picking up a 192.168.1.2 address
> (and preferred DNS is 192.168.1.1) from the router.
>
> If I do configure DNS on the server for the 'mydomain.local' zone how
> do I ensure it does not conflict with the DNS being provided by my
> ISP?
>
> Thanks, Anastas
>

Thank you Meinolf
<Meinolf Weber [MVP-DS]> wrote in message
news:. com...
> Hello Mikoyan,
>
> Normally you should disable DHCP on the router, but as you need wireless
> connectivity leave it running. Configure a fixed ip address for the DC/DNS
> server and exclude this address from the DHCP range on the router. Make
> SURE all domain machines use the DC/DNS server as DNS server address on
> the NIC, NOT the router. You will run into trouble if the router is used
> for DNS on the domain machines. Configure the FORWARDER on the DNS server
> properties to your ISPs DNS server, so internet access is no problem.
>
> Install DNS when running dcpromo, you will be asked for.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have a home network I wish to setup W2K3 Active Directory and DNS on
>> for 5 XP Pro (SP3) clients. The network address is 192.168.1.0 and I
>> connect to the Internet over a simple wireless router, which at
>> present provides a DHCP service. Currently the PCs (pre AD, so still
>> in a workgroup) are picking up a 192.168.1.x address and preferred DNS
>> is 192.168.1.1. I guess DNS is managed by the ISP.
>>
>> My question is what is the best way to set up AD and DNS? Should I
>> install AD and let DNS install at the same time? Or should I configure
>> DNS first? I know that the server running AD should NOT be
>> multi-homed, and at present it is picking up a 192.168.1.2 address
>> (and preferred DNS is 192.168.1.1) from the router.
>>
>> If I do configure DNS on the server for the 'mydomain.local' zone how
>> do I ensure it does not conflict with the DNS being provided by my
>> ISP?
>>
>> Thanks, Anastas
>>
>
>

Jonathan,
Thank you for taking the time to reply. I am in the process of reading and
reflecting upon
the content in the links you provided.

Best Regards, Anastas.
"J de Boyne Pollard" <> wrote in message
news:37228576-9e12-4971-9932-...
>M> Currently the PCs (pre AD, so still in a workgroup) are
> M> picking up a 192.168.1.x address and preferred DNS
> M> is 192.168.1.1. I guess DNS is managed by the ISP.
>
> Don't guess; know. You *know* what the IP address 192.168.1.1 is
> assigned to. So you know where your proxy DNS service is (most
> immediately) being obtained from.
>
> M> If I do configure DNS on the server for the 'mydomain.local'
> M> zone how do I ensure it does not conflict with the DNS
> M> being provided by my ISP?
>
> ... by first of all working out that your ISP isn't necessarily
> providing (on your behalf, to the world) any content DNS service *at
> all*. You've given no indication that it is, and there's nothing
> whatever in what you've said to imply that it is. You've not given
> any indication that you even own a domain name in the first place.
>
> <URL:http://homepage.ntlworld.com./jonath...llard/FGA/dns-
> server-roles.html>
>
> And when you've done that, read about split horizon DNS service.
>
> <URL:http://homepage.ntlworld.com./jonath...llard/FGA/dns-
> split-horizon.html>
> <URL:http://homepage.ntlworld.com./jonath...llard/FGA/dns-
> split-horizon-common-server-names.html>
>
> And when you've done *that*, it's time to note that this advice:
>
> MW> Configure the FORWARDER on the DNS server
> MW> properties to your ISPs DNS server, so internet
> MW> access is no problem.
>
> isn't necessarily good advice. Whether to use a forwarding proxy DNS
> server or a resolving proxy DNS server depends from several factors,
> and isn't a simple "You should always do this." decision.
>
> <URL:http://homepage.ntlworld.com./jonath...llard/FGA/dns-
> server-roles.html#ChoosingProxy>

Why disable DHCP? For the dc and/or other infrastructure components I can
understand but I have a multitude of devices, handhelds, dvr's, netbook's,
laptop's, etc... To much work, especially if my ISP changes the dns server,
which has happened to me.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

<Meinolf Weber [MVP-DS]> wrote in message
news:. com...
> Hello Mikoyan,
>
> Normally you should disable DHCP on the router, but as you need wireless
> connectivity leave it running. Configure a fixed ip address for the DC/DNS
> server and exclude this address from the DHCP range on the router. Make
> SURE all domain machines use the DC/DNS server as DNS server address on
> the NIC, NOT the router. You will run into trouble if the router is used
> for DNS on the domain machines. Configure the FORWARDER on the DNS server
> properties to your ISPs DNS server, so internet access is no problem.
>
> Install DNS when running dcpromo, you will be asked for.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have a home network I wish to setup W2K3 Active Directory and DNS on
>> for 5 XP Pro (SP3) clients. The network address is 192.168.1.0 and I
>> connect to the Internet over a simple wireless router, which at
>> present provides a DHCP service. Currently the PCs (pre AD, so still
>> in a workgroup) are picking up a 192.168.1.x address and preferred DNS
>> is 192.168.1.1. I guess DNS is managed by the ISP.
>>
>> My question is what is the best way to set up AD and DNS? Should I
>> install AD and let DNS install at the same time? Or should I configure
>> DNS first? I know that the server running AD should NOT be
>> multi-homed, and at present it is picking up a 192.168.1.2 address
>> (and preferred DNS is 192.168.1.1) from the router.
>>
>> If I do configure DNS on the server for the 'mydomain.local' zone how
>> do I ensure it does not conflict with the DNS being provided by my
>> ISP?
>>
>> Thanks, Anastas
>>
>
>

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:...
> Why disable DHCP? For the dc and/or other infrastructure components I can
> understand but I have a multitude of devices, handhelds, dvr's, netbook's,
> laptop's, etc... To much work, especially if my ISP changes the dns
> server, which has happened to me.
>
> --


I'm not sure what you mean by not disabling the router's DHCP, but I just
wanted to point out that in my opinion, I wouldn't use the router's DHCP
service. Many of them provide the router's IP as DNS, and cannot be changed
(like the FIOS Verizon routers), which doesn't work with AD.

Maybe this simple network layout can help the original poster:
http://i966.photobucket.com/albums/a.../Webtechie.jpg


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Looking over the full query I see why Meinolf suggested turning off dhcp.
My mistake, I was not thinking about AD in the infrastructure only as a work
group installation.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"J de Boyne Pollard" <> wrote in message
news:e25abada-a2ad-4eed-86f1-...
> PB> To much work, especially if my ISP changes the dns server,
> PB> which has happened to me.
>
> Therein lies the root of the difference. Other people don't use the
> router-provided or ISP-provided proxy DNS service(s). M. Fekay
> provided one reason for that. There are others. A second is
> mentioned here:
>
> <URL:http://homepage.ntlworld.com./jonath...llard/FGA/dns-
> client-all-proxies-must-provide-same-service.html>
>
> Not wanting the hardwired proxy DNS server that the router-resident
> DHCP server hands out in its leases is one aspect of a more general
> issue: the router-resident DHCP server usually simply *has less
> functionality* than a non-router-resident DHCP server has, either
> hardwiring some things that one wants to vary from manufacturer-
> supplied settings or not supporting the things that one wants to do.
> One example of this latter is Dynamic DNS Update. The Microsoft DHCP
> server is capable of keeping the DNS database automatically up to date
> as IP address leases are handed out, are refreshed, and expire. So is
> the ISC DHCP server. This functionality is rarely available from a
> router-resident DHCP server, however.
>
> The other way to approach this, that I've used myself, is to use the
> router-resident DHCP server but have the DHCP clients simply *ignore*
> the things that it hands out in its leases that are hardwired to
> values that one doesn't want, setting the correct desired values at
> the clients by other means. Of course, as a consequence of this one
> has to live with insecure client-driven DNS database updates, at the
> very least for forward lookup domain names. It's an inferior setup
> for that reason and several others. My experience is that, in
> general, one can only get away with it without major inconvenience if
> lease times are long and there are very low levels of machine churn
> and name churn. Too much name churn, or too many untrustworthy
> machines, and one starts wanting a more functional DHCP server that is
> capable of updating the DNS database. Too much machine churn, with
> too many machines coming and going to have their configurations
> altered by hand to use one's desired proxy services instead of the
> wrong ones that the router-resident DHCP server hands out, and one
> starts wishing for some sort of "Dynamic Host Configuration Protocol"
> mechanism that could be used to do that task automatically. (-: