Active Directory Inquiry

  • 63 Views
  • Last Post 27 June 2015
JohnGrace posted this 08 June 2015

Hi Everyone, I’m a relative newcomer to networking and am setting up a wired network at home to upskill in this area. I have a question re connecting a Windows Server 2008 R2 machine (AD but not DC) to another Windows Server 2008 R2 machine (AD and DC). What would the IPv4 settings (i.e. IP address, subnet mask, preferred and alternate DNS server; I already know the default gateway setting) need to be on the client non-DC machine to connect to the host DC machine (IP address of 192.168.1.2, subnet mask 255.255.255.0, DNS servers set at 192.168.1.2 and 8.8.8.8)? Thanks in advance for any assistance offered JJohn G.

Order By: Standard | Newest | Votes
Mahdi.Tehrani posted this 08 June 2015

Sorry I didn't understand what exactly do you mean by AD but not DC? If that isn't a DC what do you want to connect to your AD?



Also your subnet mask configuration depends on your network structure. Would you please clarify this?





In general I do not recommend to have public DNS server in your DNS configuration. Instead you can create forwarders.












Sent from my BlackBerry 10 smartphone.















show

















Hi Everyone,

I’m a relative newcomer to networking and am setting up a wired network at home to upskill in this area. I have a question re connecting a Windows Server 2008 R2 machine (AD but not DC) to another Windows Server 2008 R2 machine (AD and

DC). What would the IPv4 settings (i.e. IP address, subnet mask, preferred and alternate DNS server; I already know the default gateway setting) need to be on the client non-DC machine to connect to the host DC machine (IP address of 192.168.1.2, subnet mask

255.255.255.0, DNS servers set at 192.168.1.2 and 8.8.8.8)?

Thanks in advance for any assistance offered

J

John G.

JohnGrace posted this 15 June 2015

Hi MahdiThanks very much for your reply and my apologies for not responding sooner as I’ve had a very busy past few days!Re your questions: Sorry I didn't understand what exactly do you mean by AD but not DC? If that isn't a DC what do you want to connect to your AD?-        I have one Active Directory client machine (without AD Domain Services installed on it, as I’m intending to install Citrix XenDesktop on it – which requires a non-DC server setup) that I’d like to connect to another Active Directory machine, with AD Domain Services installed on it, acting as the Domain Controller. Also your subnet mask configuration depends on your network structure. Would you please clarify this? -        Currently I have both machines (and will connect others also when these two are successfully connected) connected by cable to a Cisco Linksys router. The subnet mask (255.255.255.0) for the DC was automatically assigned when I set the IPv4 address to 192.168.1.2, which I chose as the Default Gateway address is 192.168.1.1    Does this look correct? In general I do not recommend to have public DNS server in your DNS configuration. Instead you can create forwarders. -        OK, can you please explain why it’s not a good idea to have the public DNS servers in the DNS configuration? And how would I create the forwarders for the DNS settings? Please excuse my ignorance regarding some of these basic setup things in relation to Active Directory. I’m learning this to become more familiar with Windows Server in relation to a career change to IT I’m undertaking and any help is much appreciated. Have a good one.John G. 

show

Chris-Dent posted this 15 June 2015

In-line.

Chris

show

JohnGrace posted this 17 June 2015

Hi Chris Thanks very much for your answers to my inquiries.  Re your points to me: “I take it you made the IP for the domain controller static?” -        Yes, the IP address is static (i.e. set in the IPv4 Properties “Use the following IP address” option).“Mixing public and private servers makes it unreliable, you'll get intermittent authentication failures.-        If I set the Preferred DNS server to 192.168.1.2 (pointing to itself), what would an acceptable private Alternate DNS server setting be? If I specify these in the IPv4 Properties option then I take it that I won’t have to created Forwarders? Which is the better option generally, Root Hints or Forwarders?Thanks for your feedback Chris and have a great day.John G.

show

Chris-Dent posted this 17 June 2015

> If

I set the Preferred DNS server to 192.168.1.2 (pointing to itself),

show

ermitanyo posted this 17 June 2015

at über. talking with some one from tech services, my dept.  he's got a visitor badge, so not sure what is up with that. haven't had a chance to talk to him


show

JohnGrace posted this 23 June 2015

Hi Chris Thanks very much for your response, your points are very helpful. If I could please get clarification for a few matters relating to your advice: “Another internal DNS server [as an acceptable private Alternate DNS server] which can host the zone for your AD domain, or can (conditionally) forward to get answers about your internal zone if it somehow can't host.”-        Could this be the AD client machine I’m wanting to connect to the host AD DC server, and also run Citrix XenDesktop on? For my purposes I’m wanting to try and avoid setting up another DC on this network at this point (a private home one for learning on, although I realise in an enterprise environment at least one other DC would be the norm). On the client machine I’m trying to connect, would I need to set the TCP/IPv4 properties for itself to “Obtain an IP address automatically,” or “Use the following IP address”? If it’s the latter, which IP address should I use, the one supplied by using the ipconfig /all command, or something else? And should the Preferred DNS Server be set to the host DC server IP address? Do I need an Alternate DNS Server setting? Thanks for your help Chris, I’m getting closer and know that connection isn’t too far away! Looking forward to your response, have a good one. John G.  

show

Chris-Dent posted this 23 June 2015

Hi John,
If it's just for a lab a single DNS server should suffice really. You could run the DNS service on a member server (or even a client if you explore other DNS services), but it's likely a needless complication and there's little or no benefit really.
You can only use "Obtain an IP address automatically" if you have a DHCP server and it passes down appropriate DNS servers (i.e. the Domain Controller IP). Alternatively, use that and you can just set the DNS server addresses manually (TCP/IP configuration allows this).
If you do that, you need the preferred DNS server to be the Domain Controller. Alternate can remain blank unless you feel you want a second DNS server.
There's no problem setting a static IP either, pick a free on in your range and off you go. The same DNS server settings apply.
Chris

show

JohnGrace posted this 24 June 2015

Hi Chris Thanks very much for that. Well, I tried connecting the AD client to the AD DC host and the client came up with this message: “An Active Directory Domain Controller (AD DC) for the domain "…" could not be contacted” The error was reported as “DNS name does not exist” with the error code being “0x0000232B RCODENAMEERROR”. Here’s how the client and host servers’ IP details are set up:AD only ClientIP address: 192.168.1.100Subnet Mask: 255.255.255.0Default Gateway: 192.168.1.1Preferred DNS Server: 192.168.1.2 AD DC HostIP address: 192.168.1.2Subnet Mask: 255.255.255.0Default Gateway: 192.168.1.1Preferred DNS Server: 192.168.1.2 I’ve tried connecting with the client’s and host’s Alternate DNS Server being set to the Default Gateway IP address (which someone recommended) and also left blank, with the same result. Both machines ping each others’ IP addresses, domain names, and the Default Gateway’s IP address successfully, but still no connection via the domain. The next part of the error message reads: “The DNS SRV records required to locate a AD DC for the domain are not registered in DNS.” I’m pretty sure it’s a relatively straightforward factor(s) that’s causing the error, could you perhaps shed some light? Thanks Chris and all the best. John G. 

show

Chris-Dent posted this 24 June 2015

On the DC, can you open the DNS console, expand Forward Lookup Zones and verify a zone exists for your AD domain? If not you should create an AD Integrated zone and enable secure dynamic updates on it. What did you name the domain when you created your Domain Controller?
Chris

show

JohnGrace posted this 27 June 2015

Hi Chris Thanks for your reply. I’ve opened the DNS console and there is a Forward Lookup Zone listed for the AD domain (see below). I’ve named the domain 2008-server.jshome.com when I created it. The Full Computer Name is Windows.Server.jshome.com There are two Forward Lookup Zone entries in the DNS console, named: msdcs.2008-server.jshome.com and 2008-server.jshome.com  Both of these show as “Type: Active Directory-Integrated”. Just checking re enabling secure dynamic updates for this zone, is that the same as enabling automatic updating and feedback in the Initial Configuration Tasks? Thanks for your feedback Chris, looking forward to your response. Warm regards John G. 

show

Close