Hi Everybody!

I'd really appreciate if someone could tell me about some documentation
I could read in the Microsoft Web Site that will help me understand how the
following four items can talk in the same language:
* A Router/DHCP Box (call it a D-Link, a Cisco, a 3Com, a Linksys, etc)
* Windows 2003 Server as a Domain Controller (with Active Directory)
* Windows Vista
* Windows XP

The reason I'm asking is because we are doing some weird stuff to keep
our network working, and although it works, these solutions might generate
some issues in the future.

Here is what we did:

* We installed the DNS services in our Domain Controller (Windows 2003
Server) so the XP computers could see each other. I feel that this was a
mistake as our Internet Service Provider is providing DNS services as well.
So far, they haven't been in conflict. Not yet, anyway.
* We assigned a static IP address to our Domain Controller.
* On the XP Computers, we explicitly set the primary DSN as our Domain
Controller and the secondary DSN as our DHCP/Router box, so the computers
could boot in a timely manner (without this, they don't do a thing for at
least 30 seconds right after login). This made me question the effectiveness
of the Dynamic Host Configuration Protocol.
* On the Vista computer, we had to add the domain name as the suffix in the
DSN configuration, so we could join it to the Domain.

Someone told me that we needed to install the DHCP services in the
Domain Server. That would mean to have two DHCP entities in the same network,
which usually causes network disconnections - I know that by experience.

These issues started when we migrated to Windows 2003 Server.

Any help is greatly appreciated!!!

Best Regards,

Tarh Ik

Tarh ik <Tarhik@discussions.microsoft.com> wrote:
Hi - replies are inline.

Take DHCP off the router and put it on the server (disable it on the router
first or you won't be able to set it up)

AD-integrated, one hopes....

Ah. No, you definitely needed to do that. This is a big deal. You *have* to
have internal DNS set up properly if you want AD to work. None of your
workstations or servers should have anything other than the *internal*
AD-integrated DNS server IP in their ip config. Your DNS server (your DC)
should use forwarders to your ISP's DNS servers to handle external queries.

This is the first thing you need to fix - make sure you're running
AD-integrated DNS on your DC. Make sure your DC points *only* at its own LAN
IP for DNS and has the correct DNS suffix. Then, make sure your workstations
are set up the same way.

I'd sure hope so!
No - take this out. Only one DNS server IP (unless you have multiple
internal DNS servers for your AD domain). Not the LAN IP of your router, and
not your ISP's DNS servers.

And you should really use DHCP for this - DHCP running on your DC, not on
your router.

Nothing to do with DHCP - you've got DNS problems.

Your DHCP server should be dishing out the primary DNS suffix mydomain.local
(or whatever you use). To *all* workstations.
No - see above.
From what? You can't have had a functional AD before. :-)
Hope the above helps.

Actually this is correct. AD MUST have a DNS server set up for the AD
domain. AD clients must point to the DNS server set up for the AD domain
ONLY. AD DCs MUST register their SRV records in DNS so AD clients can find
them. You don't want and your public ISP having anything to do with your
PRIVATE AD DNS records. You want your AD clients to look to your DNS server
first to be able to find resources on your domain. If they need resources
not on your domain (the entire Internet) you want to forward that request to
your ISP. In your case you would forward to your router which probably
forwards to your ISP.

Correct

I'm assuming you mean DNS not DSN? If so pointing AD clients to a DNS server
that is not setup for the AD domain (your router) as primary will cause long
log in times. An AD client using a DNS server not set up for the AD domain
(your router) and using that DNS server as Alternate (the way you have it
setup) will cause a whole different set of problems. Mapped drives get
disconnected, if the Primary DNS server goes down and the AD client has to
use the alternate DNS server that is not setup for the AD domain you will
see long log in times when that server is used.

Actually this is a DNS issue. An AD client MUST find the SRV records for
your domain in order to *find* the domain. That is why you need a DNS server
set up for the AD domain. You must use a DNS server that supports SRV
records. Does your router support SRV records? Most likely not.

Basic AD DNS setup is install DNS on the DC. Point the DC to itself for DNS
in the properties of TCP/IP. When the netlogon service runs the server will
register it's SRV records the AD clients need to find, in DNS.
Point all AD clients to the DNS server setup for the AD domain ONLY. Servers
are AD clients also. This way AD clients will find the SRV records in the
DNS zone and login properly.
For Internet access configure the AD DNS server to forward requests and list
the (usually ISP's dns server but in your case you should use the router)
This is the ONLY place on an AD domain where your ISP's (your router) should
be listed. Only as a forwarder.

I would suggest turning off the DHCP on the router and use the DHCP on the
Windows 2003 server. Use the router as a forwarder on your AD DNS server.


hth
DDS


"Tarh ik" <Tarhik@discussions.microsoft.com> wrote in message
news:0285D5C8-E9F5-424B-A20F-DA56E7ABF23E@microsoft.com...

Hi Lanwench!!!

Thank you very much!!! This is starting to make sense now. Changing the
configuration of the Domain Controller will take some planning, but it is
certainly worth it!

Thanks!!! I owe you one!!!

Best Regards,

Tarh Ik

"Lanwench [MVP - Exchange]" wrote:

Cool, thanks Danny!! This Active Directory is a very new concept to me.
Now things are starting to make sense!!

Thanks!!!!

Best Regards,

Tarh Ik


"Danny Sanders" wrote:

Tarh ik <Tarhik@discussions.microsoft.com> wrote:
You're most welcome. This shouldn't be that big a deal to fix, really, esp.
on a small-ish network.