Active Directory

[KeyKeeper]

Ok, Ive googled my arse off but cant seem to find a clear solution. I have installed 2003 server on a machine on my private network. Made it a domain controller and issued it a static ip (same ip that it would get via DHCP from router). My question is, why wont it resolve ip using nslookup on other machines on private network. I know the domain is active, it resolves locally and spits out proper ip. Am I missing something, maybe a firewall or something locally or is it that router is sending dns lookup to the internet instead of locally? Im very new to server 2003 so any help would be appreciated.

TIA.

 

[seepy83]

Just to clarify a few things...

Are your other PCs members of the same AD Domain?
Is your Domain Controller running a DNS Server?
What are all of your hosts (DC, as well as other clients) using for their DNS server?

 

[KeyKeeper]

I cant get any of the other machines to even join the domain since its not resolving. The other machines are using the routers dns e.g. 192.168.1.254 (DHCP). Domain controller has dns server role as well but not quite sure if Ive got it configured properly, Im totally new to this stuff. At work they are attempting to run a private network but they need a domain controller since max connection limit on a xp pro box with shared hdd on it. I can convince them into getting a rackmount server(already have rack for switch/patch box there) so Im just trying to simulate this at home for now before I con them into spending the money (small business). Does anyone know a good step by step domain setup link using server 2003? Im thinking most of my problems here are due to the router running DHCP and hosting a "vitrual" dns server. And to make things more difficult, Im attempting to join the domain with a macbook (yeah I know, wtf am I thinking) since it has native active directory support in leapord 10.5. I have some windows boxes here too but they are not seeing domain either. Im assuming from your reply that I need to get them on the dns server running in server 2003 before they will see the domain? I take they are dialing out to the internet e.g. isp/router dns server.

 

[DrGreen2007]

"issued it a static ip (same ip that it would get via DHCP from router). "

You have to have the server doing DNS and DHCP not the router, that way clients on the network get an IP from the server, and they register there DNS name with the server.

Right now on a client, you do a ping or nslookup, it asks the router for the info, the router doesnt know what your AD domain name is and thats why it fails.

If your clients asked the server what the domain name is, it would reply back with the correct info.

Your server should have a forwarder pointed to your ISP's DNS servers (or any other internet DNS server) in its DNS console.

Here is some good info
http://www.petri.co.il/how_to_...ry_on_windows_2003.htm

 

[Genx87]

I agree with the poster above. You need to have the AD controller at the very least be the DNS in your routers DHCP. The ideal setup of course is to run it all from the AD controller.

 

[KeyKeeper]

I put the IP of the server as the dns server on the other machines and it resolves now. I can join the domain as well even with the macbook. Now just need to get the domain on the internet instead of on private network. Im assuming that I would have to open quite a few ports in the router to do this.

 

[Genx87]

What do you mean by get it on the internet?

 

[KeyKeeper]

Well its running on a machine behind a router @ my house. I would like to be able to put it "online" e.g. load a website ect on a web server (also @ home) on the domain. I just need to know how to do it from home first then can implement it here at work. Im assuming that the dns server/domain needs to get registered with my isp so I can access it through a web browser ect over the internet remotely..."mycomputerathome.com". Not sure if I can do this though, figure my ISP probably blocks something like this e.g. blocking a home ftp server ect.

 

[Genx87]

if your domain is names xyb.com and you want a website names xyb.com you will need to register the domain with a place like godaddy.com

In your DNS you will want to create records for the domain name so when you type it it, it actually goes to the location of your internet website not something internally. One of the recommendations is to make your local domain with a .local instead of a .com. It free's up a lot of dns issues without minimal work. So your website and AD domain dont share the same namespace. Something like xyb.com for the website and xyb.local for the AD.

 

[Smilin]

If you haven't already be sure your DNS server forwards to your router/ISP for DNS. That way it will resolve all internal client DNS requests then for Internet names it can go fetch those.

Your ISP is most likley allowing http, https and ftp just fine.
You would need to open those ports on your router and have them forward to your server.

For home setups you would typically have to configure your router to use a dynamic DNS service like TZO.com.


Some words of caution:
Putting a domain controller on the internet is a bad idea. If you're going to do it:
1. Harden it (search microsoft for guides)
2. Use a local software firewall as well as your routers firewall & nat features
3. Only open the ports you absolutely need (http etc) rather than placing the server into your router's DMZ
4. Realize that if it gets compromised so do all machines in the domain. Consider this carefully.

 

[DrGreen2007]

Having an internal domain has nothing to do with having an external/internet domain, just so you know.

Just like Smilin says...make sure your machine is patched and hardened, especially at work, if your 'web site' machine gets hacked into, then your whole domain could be compromised (that means file shares, user accounts, all info on the server, etc)