Connecting 10 computers and switch to domain using router?

[TheBDB]

I have 10 computers connected via a switch that I would like to add to my domain. I'm trying to figure out if I can do this by connecting a router to the domain and plugging it into the switch. That way the router would get an IP address from the domain DHCP, and the 10 computers can remain on their own workgroup?? I'm not exactly sure what a switch does and if I would need to do anything other than connect it to the router. If there is an easier way to do this let me know and thanks.

 

[RebateMonger]

While there are other ways of doing this, a typical setup would be to have a single router between the Internet and your network, hook a switch to one of the router's LAN ports, and hook the Domain Controller to one of the switch ports or one of the router's LAN ports. You can have non-Domain-joined PCs on the same network as Domain-joined PCs. It'd be best for all of them to get their DHCP and DNS from the server, assuming you aren't violating the server's licensing provisions by doing so.

A switch is like an electrical power strip - allowing multiple computers to connect to the same network.

 

[TheBDB]

In order to access a shared folder on the domain, would each computer have to join the domain, or could I join the router and leave the computers on their own workgroup?

 

[her209]

If the router is performing NAT (which it sounds like it is), you may run into problems.

 

[owensdj]

TheBDB, if you have 10+ computers you probably need to be in a domain rather than a workgroup to reduce the user name/password admin overhead. Are you going to put 10 user name/passwords into 10 computers and keep them all up to date? If you already have a domain, why not add them into it?

Are you using the router just as a way to connect the switch to the rest of the network, or is the router your network's Internet gateway? If it's just for connected the switch make sure you turn off the DHCP server in the router.

 

[Emulex]

no you can assign rights to a folder share by the local computer username/password or by using domain authentication.

for instance on my backup server i have a local account access. so in the event that the machine drive explodes, i can bring up a new machine pop in a rescue cd and access the share using standard credentials. The user would reside on the fileshare system.

if you run a domain make sure you have 2 domain servers; or else. and don't run anything on AD servers if at all possible.

use the router as a nat device and do all dhcp from the AD controller dhcp/dns roles that way the dynamic dns works with your local domain (ie anandtech.local).

if you have the cash $495 run ESXi on the server and virtualize - trust me on this one - a domain controller is best run in a VM; abstracting the hardware makes backing them up far easier.

best low end backup software for DAS/esxi is veeam. $500 per socket is peanuts considering a 6 core westmere can run some serious power.

you could VM all your client pc's and on a single server and the AD server etc; back them all up reliably - run thin/thick clients and get rid of all that unreliable hardware.

if i had my way i'd do that win7 thin clients with voip - a pair of decent servers with decent DAS storage - vsphere essentials - veeam.

heck you can even run a software router/firewall/ips/etc on the vm server as well.

paying $500 per socket to backup all you can fit on a server is hella cheaper than paying for decent per server/per client (BESR/Backup exec) reliable backup software.

 

[TheBDB]

Good lord, thanks for all the help, unfortunately I have no idea what any of you are talking about.

Our domain has about 25 computers, exchange, shared data drive. An outside organization installed these 10 computers to run some training software, so I'm hesitant to mess with them too much. They set them up as a workgroup with manual IPs. I'd like to connect them to our domain so they can access the shared data, without changing their network settings. That is why I was trying to see if I could use a router as an intermediary.

 

[xSauronx]

Good lord, thanks for all the help, unfortunately I have no idea what any of you are talking about.

do you guys not have an admin to handle doing all of this?

 

[imagoon]

Clarify this for me.... it sounds like you have 10 PCs on a switch, in your building. Why not up link the switch to the access switches? If you want to keep the same static IPs, use a router in "route mode" and connect them. Don't use NAT.

 

[TheBDB]

do you guys not have an admin to handle doing all of this?

That would be me

 

[owensdj]

TheBDB, I assume the 25 or so domain computers are on one subnet and the 10 workgroup computers are on a different subnet? If so you may be able to connect the two subnets using an internal router like imagoon said. You'd still need for the 10 workgroup computers to use the domain's DNS settings so they'll be able to resolve the name of the server so you can access the share. You should be able to access it using a user name & password of a domain user even if the machine isn't in the domain.

 

[RebateMonger]

Yeah, you could use a home-type router to allow the ten computers to access shared data on the other network. It'll be a one-way conversation. The computers on your main network won't be able to see computers on the ten-computer network.

If the ten computers use the main network for Internet access, you may have double-NAT issues with them. They may not be able to access SSL web sites, for instance.

 

[imagoon]

Yeah, you could use a home-type router to allow the ten computers to access shared data on the other network. It'll be a one-way conversation. The computers on your main network won't be able to see computers on the ten-computer network.

If the ten computers use the main network for Internet access, you may have double-NAT issues with them. They may not be able to access SSL web sites, for instance.

Incorrect or well not 100% correct. Many of these units have a true "route" mode that is not NAT. However I would expect a small business to have a better set up than that personally. Considering you can pick up an older Cisco 1700 for peanuts on ebay. I wouldn't expect fantastic performance out of it however. True gigabit routing costs big $$.

 

[RebateMonger]

Many of these units have a true "route" mode that is not NAT. However I would expect a small business to have a better set up than that personally. Considering you can pick up an older Cisco 1700 for peanuts on ebay. I wouldn't expect fantastic performance out of it however. True gigabit routing costs big $$.

If the O.P. has to ask the question he/she's asking, there's going to be a problem programming a Cisco 1700. The "easy" answer to his/her question is to put them on the same subnet, but they don't want to do that, so either there's a security concern or they don't know how to reconfigure their networking.

 

[imagoon]

If the O.P. has to ask the question he/she's asking, there's going to be a problem programming a Cisco 1700. The "easy" answer to his/her question is to put them on the same subnet, but they don't want to do that, so either there's a security concern or they don't know how to reconfigure their networking.

Stop talking sense. We don't need that here!