Re: Question about creating an Active Directory with my modem providing DHCP services....

From: Patrick Dickey (pd1ckey43**RemoveThis**_at_msn.com)
Date: 03/22/05 

Date: Tue, 22 Mar 2005 15:48:17 -0600

Thanks for the quick reply Paul. I've got a few more questions for you as
well. Also, just to make sure we're on the same page (since I interchanged
the words router and modem a few times in here), my DSL Modem also provides
router capabilities as well as a wireless gateway. So, when I refer to
router or modem, I'm talking about the DSL modem. It's an Actiontec 701-wg
for Qwest DSL.

Hello, ptwilliams!
You wrote on Tue, 22 Mar 2005 08:14:58 -0000:

>> 1. Can I set Active Directory up so that it looks to the modem for
>> DHCP
>> information? If so, how?

p> Yes, you can configure the modem to give out DHCP info., but will
p> need it to
p> point to the internal DNS server (the DC usually) which isn't a great
p> idea.
p> Better to statically configure the host, and disable DHCP on the
p> modem.
p> Then let the DC dish out DHCP.

This brings up another question.. I can statically configure all of the
computers and disable the modem as you said. When I set up the computers,
I'm assuming I would set up the non Server ones to point to 192.168.0.8 (the
server) for primary DNS and 192.168.0.1 (the modem) for their secondary? Or
should I set the secondary one to a DNS outside of my network? Along this
line, I would put the Server's DNS to 127.0.0.1 for primary and either the
modem or an outside source for secondary, right? The modem also has
provisions for static IP routing and Dynamic IP routing as well.

[Sorry, skipped]

>> 3. Would it be simpler in the end, to just get another computer and
>> put
>> WS2k3 on there? Set the router to point to that computer for
>> everything,
>> and then set it up to run DHCP for everything else?

p> No.

What I should have asked here was just to turn off the router capabilities
on the modem altogether, allowing the third computer to hold the public IP
address, and have it provide the DNS and DC for the others. But, I'll scrap
this idea anyhow, since it would require buying another computer.

>> 4. In theory, if I have one computer with one copy of WS2k3 running,
>> how
>> many different Active Directories can I put on there? I'm guessing
>> one,
>> but I'm curious if I could create an external domain on one AD, and an
>> internal domain on a second one? If I can do this, then it will solve
>> most of my problems, I believe. This is because I can create the DNS
>> for
>> the AD that would house my 'external domain', and then have the
>> internal
>> domain point to that for it's information. I think I can find the
>> 'internal' domain in a roundabout way through the external domain
>> (although the other computers will connect directly to the internal
>> one
>> after joining it.)

p> One domain per DC. But feel free to have multiple VMs running as DCs
p> for
p> different domains.

Thanks for confirming this for me.

[Sorry, skipped]

>> Also, I should point out that I do have VPC set up as a service. So,
>> when
>> I reboot (if I join the host computer to the domain), I just have to
>> wait
>> a couple of minutes to log in. That's assuming, of course, that I
>> don't
>> have to have a user logged into WS2k3 in order for client computers to
>> log
>> into the domain. I can also set VMWare up as a service, so if I get
>> all
>> of this lined out, I'll use that one as well.

p> I'm not so sure about this. I, personally, wouldn't join the host to
p> the
p> virtual domain. You'll miss out on certain types of (Group) policy
p> application, as the DC can never be available when the computer
p> starts.

p> I assume this is for testing. Probably would be a better idea to
p> just have
p> two virtual clients. They don't need much RAM. I run 8 Windows 2000
p> servers in my VM Lab -and they're running as DCs (two DCs per domain;
p> two
p> domains; one forest), ISA, SMS, F&P, WUS, etc.

Two things for this.. Yes, this is mainly for testing. Also, The DNS server
is independent of the DC, right? That way I know I can configure the host to
look to the VM for DNS information, and not have to join it to the domain.
You're the second one that advised against this, so I won't do it.

p> REMEMBER: All domain members (members and DCs) are DNS clients. All
p> DNS
p> clients must point to an internal DNS server that is authorative for
p> the
p> namespace that you are using for your AD domain (or a dis-jointed
p> equivalent, but this requires additional configuration).

One thing that killed me with the VMWare was, I originally set up the
domain, and everyone could log in. However, I was able to access it with my
"WorkGoup" computer as well.. I attributed this to the workgroup computer
being the host computer. Then, the server crashed (my firewall killed it).
So, I had to revert back to pre-domain and re-set it up. I didn't go to the
other physical computer, and log it off of the domain first. So, when I got
the domain reset up, the host computer couldn't access it (which I would
expect since it's not a member) but the only account that could log into the
domain from the other physical computer was the "Administrator" which was
logged in at the time I reverted.

When I unjoined the other physical computer from the domain, and tried to
rejoin, that's when I started having the DNS issues.. So, I scrapped that
idea altogether.

A side note also, I upgraded my computers and OS's. Which means I'm
starting with a completely clean setup (since I did a clean install on two
new hard drives). So, the previous issues shouldn't be a consideration now.

With best regards, Patrick Dickey. E-mail: pd1ckey43**RemoveThis**@msn.com