Re: DHCP and Trusted Domains

Tech-Archive recommends: Speed Up your PC by fixing your registry

Herb,
Thanks for your help. Can you clarify this statement: You can authorize
DHCP
servers running Win2000+ but that is done PER FOREST so it won't
necessarily
help if there are multiple forests -- and it won't help with non-Win2000+
DHCP servers.

Win2000+ DHCP servers will NOT distribute addresses if
they are in a forest where authorization is in force AND that
DHCP server is not itself authorized.

BUT each Enterprise Admin (one such group in each forest) can
authorize their own DHCP servers.

I have two separate forests that I want to set up the trust between. Why
does the DHCP of one allocate IP addresses on the other?

Because DHCP is completely promiscuous and have nothing to
do with domain/forest membership, operating system, or anything
else except "broadcast domain" (subnet).

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Daniel" <Daniel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:88EA4646-DB50-49B6-A7F6-879505185805@xxxxxxxxxxxxxxxx

"Herb Martin" wrote:

"Daniel" <Daniel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AE4D2022-BC4F-4041-B8AE-C9E658039082@xxxxxxxxxxxxxxxx
I am trying to set up a trust between two Win 2003 domains.

Presumably they are in different forests -- since domains in
the same forest already have an (effective) automatic trust.

You will usually need NetBIOS resolution to work for external
trusts to work.

Whenever I
connect the two DHCP starts casuing conflicts. How can I limit DHCP to
each
domain while still establishing the trust?

DHCP servers do are promiscuous; there is no way to limit
them by domain or computer name etc.

You can authorize DHCP servers running Win2000+ but that is
done PER FOREST so it won't necessarily help if there are
multiple forests -- and it won't help with non-Win2000+ DHCP
servers.

DHCP servers which service the same SUBNET much be
coordinated by the admin (or with multiple admins they MUST
work together).

Your alternative on that (working together and coordinating the
DHCP servers manually) is to place the machine on separate
physical segments (IP subnets on different broadcast domains.)



--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]







.

Relevant Pages

  • Re: networking private and public hosts questions
    ... DHCP isn't going to "help". ... you need to run NAT. ... Move all the Servers to the private side of the Firewall and start ... Controllers must point to themselves in thier DNS Setting and the ISP's DNS ...
    (microsoft.public.win2000.networking)
  • Re: Dynamic DNS, DNS Records & Scavenging
    ... There are two DHCP ... Both the servers are set to update A and PTR records for clients. ... DNS however this doesn't seem to be the case. ... DNSUpdateProxy and when i did this i saw my test laptop register its ...
    (microsoft.public.windows.server.dns)
  • Re: Correct DNS / WINS configuration for Domain members
    ... built up on a workgroup servers. ... forest is it going to be like DHCP, where a DHCP service (or another ... addresses to hosts of another AD forest? ...
    (microsoft.public.windows.server.dns)
  • Re: DHCP
    ... Open the event in event viewer, under the 2 arrows is a copy button, click it and paste it into the posting. ... "Meinolf Weber" wrote: ... I do not intend to change DNS or DHCP servers. ...
    (microsoft.public.windows.server.general)
  • Re: DHCP
    ... I do not intend to change DNS or DHCP servers. ... Since these machines are DHCP Client Windows Server 2003 machines with ...
    (microsoft.public.windows.server.general)