?
Solved

Active Directory on W2k3 - DNS? help

Posted on 2005-03-01
5
Medium Priority
?
1,606 Views
Last Modified: 2008-02-26
Hi all - I have been tossed into a situation where we have a single domain controller (W2k3) that was installed and configured without DNS.  The short of it is, this site has been using hosts files since they were a 10 user office and for whatever reason continued to use them.  Now that we have a temporary (and yes, this will all be gone in about 4-6 weeks) solution in place, I've some concerns on the way it was configured.  
I 'thought' DNS was a mandatory process when configuring AD - apparently not, as the consultant that set it up got around it.

So, I'm toying with the idea of setting up both DHCP & DNS on this server (yes, they were also using and still are, static IPs - 300+ clients).  However, DNS in an AD environment is something I haven't really spent much time with.

From your expert experiences, can I get some opinions/advice on setting this up?

A) Is it worth it, since we'll be moving to a stable environment beginning next week, with potentially 1/3 of the office and continuing for 3-6 weeks after (depending on each wave's success)
B) How hard would it be to do so?  DNS has always been a weak point of mine and I'm concerned that I might screw something up! :)
C) Other than touching all 300+ systems again (and this includes some VPN users) - how can we easily/automate the process of switching them over to dynamic IP?

They currently use their provider's DNS servers for internet access.  They have several in-house servers right now.  I've removed all client entries from the hosts files via a login script - but is that enough?

100 points per bullet above.  If I decide to move forward, I'll open a new thread on actually installing it... Thanx.
0
Comment
Question by:sirbounty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
lapukman earned 600 total points
ID: 13437089
In my humble opinion:

"A) Is it worth it, since we'll be moving to a stable environment beginning next week, with potentially 1/3 of the office and continuing for 3-6 weeks after (depending on each wave's success)"

- Definitely YES. Utilizing DNS and DHCP allows you to save manpower and time in configuring each 300+ workstation's hosts file and IP address. It also allows you to prevent IP address conflicts as well as hostname to ip resolution/ vice versa conflicts. DNS and DHCP allows you also to better design your network as your company grows.

"B) How hard would it be to do so?  DNS has always been a weak point of mine and I'm concerned that I might screw something up! :)"

- DNS is mind-boggling at first, but as you go and continuosly use it, understanding how it works seems to become very easy. One of the most important part in DNS is zones. When you define a zone, the DNS server becomes the one responsible for name resolutions in that zone. Other important entries in the DNS are A and MX records. A stands for Address that is used for storing an IP address associated with a domain name.  MX stands for Mail Exchanger where all mail servers are enumerated so as the DNS knows where to redirect/point a mail message. Since your company have implemented AD, an AD-integrated DNS is the best method to do it in your network.

To understand more about DNS, please read http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_und_Topnode.asp

This link as well enumerates how to setup Active Directory Integrated DNS: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_pro_ConfigServerForDS.asp

Meanwhile, setting up DHCP is relatively easy as well. You just need to define your network range and the necessary DHCP settings like DNS, WINS, IP address range and exclusion, default gateway, etc. DHCP setup is wizard base so it is really easy. This link might help you in your DHCP setup: http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_und_Topnode.asp

"C) Other than touching all 300+ systems again (and this includes some VPN users) - how can we easily/automate the process of switching them over to dynamic IP?"

- One way is to set a login script to do it. The login script would contain a command that would erase the TCP/IP configuration in the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{55CABB6A-8C47-4C30-88BD-A48BCFCCADBD}\Parameters\Tcpip

Take note that the entry {55CABB6A-8C47-4C30-88BD-A48BCFCCADBD} will be different on some machines becuase this entry is the NIC card. In my case it is {55CABB6A-8C47-4C30-88BD-A48BCFCCADBD} which might be different in your case.

In this key, you can enable DHCP by changing the key EnableDHCP and set to 1 and removing the entries for DefaultGateway, IPAddress and Subnetmask.

The login script that you did to clear the hosts file will do, provided that they have access to edit the hosts file, otherwise, the entries there would remain. One way to check this is to do a spot check on some machines.

Hope this helps

Lapukman

0
 
LVL 7

Assisted Solution

by:SoyYop
SoyYop earned 600 total points
ID: 13439590
You are still not using mail servers, so migration would be easier. By the way, DNS resolution is required for setting up AD.

Maybe are you using a third-party DNS server? That works, don't need to be microsoft...
Or it is installed and you didn't know?
Or is working over hosts files... I'm gonna try that ;)

After having DNS up and working following Lapukman resources (I just can add to check Microsoft DNS help files on your computer), install DHCP. Remember to enable the segments and to exclude the servers and printers. Wish you have them on contiguous ranges...
And Enable them when ready.

For resetting the IP to automatic, for a given range (in this example, 192.168.0.10-192.168.0.250), just run this script as administrator

for /L %t in (10,1,250) do netsh -r 192.168.0.%t instructions.sh

I'm assuming you are using 192.168.x.x for your network... Save it as "ResetToDHCP.cmd" or something like that.

And instructions.sh is:

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip
offline
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
commit
popd
# End of interface IP configuration


You can add the following line to set up a fixed dns server, like

add dns "Local Area Connection" 192.168.0.5

if your AD server has the ip 192.168.0.5, so it has it fixed. Is VERY important that the DNS server is set to the Active Directory DNS. If not, you are goig to experience delays (or have to add it to the hosts file).

Netsh gives you a lot of power...
0
 
LVL 67

Author Comment

by:sirbounty
ID: 13440016
Sadly, it IS using hosts and no, no DNS was installed, nor being used - at least from what I can tell.  I didn't think this was possible and I know everyone agrees with
me - but perhaps it's different with W2k3?

It's a class B: 10.10.x.y

Problem with using login script - is obviously the difference in local interface references, and the fact that some machines are still not, for whatever reason, running them (I think this is mostly VPN users though).  The problem with the netsh batch file is that they could potentially have a server somewhere down the line, 10.10.100.12 that doesn't sit within the 'normal' client range.  This is the most wacked network I've ever seen - you really have to see it to believe it...<sigh>...

Thanx guys - I'll read thru the articles and post back...
0
 
LVL 7

Expert Comment

by:SoyYop
ID: 13441955
Maybe, you cant start isolating the servers on a fixed range. You may want them to have fixed IP's, anyway.

You can create a new hosts file, update servers IP, and use the same for /l to copy an updated hosts file, like

for /L %t ...... copy hosts \\10.10.100.%t\admin$\system32\drivers\etc
for /L %t ...... copy hosts \\10.10.101.%t\admin$\system32\drivers\etc
...

etc.

Then move to use DHCP. If you have subnets... you may need to add dhcp servers there and block the ports on routers.
0
 
LVL 67

Author Comment

by:sirbounty
ID: 13442181
This all sounds like too big an undertaking with this network and the limited amount of time we have left on it.
Sad part is that the IS folks that have worked this network for years apparently don't know how it's configured, so I'd be fearful something would get left out or overlooked and generate more trouble than not.
I am actually surprised it is working without DNS - I learned something new this go around.
But anyway - I thank you all for your insight and encouragement.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question