Solved

Does setting DNS by Group Policy actually work?

Posted on 2008-10-10
6
1,591 Views
Last Modified: 2012-06-22
Hi,

I've been installating a Windows 2008 Server to provide a domain on a network in a school. The school has a satellite broadband connection and there is a gateway machine which provides DNS and DHCP services for the network.

I have configured my 2K8 DNS server with a static IP (provided by the company who are resposbile for the internet gatway) and it correctly forwards unresolved requests to the existing DNS server on the network.

I can join WinXP machines to the new domain but I have to manually set the DNS server on the XP boxes, as they get their IP address from the existing DHCP server.

I found a Group Policy to set DNS servers, but it doesn't seem to work (I know other GP stuff is working as I have a WSUS server working ok). Any ideas?

Thanks,
Jeff
0
Comment
Question by:jeffeld
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Paka
ID: 22686482
You should set the DNS on the client boxes using DHCP to point to your 2K8 machine.  The 2K8 machine should forward unresolved requests to the ISP's address.

Pushing the address via Group Policy is difficult, because the clients need DNS services to connect to the domain (and receive Group Policy).
0
 

Author Comment

by:jeffeld
ID: 22686648
I cant change the DHCP configuration; it isn't under my control and the owners of it will not make any changes to the configuration.

The clients are able to join the domain and logon/off without the DNS changes, although running gpupdate /force does take a long time.

This group policy seems to be the solution to my problem, but why have it there if you need DNS for it to work?

Cheers,
Jeff
0
 
LVL 22

Accepted Solution

by:
Paka earned 500 total points
ID: 22690781
DNS is needed for the clients to logon to the domain and locate domain services.  Here's a good article on pushing DNS settings through GP; however it is pretty tough to do.

The DHCP admins won't take direction from you on the DNS setting?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:jeffeld
ID: 22700963
Hi Paka,

Thanks for your responses. Did you forget the link to the article?

I've started a conversation with the help desk about getting this changed, but the service is provided by a third party and they are generally uncooperative to these sorts of requests. I'd like to pursue the group policy solution is parallel.

I'll report back here with any progress made.

Thanks,
Jeff
0
 

Author Comment

by:jeffeld
ID: 22720372
I've since come up with a Plan B which I think will give a better outcome.

My solution is to take the current (3rd party) internet gateway/dns/dhcp server off the network backbone. My w2k8 server will then be configured to provide dhcp (it already provides DNS) and it will route all internet requests to the 3rd party gateway (connected via a seperate network card and switch).
0
 

Author Closing Comment

by:jeffeld
ID: 31504983
The answer didn't solve my problem (altough to be fair it did answer the question IYSWIM) but it did spur me on to find my final solution. Thanks!
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question