0

Our school has all of there servers, etc... setup already. I have installed Microsoft Windows Server 2012 r2 on a spare laptop. Our class teacher is wanting to setup a domain just for the users in our class. We don't want to use the school domain because it restricts access to things and we'd need the password for installing software, etc...

I have installed Active Directory and DHCP so far on the laptop server.

I tried to connect the server to the normal school network through the building distribution switch and the server itself got internet connection while keeping its static ip address I set. However, On any of the laptops in our classroom, they can't seem to find the domain when I search to add it in settings.

I thought this was due to a second domain being on the same network or maybe the laptops weren't on the same ip address scope. So therefore, I installed a router with it's WAN port connected to the building distribution switch. It connects to the internet normally just acting as another device itself. The default ip was 192.168.20.1. As our school has a massive ip address scope setup, I had a look at the ip address the school system assigned to the laptop server, it was 192.168.3.187 so I decided to stay on that scope to prevent any mix ups. The routers ip address is now 192.168.3.188.

After I made these changes, I connected one of the classroom laptops to the WiFi network of the router and it connected. The only issue was that it couldn't establish an internet connection. So i tried to add the computer to the domain, IT WORKED!! YAY.

But, We need an internet connection and I don't know whether I've screwed anything up or whether anyone could offer some support or an alternative setup I could use.

The scope I setup in DHCP on the laptop server is 192.168.3.190 - 192.168.3.220 with the same subnet mask as the school one which is 255.255.255.0.

--Notes--

Router IP: 192.168.3.188 Router DNS: 192.168.3.187 Router Subnet Mask: 255.255.255.0

Server IP(static): 192.168.3.187 Server DNS: 192.168.3.187 Server Default Gateway: 192.168.3.188 Server Subnet Mask: 255.255.255.0

Any help or assistance will be greatly appreciated!!

Thanks In Advance :)

Will Peasley
  • 3
  • 3
  • Can you give more clarity about how things are physically wired? It looks like you might be using the same network addresses on both sides of a router. You can't do that. You should be creating your own private network behind your router with a separate network switch. – Appleoddity Aug 11 '17 at 03:41
  • Hi, so how would I do that. I'm very new to this stuff. – Will Peasley Aug 11 '17 at 03:53

1 Answers1

1

First of all, I appreciate your desire to learn and wish you all the best. But, you are biting off a big task if you have little experience. You are talking about networking, windows domains, server management, etc.

I'm going to try to describe how to do this the proper way, but this will probably be a little bit like drinking from a fire hose. And truth be known, this type of information is abundantly available on the internet for you to research and learn, which may be more effective than trying to do this with a single post on the internet.

The information you provided doesn't give me a clear picture of what we are working with. So, I have to speak in basic terms. I also am assuming that you have full control of the laptops and the server. You cannot accomplish what you are trying to do, if the laptops are part of your school's domain or remain connected to your schools network. They should be clean Windows systems that are being joined to your new server and Windows domain. I'm also assuming a default configuration on the router and server.

The first thing it sounds like you are doing wrong is that you are trying to use the same networking addresses as your school's network. If you hook things up wrong, as it sounds like you may have, you're not just going to not have a working system, you are going to take down the entire school network. I'm sure your tech team will love that! :)

So, the first thing you HAVE to do is isolate yourself from the school network. You do this using the router you mentioned. The WAN port connects to the school network. EVERYTHING else hooks on the other side of the router to the LAN ports or via wireless. NOTHING else plugs in to the school network. If you need more wired ports you need to add your own network switch that can plug in to a router LAN port and the rest of your devices can plug in to the switch. I cannot stress this enough, you cannot plug your server in to the school's network - you WILL cause significant outages

So, the physical topology looks like this:

[School Network Port]---->[Router WAN Port][Router LAN Ports / Wireless]---->[Server / PCs / Network Switch]

It doesn't matter what the school's network addresses are, you just have to avoid that range entirely for your new private network. Based on your post, the school is using a range in the Class C Private address range 192.168.x.x. So, you'll reduce confusion and conflicts by avoiding that range all together. Use one of the Class A (10.x.x.x) or Class B (172.16-31.x.x) private network ranges. I'm going to utilize, for our example, 10.25.10.x/24 (that is a subnet mask of 255.255.255.0). This means your network address is 10.25.10.0 and all your devices will be in the range 10.25.10.1-254.

You will need to do the following things, and I am not going to go through this step by step and I am not going to explain the whys and hows of this, that is what Google is for:

  1. Change the router's LAN IP address to 10.25.10.1. The WAN (or internet) port should remain DHCP. It doesn't matter what IP it pulls from your school's network.
  2. Disable the router's DHCP server.
  3. Set your server to a static IP of 10.25.10.10, subnet 255.255.255.0, gateway 10.25.10.1, and DNS of 127.0.0.1.
  4. Install DHCP services on the server. Create a new IPv4 address scope with a range of 10.25.10.100-200 (subnet 255.255.255.0). Configure options: Router = 10.25.10.1, DNS domain = whateveryoulike.local, DNS Server = 10.25.10.10. Make sure the DHCP server is authorized and the service is active. It should have a green mark on it in DHCP management console.
  5. Install Active Directory domain services which includes DNS. When you promote your domain controller make sure you use whateveryoulike.local just like you did above for DHCP.
  6. Configure the DNS server properties so that the 'forwarders' are 10.25.10.1.

Now, plug in another computer to your network and it should pull an IP address from your server in the range 10.25.10.100-200. If you do an ipconfig /all on the system you should see something like this:

IP Address: 10.25.10.100 Subnet Mask: 255.255.255.0 Gateway: 10.25.10.1 DNS Server: 10.25.10.10 DNS Domain: whateveryoulike.local

Congratulations, you did it! The system should have network connectivity and you should be able to tell it join the domain whateveryoulike.local and it will work just fine. You will have created a segregated network from your school, and there will be no chance you interfere or take down their network. You are free to play to your hearts desire.

I would strongly suggest you start over from scratch and follow my steps above. Default the router, and reinstall the server. This will make sure there is nothing left over from previous configurations that might give you a nightmare. It is not an easy task to change IP addresses, domain names, or whatever. Just start over.

If you have any communication issues after this, try to disable the server's firewall. Sometimes Windows forgets to open the ports. :)

This is old, but the concept hasn't ever changed I don't think: http://techgenix.com/Networking-Basics-Part1/

Appleoddity
  • 3,290
  • 2
  • 10
  • 27
  • Hi, thank you soooooo much for your detailed instructions. I understand all of it. I will do this now. I will keep you posted on how it goes. I have knowledge in networking and servers, just not extensive. – Will Peasley Aug 11 '17 at 04:49
  • Hi. I'm having some issues where the DHCP scope isn't activating. It stays red and doesn't turn green. What would be the cause of this? – Will Peasley Aug 14 '17 at 06:58
  • It is a two step process. You need to authorize and start the DHCP server and activate the DHCP scope. If it detects another DHCP server (like your router - did you disable DHCP?) it will not be successful. Check the event log for more details. The server might be automatically authorized if it is installed on a domain controller. – Appleoddity Aug 14 '17 at 13:29
  • I disabled the DHCP server on the router and that resulted in the the router and devices connected getting an IP address from the school network. When I add my own IP address scope 10.25.10.X to DHCP, it refuses to activate the scope. – Will Peasley Aug 15 '17 at 22:12
  • Well, you kind of answered your own question. Your devices are still connected to the school network. That's the only way they can get an IP from the school, and that is why your DHCP server will not activate. Please review my answer. There is only one thing that can be plugged in to your school network - the WAN port on the router. It sounds like you're still trying to use existing school network switches and network ports. – Appleoddity Aug 15 '17 at 22:41
  • no everything is connected through the router. The only connection into the school network is from the WAN port on the router – Will Peasley Aug 15 '17 at 22:48
  • I understand what you are telling me. But what you have told me about devices getting a school IP address says otherwise. That is absolutely impossible unless those devices are still connected to your school network. You have to understand it is not possible any other way. So either I have not been given all the details or you are missing a cable or something still plugged in to the school network. – Appleoddity Aug 15 '17 at 23:40