Setting up Active directory on a home network

2

I'm trying to set up AD on my Windows Server 2008 R2.

I think the IP assigned by my router should be static. So when I turn off the router's DHCP and enable the DHCP Server in Windows, do all my computers (I have 3) automatically receive their IP from the server? How does that work?

The domain for the AD should be 'home.internal'.

I also have IIS running that needs to be accessible from within and the internet. I don't think that has anythign to do with it?

Also, with wireless clients, how would they get their IP automatically if the DHCP in the router is turned off? They won't, right?

I also have not understood why I need the DNS server.

Forgive my ignorance. If you know of articles and questions related to this one please link to them. Somehow answers seem hard to come by.

John

Posted 2012-03-10T13:38:22.767

Reputation: 193

If you dont know how DHCP and DNS works you shouldnt be messing with AD> – None – 2012-03-10T13:43:37.263

1

John - Unfortunately, I don't think your question is going to get a lot of traction here, because technically its off topic. I don't mean to jump on this and be the bad guy, but the FAQ explicitly states that items related to home environments is off topic. Please see http://serverfault.com/faq#questions for more info... I'm going to vote to move it to Super User or somewhere else. Then I MIGHT take a stab at answering it!

– David W – 2012-03-10T13:44:13.400

Answers

3

I think the IP assigned by my router should be static.

That makes no sense. If an address is assigned by the router to another device then its not static. To give a computer a static address, you need to edit the operating system's network configuration and assign it a static IP address.

So when I turn off the router's DHCP and enable the DHCP Server in Windows, do all my computers (I have 3) automatically receive their IP from the server? How does that work?

Yes. DHCP, on a simple network works using the DORA principle.

  • Discovery - the client broadcasts a message on the local network segment its connected to, to discover available DHCP servers.
  • Offer - a suitably configured DHCP server receives a request from a client, and offers it an address from its pool of available addresses.
  • Request - The client replies to the offer, requesting the address received in the Offer.
  • Acknowledgement - The server acknowledges the request, marking the address as used in its pool of addresses, and informs the client of how long the address lease is valid for, and any other information needed.

As such, any device on a network segment can be a DHCP server, it doesn't have to be the router or any other "special" device on the network. When the devices on your network reach the end of their leases (or you reboot them, which will force them to check their lease is still valid) they will simply broadcast a request for a DHCP server and will find the new server instead of the old, inactive one.

The domain for the AD should be 'home.internal'.

Ok. If you're trying to learn AD then that's not a "best practice" address, but fair enough.

I also have IIS running that needs to be accessible from within and the internet. I don't think that has anythign to do with it?

Not as such. Though if you're promoting the server running IIS to be your domain controller, this may well change your IIS configuration (As "local" accounts aren't available on a domain controller, the accounts used by IIS and any web applications you're running will change).

Also, with wireless clients, how would they get their IP automatically if the DHCP in the router is turned off? They won't, right?

Yes, they will, unless your wireless router is configured in a very odd way. The wired and wireless networks typically appear as one network to the devices on that network.

I also have not understood why I need the DNS server.

DNS is a central component of Active Directory. See this: How DNS Support for Active Directory Works

Rob Moir

Posted 2012-03-10T13:38:22.767

Reputation: 647

1.local is bad practice as it can cause problems. You should ALWAYS use your web domain or a subdomain for your AD setup. Even if you buy a domain just for AD - you will save yourself from a ton of problems later – InterLinked – 2016-08-13T02:10:07.577

4He should not be using ".internal". John needs to use either an RFC 2606 TLD (.test), or a subdomain of something he owns (home.johndomain.com). If he really wants to break the rules, he should at least run with the lemmings and use ".local", but yuck. – Miles Erickson – 2012-03-10T15:01:09.300

2@MilesErickson +1 as I'm a .local lemming. – Bryan – 2012-03-10T15:19:24.050

1

I've got the same setup at home. I'll setup the AD DHCP to start giving out addresses from x.x.x.10 e.g. 192.168.0.10. Assign these non-DHCP addresses them to the router and the AD servers e.g. 192.168.0.1 gets assigned to the router, 192.168.0.2 for the first AD server, etc.

For the web server most router allow port forwarding. So assign a static MAC DHCP to the web server so the IP address doesn't change and forwar ld port 80/443 to this IP address.

The router will need to be switched on 24/7 for the clients to revived DHCP addresses.

DNS is an integral part of AD and is required for it to work. Is it not optional.

TheMoo

Posted 2012-03-10T13:38:22.767

Reputation: 53

0

When you say the IP address assigned by your router is static, do you mean internally? i.e. is your public IP address dynamic or static? Not that this makes (much) difference... just curious.

AD and internet connectivity are two different things. While its true you could setup the AD server to also serve up IP addresses to the other clients inside the home network, you can also let the router do that work - which might be simplest in your case.

You asked about DNS and why you need it. I'll try to break this down simply. There are two kinds of DNS servers: Caching Name Servers and Authoritative Name Servers:

  • When you set up a website, and setup its DNS, that information goes into an Authoritative Name Server. This server is the "authority" for that new domain/website for every request on the internet.
  • When computers are connected to the internet, they must connect to a Caching Name Server so that they know where websites are located. Without a caching nameserver, requests to visit a website would be lost - the requesting machine wouldn't know where the website is located. DHCP provides information to each computer on a network on which Caching Name Server to use. Or, people can statically setup their DNS information - often times people prefer to use OpenDNS or other publicly available caching name servers.

So what does this have to do with you? In your case, "home.internal" is a (I'm guessing) exclusively internal to your home network. There are not authoritative name servers outside of your network for this "domain". Therefore, you have to setup DNS internally so that home.internal can resolve. This is why you should setup an internal authoritative name server for "home.internal". Make sense?

I'd recommend doing this:

  1. Let the router handle the DHCP. In the router's settings, see if you can specify where your DNS server is located.
  2. In the router, reserve an IP address space for the server (i.e. so that you can statically set the IP address on the server)
  3. Setup the server to be the "authority" for the "home.internal" domain - and then to act as a caching name server for everything else on the internet.
  4. To get IIS working externally, you'll need to do a port forward on the router. Of course IF you have a public dynamic IP address, you'll need to take into account that it can change.

Good luck!

David W

Posted 2012-03-10T13:38:22.767

Reputation: 304

-1

When your computers are plugged into your router, they are using the DHCP server of the router. The computers are plugged into a switch which is basically then connected to the DHCP server and then to the WAN Nic. You would need two Ethernet cards on the AD Server, one taking the internet connection in (either from the modem or the router) and then a switch/access point plugged into the other. This will ensure that the traffic is routed through the DHCP server for your clients and then assign an IP Address. Your other option would be to manually assign IP addresses from your clients who's gateway would be the AD server.

kobaltz

Posted 2012-03-10T13:38:22.767

Reputation: 14 361

2When your computers are plugged into your router, they are using the DHCP server of the router. - You're kinda implying that they have to use the DNS server on the router just because they're plugged into it. That's totally not the case. – Rob Moir – 2012-03-10T14:26:19.890

DNS servers do not assign nonroutable IP addresses or a gateway to internet connectivity. You can use other services like OpenDNS. I was mentioning DHCP servers, not DNS. – kobaltz – 2012-03-10T17:29:33.250

Sorry, I typed DNS but meant DHCP. If you substitute 'DHCP' for 'DNS' my point stands - you don't need to use the router DHCP server just because you're plugged into the router – Rob Moir – 2012-03-10T17:49:46.987

Asked: 2012-03-10T13:38:22.767

Viewed: 7 241 times

Active: 2012-03-10T17:29:45.343