locked
Windows 7 and Server 2008 R2. Domain issues? RRS feed

  • Question

  • For some reason, I am not able to add my Windows 7 Pro 64 Bit Machine to my Windows Server 2008 R2 machine. I am very new to this, but Active Directory is enabled and I have created a local FTP on the server, and I added Windows 7 Server Management console to the Windows 7 machine. 

    My domain name is xxxxxx.domain, is this too long? I also added the IP config manually to both machines. Both are using the same DNS and Alternative DNS IP. The IP is not controlled by me so much, it is more controlled by the ISP. 

    So I can see both machine on the network, I can PING the server from the Windows 7 machine using the IP and DNS IP. But I cannot add the Domain to the Window 7 machine.
    I did or I think I did correctly put the Windows 7 machine in the Group Policy. 
    So what am I doing wrong? It shouldn't be this hard.
    Thanks
    Ken
    Monday, September 27, 2010 12:14 AM

Answers

  •   The short anwer is that your setup is not suitable for running a domain. Running a home network behind a NAT device (such as your D-Link) works OK as a workgroup. The machines use the router as their default gateway and the D-Link acts as a forwarder for DNS lookup. It will not work as a domain without a fair bit of work.

      A longer answer goes like this. Active Directory depends on DNS. All AD member machines should use the local (ie domain aware) DNS server to find domain resources. A domain will not function correctly if the domain members use a public DNS service such as that provided by your router. Your domain machines cannot use the network config provided by your router because it will give them the wrong DNS address.

       There are a few major things you need to do if you want to run this as a domain. The first is to let dcpromo configure DNS for you so that the DNS setup is correct for AD. You then need to modify your local DNS server so that it forwards to a public DNS service. This is essential so that the local DNS can resolve both local and foreign names and URLs. You then need to make sure that your clients use the local DNS only. To do this you will need to configure them manually, modify your D-Link DHCP to hand out the DC's IP address for DNS (as Dave suggested) or run your own DHCP service (after disabling the DHCP service on the router).

       Howerver you go about it, the client machines must end up so that they use the DC for DNS but use the router as their default gateway. There are no shortcuts that work. The AD clients must use the DC for DNS. No other DNS addresses, not even as secondaries.

      Once your machines are set to use the local DNS you will have no problems joining them to the domain.

      


    Bill
    • Marked as answer by Bruce-Liu Thursday, October 7, 2010 12:34 PM
    Monday, September 27, 2010 7:30 AM
  • 1) Yes

    2) You don't need to dcpromo it again. You start Server Manager then Add Roles then add DNS Server
    http://technet.microsoft.com/en-us/library/cc771031.aspx

    3) You open the DNS console and right-click on the DC name, Properties then add your ISP DNS server addresses here on the Forwarders tab. This allows the clients to pass internet name requests to your DNS server which in turn will pass on to your ISP DNS servers.

    4)) I don't know the specifics of what your d-link pages look like but on the DHCP server page you can define the scope (leave some out of the dynamic range for static devices like your DC. You can also add your DC/DNS server IP address here (possibly on WAN page). This way when you set the clients to obtain from DHCP they will inherit the DNS server address and can now find your domain controller.

    5) That Dyn DNS stuff is for incoming traffic. I wouldn't worry about it right now.

     

     

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    • Marked as answer by Bruce-Liu Thursday, October 7, 2010 12:34 PM
    Tuesday, September 28, 2010 1:06 AM
  • If you make the d-link DHCP scope something like 192.168.1.100 - 192.168.200 and server is above or below (outside) then no conflict possible.

     

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    • Marked as answer by Kenster1025 Saturday, October 9, 2010 2:41 AM
    Saturday, October 2, 2010 12:22 PM

All replies

  • Does your 2008 machine also have the DNS role? Basically your DHCP server must hand out static address of AD server as primary DNS server address so clients can find DC. Then put the ISP's DNS addresses in the forward lookup of your DNS server so clients can find internet. Also make sure your server has static IP address outside of DHCP scope.

     

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    Monday, September 27, 2010 12:32 AM
  • I am not sure I think I but the DNS role in what would the exact name for the role be? As for the Static IP outside of the DHCP scope, isn't that something that the ISP must do?

    Ken

    Monday, September 27, 2010 12:48 AM
  • If you're setting up your own domain then you would typically run your own DHCP server. Do you have some type of broadband/dsl router?

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    Monday, September 27, 2010 12:57 AM
  • I have my modem hooked up to a D-Link DIR 655 and my Windows 7 machine is hooked up via Ethernet, my laptops are wireless, and the server can be both wired and wireless(eventually wireless). But I did set up the Domain, and it is just for now going to be an FTP server for my local computers. What should I have done?
    Monday, September 27, 2010 1:13 AM
  • The thread will ultimately lead to the question regarding your TCP/IP configuration.  Your internal Windows Clients need to have their DNS Client settings pointing to the internal DNS servers hosting the AD zone.  A simple network design and possibly the output of IPCONFIG /all from your server and client would help.

    This statement that you posted "The IP is not controlled by me so much, it is more controlled by the ISP." generates additional quetions and concerns.  Are you saying that the IP you have configured on the server is the one provided by the ISP?  The client(s) are not on the same segment as the server?  This is where the network diagram would help.


    Visit: anITKB.com, an IT Knowledge Base.
    Monday, September 27, 2010 1:14 AM
  • Basically I am doing this all on a home network, and I have more knowledge about computer hardware and programing then server config, but hey I got this Server edition for College for free from the College, since I am taking a 4 year course in computer and communication networking, and would just want to be prepared for what to expect.

     

    Anyway back to the task at hand. 

     

    No, I did use ipconfig/all to take down information on the IP of the Machine's and of the gateway, the DNS IP and Alternative IP came from my Router config page since ipconfig/all did not show the DNS IP adresses. I don't think I set the Zones though? What does it do if I set the Zones? Is it as simple as just doing xxxx.domain.dns, xxxx.domain.com?

     

    Here is my network Photobucket

    Monday, September 27, 2010 1:49 AM
  • You can leave the d-link as DHCP server if you want. But you must add the DNS role to your server. Then add the static IP address of you DNS server as primary DNS server on d-link so clients can find DC. Then put the ISP's DNS addresses in the forward lookup zone of your DNS server so clients can find internet. Also make sure your server has static IP address outside of DHCP scope set on d-link.

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    Monday, September 27, 2010 1:56 AM
  • Wait what do you mean "add the static IP address of you DNS server as primary DNS server on d-link so clients can find DC"  What must I change in the D-Link setup page?
    Monday, September 27, 2010 5:19 AM
  •   The short anwer is that your setup is not suitable for running a domain. Running a home network behind a NAT device (such as your D-Link) works OK as a workgroup. The machines use the router as their default gateway and the D-Link acts as a forwarder for DNS lookup. It will not work as a domain without a fair bit of work.

      A longer answer goes like this. Active Directory depends on DNS. All AD member machines should use the local (ie domain aware) DNS server to find domain resources. A domain will not function correctly if the domain members use a public DNS service such as that provided by your router. Your domain machines cannot use the network config provided by your router because it will give them the wrong DNS address.

       There are a few major things you need to do if you want to run this as a domain. The first is to let dcpromo configure DNS for you so that the DNS setup is correct for AD. You then need to modify your local DNS server so that it forwards to a public DNS service. This is essential so that the local DNS can resolve both local and foreign names and URLs. You then need to make sure that your clients use the local DNS only. To do this you will need to configure them manually, modify your D-Link DHCP to hand out the DC's IP address for DNS (as Dave suggested) or run your own DHCP service (after disabling the DHCP service on the router).

       Howerver you go about it, the client machines must end up so that they use the DC for DNS but use the router as their default gateway. There are no shortcuts that work. The AD clients must use the DC for DNS. No other DNS addresses, not even as secondaries.

      Once your machines are set to use the local DNS you will have no problems joining them to the domain.

      


    Bill
    • Marked as answer by Bruce-Liu Thursday, October 7, 2010 12:34 PM
    Monday, September 27, 2010 7:30 AM
  • Does this mean I should make everything in the TCP/IP 4 config to search for IP and DNS automatically?

    Thank you for the answer.

    Ken

    Monday, September 27, 2010 10:51 AM
  • The primary DNS server on d-link should point to your local DNS server (your 2008 server with DNS role) Your DNS server address should be assigned static as we don't want servers own address changing. This is assuming you were going to leave the DHCP role on d-link.

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    Monday, September 27, 2010 1:26 PM
  • Yes, that's correct.

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    Monday, September 27, 2010 1:29 PM
  • I need help with re-capping the instructions

     

    On Windows Server 2008 R2

    1) I add the DNS Role

    2) I run DCPROMO, but if it is already been set up how do I make sure the DNS is correct in AD?

    3) Modify you local DNS server so that it forwards to a public DNS service? How do I do that, and what service is good, I glanced through my router and saw D-Link Dynamic DNS settings, and they have a free Dynamic DNS system? Is that what I should look into? (SEE PICTURE)

    4) Modify D-Link Router to hand out DC's IP Address, where do I modify and where do I find the IP I must use.

    What other steps am I missing.

    Picture of D-Link Dynamic DNS:

    Photobucket
    Monday, September 27, 2010 11:52 PM
  • 1) Yes

    2) You don't need to dcpromo it again. You start Server Manager then Add Roles then add DNS Server
    http://technet.microsoft.com/en-us/library/cc771031.aspx

    3) You open the DNS console and right-click on the DC name, Properties then add your ISP DNS server addresses here on the Forwarders tab. This allows the clients to pass internet name requests to your DNS server which in turn will pass on to your ISP DNS servers.

    4)) I don't know the specifics of what your d-link pages look like but on the DHCP server page you can define the scope (leave some out of the dynamic range for static devices like your DC. You can also add your DC/DNS server IP address here (possibly on WAN page). This way when you set the clients to obtain from DHCP they will inherit the DNS server address and can now find your domain controller.

    5) That Dyn DNS stuff is for incoming traffic. I wouldn't worry about it right now.

     

     

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    • Marked as answer by Bruce-Liu Thursday, October 7, 2010 12:34 PM
    Tuesday, September 28, 2010 1:06 AM
  • I changed the IP Address of my Server so it is now outside the range of the D-Link DHCP xxx.xxx.0.2. I put in the Fowarder my ISPs DNS server ip.

    I set the in the Server Management  DHCP scope to range from xxx.xxx.0.1 to xxx.xxx.0.2.

     

    Is this correct?

    What must  I do now? 

    Saturday, October 2, 2010 2:14 AM
  • I'd make the d-link DHCP scope something like 192.168.1.100 - 192.168.200 Then set the server address above 200 or below 100 mask 255.255.255.0 GW 192.168.1.1(d-link address) and you should be good to go.

     

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    Saturday, October 2, 2010 3:26 AM
  • Do I still have to reserve the IP of the server in the D-Link? Will this cause a conflict since the IP would be greater or lower then the D-Link DHCP scope?

     

    Saturday, October 2, 2010 4:39 AM
  • If you make the d-link DHCP scope something like 192.168.1.100 - 192.168.200 and server is above or below (outside) then no conflict possible.

     

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    • Marked as answer by Kenster1025 Saturday, October 9, 2010 2:41 AM
    Saturday, October 2, 2010 12:22 PM
  • Even though I assigned the IP Address Manually outside of the scope, is it still okay if the Router DHCP still sees it as within the scope? Even though when I did IPCONFIG/ALL the IP I had set was still in place.

    Saturday, October 2, 2010 2:09 PM
  • I don't see how this is possible but with the few clients you have I wouldn't get too hung up on this as yet.

     

     

     


    Regards, Dave Patrick .... Microsoft Certified Professional -Microsoft MVP [Windows]
    Sunday, October 3, 2010 4:08 AM
  • Ok I am sorry to come back to this thread, and I am sorry if this becomes irritating.

     

    It has been a year, and I haven't done anything with the server, and have kind of lost my way. So here is what I want to do with my server, I am probably going to start from scratch, re-install the server or remove the current profile. I want to make my server become a backup server for my 3 machines, 3 Windows Professional 64-Bit PCs. I am still running on my D-Link DIR 655, it still acts as DHCP passing out the IPs between 192.168.1.100 to 192.168.200.

     

    So my first step would be to add DNS to the Active Directory roles correct? Then what do I do to get it seen by the network on the server side, and the router side so then I can add my Clients to the Domain that would be created?



    • Edited by Kenster1025 Sunday, October 16, 2011 1:40 AM
    Sunday, October 16, 2011 1:36 AM