none
Is the internet needed for Active directory and why ?

    Question

  • Hi 

    We have 2 Domain Controllers 

     First I want to know if  the internet required for Domain controllers or not 

    If yes I need to know why and what is the best practice from Microsoft on this case

    Second   

    regarding the DNS , I want what is Microsoft recommendations for DNS as I want to secure the DNS 



    Mahmoud

    Thursday, December 1, 2016 7:52 AM

Answers

  • Hi

    I think internet does not required your local domain controller. In a local office, when someone have domain controller and their systems primary DNS IP point to local DC for authentication and SSO for applications to run... the domain controller play it's role when people browse internet. It just forward the request using root hint or if configured dns forwarder in your domain controller. 

    Hope you got it..

    Thanks

    • Proposed as answer by AlvwanModerator Thursday, December 8, 2016 11:48 AM
    • Marked as answer by Mahmoud Adel_ Monday, December 12, 2016 8:38 AM
    Thursday, December 1, 2016 8:03 AM
  • Internet is not required for a Domain and Domain controller, if you have a DC in multiple location then you should have a connectivity between location

    AD integrated DNS is recommenced which can configure forwarder to resolve non-authoritative DNS entry 


    Regards www.windowstricks.in

    • Proposed as answer by AlvwanModerator Thursday, December 8, 2016 11:48 AM
    • Marked as answer by Mahmoud Adel_ Monday, December 12, 2016 8:40 AM
    Thursday, December 1, 2016 6:02 PM
  • Yes, UPD 53 for DNS queries and TCP 53 for zone transfers (if you use it).
    • Marked as answer by Mahmoud Adel_ Monday, December 12, 2016 8:53 AM
    Monday, December 12, 2016 8:52 AM

All replies

  • Hi

    I think internet does not required your local domain controller. In a local office, when someone have domain controller and their systems primary DNS IP point to local DC for authentication and SSO for applications to run... the domain controller play it's role when people browse internet. It just forward the request using root hint or if configured dns forwarder in your domain controller. 

    Hope you got it..

    Thanks

    • Proposed as answer by AlvwanModerator Thursday, December 8, 2016 11:48 AM
    • Marked as answer by Mahmoud Adel_ Monday, December 12, 2016 8:38 AM
    Thursday, December 1, 2016 8:03 AM
  • Internet is not required for a Domain and Domain controller, if you have a DC in multiple location then you should have a connectivity between location

    AD integrated DNS is recommenced which can configure forwarder to resolve non-authoritative DNS entry 


    Regards www.windowstricks.in

    • Proposed as answer by AlvwanModerator Thursday, December 8, 2016 11:48 AM
    • Marked as answer by Mahmoud Adel_ Monday, December 12, 2016 8:40 AM
    Thursday, December 1, 2016 6:02 PM
  • As noted, an Internet connection is not required for a domain or a domain controller. However it does help to be able to download and install service patches and updates. Otherwise you need to download them elsewhere and copy to your machines.

    And AD integrated DNS is recommended. See:

    https://technet.microsoft.com/en-us/library/cc726034(v=ws.11).aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Thursday, December 1, 2016 9:58 PM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 8, 2016 11:47 AM
    Moderator
  • Hi

    I think there is no internet connection needed for AD , I just port UDP 53 to ISP or Foraward DNS

    is this right ? 


    Mahmoud

    Monday, December 12, 2016 8:40 AM
  • Yes, UPD 53 for DNS queries and TCP 53 for zone transfers (if you use it).
    • Marked as answer by Mahmoud Adel_ Monday, December 12, 2016 8:53 AM
    Monday, December 12, 2016 8:52 AM