locked
Setting up a home / small business network -- baby steps

    Question

  • I am going to finally bite the bullet and set up a network from scratch. It'll be a home network on cable, but the process would be similar with a small business. I'll be using Microsoft Server 2008. I'll probably get some kind of external dynamic dns so I can avoid paying the ridiculous cable fees for a static IP. I'll have an internal AD, DNS, DHCP, etc.

    Problem is, there doesn't seem to be any single source that tells how to do this from beginning to end, either in detail or from a high-level view. I've no doubt that instructions for each and every step are to be found on the net, but there's nothing (that I can find) that ties them together. I'd like to find out things like: Is it better to use the DHCP server on my wireless D-LINK and rely on DDNS to update my DNS server, or should I try to set up a windows dhcp server? (I'd like to do the latter just for the experience, but not if it's going to bite me). How do I set up the DNS so that I control internal names but external names get serviced by the cable co's dns servers? (forwarding, or just list the cable dns servers in the dns servers list?) What's the best way to name my internal domain, given that I want my external web page to be ABC.COM or ABC.ORG?

    Anyway, stuff like that. I'm quite willing to take this a step at a time and ask small questions, so first question: For a knowledgeable network admin, faced with this task, what are the first questions you'd ask yourself?
    Wednesday, July 29, 2009 8:29 PM

Answers

  • We do have relevant guides - it's the Foundation Network and Core Network guides in the Technical Library.  Look at http://technet.microsoft.com/en-us/library/dd630625(WS.10).aspx for the list of all of the currently available guides.

    The base guide at http://technet.microsoft.com/en-us/library/cc771066(WS.10).aspx covers AD, DNS, DHCP, and WINS.  Then there are "Companion" guides to add things like Certificate Services.

    Our team has worked hard to produce these, and we intend to expand the library as time goes on.  I hope they help you out.
    Dave Bishop
    Senior Technical Writer
    Windows Server Networking User Assistance
    Thursday, July 30, 2009 2:47 PM
  •    Here is how I would attack the setup.

        Set up the server to run Hyper-V or ESX.

       Create a vm in a private virtual network (no connction to the physical LAN).

        Give it a static IP in its own IP subnet. Run dcpromo and accept the offer to configure DNS for you.

          Setup DHCP and authorise it in AD.

            Create a second vm and install another instance of Windows Server or a client OS. Link it to the same virtual network as tha DC.


         You should now have all you need to experiment with AD.

          When you are happy that you understand how AD works you can connect this network to the physical network. The best way to do this is to configure a vm as a router between the two networks. You can use RRAS as a NAT router, or you can configure it as a LAN router so that you have full networking between the two networks. (This latter setup requires adding a static route to your  D-Link). Or you could run a software firewall like ISA server.

        The real problem is DNS. You will need to configure forwarders on your local DNS to resolve "foreign" URLs. Configuring forwarding to your D-Link should work for that. That is another reason to run AD in a separate network. AD is not compatible with the DHCP and DNS setup of a ADSL "router".

       To run a web server, I would not put it in the private network. I would run it on the physical home network (rather like running it in a DMZ). If you put the web server in the private (AD) LAN it will be two hops from the Internet and you will need to jump through hoops to see it from outside your network. If you want to run the web server in a vm, it would need to link to the virtual network linked to the physical network. That is the network which is the "public" side of your router/firewall vm. In Hyper-V this is called an external private network (not sure what ESX calls it - maybe bridged).  

       Here is a simple diagram of my current setup with the virtual machines/networks running under Hyper-V on Server 2008 R2.

        Internet
             |
        Netgear  (static route 192.168.31.0 255.255.255.0  192.168.0.99)
       192.168.0.1
              |
       LAN machines
        192.168.0.x   dg  192.168.0.1  (config from Netgear)
              |
       192.168.0.99   dg   192.168.0.1        --------------------------------
         RRAS LAN router                                                                       |
      192.168.31.254   dg    blank                                                       |
              |                                                                                          |
         Server 2008 DC                                                           virtual network
       192.168.31.1   dg   192.168.31.254                                          |
               |                                                                                         |
          AD clients                                                                                |
      192.168.31.x   (config from DHCP on DC)    --------------------------      
    Bill
    • Marked as answer by My Dog Spot Friday, July 31, 2009 8:04 PM
    Friday, July 31, 2009 1:13 AM

All replies

  • Unless your goal is to play with the enterprise technologies in Windows Server 2008, you might instead consider Windows Home Server.  It supports a web site with extensibility to add websites through add-ins and the built-in IIS, and already supports a dynamic dns-type naming service.  You'll be "something.homeserver.com".  It will also use your D-Link's DHCP out of the box, although there is also a DHCP add-in for WHS as well.  Add-ins can be found at wegotserved.com. Anyway, something to think about.  :-)
    Dave Bishop
    Senior Technical Writer
    Windows Server Networking User Assistance
    Wednesday, July 29, 2009 8:47 PM
  • Actually, my goal is at least partly to play with Win2008 Enterprise capabilities. I also have VMWare ESXi and I'm going to try to virtualize at least some of the machines. I run a home-based business and I'm sort of killing two birds with one stone by using my home environment to set up my business network.

    Thursday, July 30, 2009 1:59 AM
  •   That isn't the sort of question that can be answered in a forum. It isn't even likely that you would find all of that info in one place, be it a tutorial or a textbook.

       If you want to experiment with AD, I would suggest setting up your domain on a virtual network with no connection to the Internet first. You can run your own DNS and DHCP server on the virtual network and get a feel for it.

      Connecting domain machines on a private network to the Internet and the associated problems with DNS is a whole new problem. It is not something you want to do until you know how AD works.
    Bill
    Thursday, July 30, 2009 3:19 AM
  •   Here is a simple Q&A on your proposed setup.

      Q1. Can you set up a domain environment behind a home network-SOHO ADSL connection?
         A. Yes, you certainly can. I have done it several ways with several different physical and virtual machines and networks.

      Q2. Is there a step by step guide to do this?
         A. No, because there are too many different ways that it can be done.

      Q3.  If there was a step by step guide and you followed all the steps but it didn't work, what could you do?
         A. Nothing, really.

    Bill
    Thursday, July 30, 2009 5:45 AM
  • Well, you've just invalidated all guides for any purpose, haven't you? That's just silly. Not to mention the whole concept of Best Practices. Sure there are a lot of ways of doing this, as with most things. And most of them will be dead wrong, i.e. you get so far then realize you've dead-ended and it won't work. Most of the rest are suboptimal, i.e. it works but it'll be brittle or unstable, or limit you in some unexpected way. Of the remaining minority of options, it's unlikely that any are perfect -- but they're all workable, and they're probably actually just variations on a theme. I'm looking for that theme, but just as importantly I'm looking for advice on what to avoid.

    I know how to use AD -- I use it at work -- but I'm not the master admin and I didn't set it up. I understand DNS and DHCP, but again, there are different ways they could be set up, and I'd like to hear from someone who tried different ways and discovered what stunk.

    I'm not looking to have my hand held every step of the way, just some general advice. Like for instance (I don't know if this is right, but it's one possible statement): Don't use forwarding when setting up your DNS -- give the clients your internal DNS server address and the cable company's DNS address. Or: Don't use DDNS, it sucks. Or: Use DDNS, it's great. Have both the router and a DHCP server, each serving up different address ranges.

    See? None of these are a huge effort to type, but there are only two ways to find them out: 1) thrash around and try all possibilities until you get the right ones, or 2) Get some advice from someone who's already done so. (and "take a course" is just a variation on #2, but costs more).
    Thursday, July 30, 2009 1:23 PM
  • We do have relevant guides - it's the Foundation Network and Core Network guides in the Technical Library.  Look at http://technet.microsoft.com/en-us/library/dd630625(WS.10).aspx for the list of all of the currently available guides.

    The base guide at http://technet.microsoft.com/en-us/library/cc771066(WS.10).aspx covers AD, DNS, DHCP, and WINS.  Then there are "Companion" guides to add things like Certificate Services.

    Our team has worked hard to produce these, and we intend to expand the library as time goes on.  I hope they help you out.
    Dave Bishop
    Senior Technical Writer
    Windows Server Networking User Assistance
    Thursday, July 30, 2009 2:47 PM
  •    Here is how I would attack the setup.

        Set up the server to run Hyper-V or ESX.

       Create a vm in a private virtual network (no connction to the physical LAN).

        Give it a static IP in its own IP subnet. Run dcpromo and accept the offer to configure DNS for you.

          Setup DHCP and authorise it in AD.

            Create a second vm and install another instance of Windows Server or a client OS. Link it to the same virtual network as tha DC.


         You should now have all you need to experiment with AD.

          When you are happy that you understand how AD works you can connect this network to the physical network. The best way to do this is to configure a vm as a router between the two networks. You can use RRAS as a NAT router, or you can configure it as a LAN router so that you have full networking between the two networks. (This latter setup requires adding a static route to your  D-Link). Or you could run a software firewall like ISA server.

        The real problem is DNS. You will need to configure forwarders on your local DNS to resolve "foreign" URLs. Configuring forwarding to your D-Link should work for that. That is another reason to run AD in a separate network. AD is not compatible with the DHCP and DNS setup of a ADSL "router".

       To run a web server, I would not put it in the private network. I would run it on the physical home network (rather like running it in a DMZ). If you put the web server in the private (AD) LAN it will be two hops from the Internet and you will need to jump through hoops to see it from outside your network. If you want to run the web server in a vm, it would need to link to the virtual network linked to the physical network. That is the network which is the "public" side of your router/firewall vm. In Hyper-V this is called an external private network (not sure what ESX calls it - maybe bridged).  

       Here is a simple diagram of my current setup with the virtual machines/networks running under Hyper-V on Server 2008 R2.

        Internet
             |
        Netgear  (static route 192.168.31.0 255.255.255.0  192.168.0.99)
       192.168.0.1
              |
       LAN machines
        192.168.0.x   dg  192.168.0.1  (config from Netgear)
              |
       192.168.0.99   dg   192.168.0.1        --------------------------------
         RRAS LAN router                                                                       |
      192.168.31.254   dg    blank                                                       |
              |                                                                                          |
         Server 2008 DC                                                           virtual network
       192.168.31.1   dg   192.168.31.254                                          |
               |                                                                                         |
          AD clients                                                                                |
      192.168.31.x   (config from DHCP on DC)    --------------------------      
    Bill
    • Marked as answer by My Dog Spot Friday, July 31, 2009 8:04 PM
    Friday, July 31, 2009 1:13 AM
  • Beauty! Thanks. Those'll keep me busy for at least a month (I don't have as much time to work on this as I'd like...)

    Friday, July 31, 2009 8:06 PM
  • HA YES THE ALL IN ONE BOX CONFIG........SBS,ESB, ETC................

    ALL EGGS IN ONE BASKET? NOT THE BEST PRACTICE!!!!!!!

    The reasoning is that it is always better to use a separate DHCP server or divice that is not set up with Active Directory domain services WITH DNS.  

    It seems to me that if you authorize DHCP in a domain controller that configuration will require a lot of babysitting (monitoring resource records, highjacking, etc.).  

     Setup Active Directory and DNS in one server with one NIC!!!!!!!!!!!!  Use  DHCP from the router (modify its config by using the local DNS from the DC ). You will also need to modify your DC to forward to a public DNS (such as your ISP) so that it can resolve foreign URLs for your AD machines.  Your network would look like this.

       Internet
              |
          public IP
           router
         192.168.1.1      
                |
               DC
         192.168.1.2  DNS 192.168.1.2   GATE  192.168.1.1
                 |
            clients
         192.168.1.X  DNS 192.168.1.2   GATE  192.168.1.1
               

    • Proposed as answer by Requiem87 Thursday, November 05, 2009 8:05 PM
    Wednesday, September 16, 2009 12:48 PM
  • I am getting ready to setup the same thing. So, answering this question helped a great deal, LAWLESSHOME.MVP. Thank you!

    I do think that there should be a guide to setting up a small network with Server 2008. Hundreds, if not thousands, of small business would have pretty much the same configuration:

    A router (Internet access)
    A switch
    A server (Windows server 2008)
    Hard wired clients
    Wireless clients

    A tutorial explaining what is needed and how to setup such a small network with AD would be very helpful to many small businesses. Instead, what is out there is incomplete (assumes too much and leaves out important information/steps) or only creates more questions. I really wish this were not true. Small businesses who want to take advantage of the benefits of AD but cannot afford to hire out for the installation and setup and do it them selves could really benefit from such information.

    Wednesday, November 04, 2009 6:29 AM
  • Hi,

    I can send you A GREAT PDF step by step installation for

    AD DS
    DNS
    DHCP


    ADVISE E-MAIL
    Friday, November 06, 2009 1:34 AM
  • Hi,

    I read this thread with interest as its precisely what I'm trying to do. The problem with most of the existing guides is that they assume a fairly 'corporate' set-up and there's some details that tend to differ from a home office set-up. Also in a corporate environment a lot of the settings and parameters have been set by other groups and you just work with what's given. So guides that just say 'do this, do that' can' be a bit limited. I've had a number of network set-ups over the years in my home office so I'm not without experience. But filling in wizards blindly from step by step guides doesn't teach much.

    So my problems have hinged around the tweaks to DNS and DHCP to work off the back of a fairly typical ADSL-provisioned home office. Most of it is fairly straight-forward by-the-book but I've got some questions which I'll put in the following diagram:-

       Internet
              |
          public IP (static)
           router (Netgear DG834G [have alternatives], DHCP disabled
         192.168.7.1      
                |
                |
               DC (2008 Serv, AD, DNS, DHCP)
         192.168.7.15  DNS 192.168.7.15   GATE  192.168.7.1 (NIC IP settings) [Had to use this gateway setting otherwise couldn't get out to internet.]
    [This was set-up by using step-by-step guide and wizard defaults. It works OK most of the time but has to be rebooted every 2/3 days as name resolution stops working for clients and nothing else makes it work again. Is it my bad or an OS fault?]
                |
                |
            Clients (via DHCP)
         192.168.7.X  DNS 192.168.7.15   GATE  192.168.7.1 [Had to use this setting in the scope otherwise clients couldn't get out to internet.]

    According to a lot of the guides I've read DHCP should point all clients to the DC/DNS server, the server NIC settings should point to itself and DNS will then merrily direct traffic as required. But surely DNS needs an explicit setting to 'know' where to direct external traffic. Which I would have thought was the function of a 'forwarder' but some guides say not to use one. Hence my confusion and I'm sure others when trying to set-up a relatively simple network.

    So, have I made a dumb mistake or otherwise failed to grasp some arcane aspect of DNS?

    Thanks

    Paul
              

    Monday, November 30, 2009 7:05 PM
  • Hello,

         I have a question with respect to your setup diagram. I have a similar setup as far as the private lan portion. I installed Vmware workstation and created a vm with server 2008 standard. My question is this. Is it possible to join one of my lan pcs 192.168.0.x to the vm running server (2008 192.168.5.130) if the vm is on that same lan pc? This is not for any practical purpose im simply trying to understand server 2008. Last time I used windows server was NT 4.0 and it was EASY compared to this monster. I just setup an NT server, set it up as a DC and create accounts and bam log on to domain np. This thing....good god...extremely hard. Also another quick question if I have not confused you already. When I was setting up AD Domain services role it installed a DNS server and ask a bunch of question regarding FQDNS name such as a blan.com etc. Since, this is a private lan, 192.168.0.x, what do you put for this fully qualified name? Can you just make up a fake name? Does this name matter when trying to join the domain? Thank you very much for your time and I hope I havent confused you :)

    Roger G.
    Friday, December 11, 2009 6:49 PM
  • anything.com is ok!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Saturday, December 12, 2009 5:25 AM
  • HA YES THE ALL IN ONE BOX CONFIG........SBS,ESB, ETC................

    ALL EGGS IN ONE BASKET? NOT THE BEST PRACTICE!!!!!!!

    The reasoning is that it is always better to use a separate DHCP server or divice that is not set up with Active Directory domain services WITH DNS.  

    It seems to me that if you authorize DHCP in a domain controller that configuration will require a lot of babysitting (monitoring resource records, highjacking, etc.).  

     Setup Active Directory and DNS in one server with one NIC!!!!!!!!!!!!  Use  DHCP from the router (modify its config by using the local DNS from the DC ). You will also need to modify your DC to forward to a public DNS (such as your ISP) so that it can resolve foreign URLs for your AD machines.  Your network would look like this.

       Internet
              |
          public IP
           router
         192.168.1.1      
                |
               DC
         192.168.1.2  DNS 192.168.1.2   GATE  192.168.1.1
                 |
            clients
         192.168.1.X  DNS 192.168.1.2   GATE  192.168.1.1


    Hi LAWLESSHOME.MVP,

    Do you have more detailed guide for configuring the Windows Server DC to use DHCP from a CISCO Router?

    Thks in adv.
    Wednesday, December 23, 2009 2:22 AM
  • Hi,

    I can send you A GREAT PDF step by step installation for

    AD DS
    DNS
    DHCP


    ADVISE E-MAIL

    Pls send the pdf to angwyshield-technet (AT) yahoo (DOT) com

    Many thanks!
    Wednesday, December 23, 2009 2:30 AM
  • Hi,

    I can send you A GREAT PDF step by step installation for

    AD DS
    DNS
    DHCP


    ADVISE E-MAIL

    Please also send this guide to andrej770 (AT) gmail (DOT) com.  Thanks.
    Monday, January 25, 2010 7:01 AM
  • Hi,

    Would you please send your *.pdf which shows the step-by-step install to:   trythisout2 (AT) yahoo (dot) com

    Thanks so much,
    Tuesday, February 02, 2010 8:03 AM
  • Hi,

    I can send you A GREAT PDF step by step installation for

    AD DS
    DNS
    DHCP


    ADVISE E-MAIL
    Hi,
    Can you please send PDF guide to rhymeswithjello -\ AT /- gmail -\ DOT /- com as well?
    Thank you!
    Tuesday, February 02, 2010 9:00 PM
  • Hi MVP,

    I will greatly appreciate if you can send the guide to jackm_2007 (AT) hotmail (DOT) com.  Thanks a lot.
    Friday, February 05, 2010 3:50 AM
  • Please send me the GREAT PDF step by step installation for

    AD DS
    DNS
    DHCP

    My email address is jtupling (AT) verizon (DOT) net

    Thanks

    Sunday, February 28, 2010 4:20 PM
  • Could someone please forward the PDF's to   tverberg@rocketmail.com

    Thanks
    Monday, March 01, 2010 11:23 PM
  • I also would appreciate a copy if possible

    Thanks,


    redmondmw@yahoo.com
    Tuesday, March 09, 2010 5:40 PM
  • I know this is a few months old but this article covers exactly what I'm trying to do and I would also like a copy of your guide if you have it. Please send to dadumply@gmail.com.

    Much Appreciated

    Tuesday, April 20, 2010 10:42 PM
  • Hi Bill,
    what ip,sn, & dg do i assign to win2k8 server if i want to setup my domain on a virtual network to experiment with windows server 2008?

    24-port switch -----> win2k8
    |    |     |      |
    |    |     |      ws1
    |    |     |
    |    |     ws2
    |    |
    |    ws3
    |
    ws4

    ws: workstation (win7)
    eventually, i want to add AD DS, DNS, DHCP to this server to play around with server 2008.

    thank you

    Monday, May 10, 2010 2:43 PM
  • Can you please send me the PDF  Nathan_wetzel@att.net

     

    Saturday, June 26, 2010 4:34 AM
  • Hi,

    I can send you A GREAT PDF step by step installation for

    AD DS
    DNS
    DHCP


    ADVISE E-MAIL


    please forward me the PDF

     

    nathan_wetzel@att.net

     

    Thanks

     

    Saturday, June 26, 2010 4:35 AM