Question about domains/active directory

C

cr9c1

Weaksauce
Joined
Feb 12, 2004
Messages
125
Greetings all,

I am fairly new to Windows Server 2003, but I have been getting pretty good with it as of late.

However, I would like to address one thing that bugs me. I have a few laptops that are connected to the domain but also leave the workspace occasionally. I understand that the laptops cache the domain data, but when I set up a new laptop or computer and first try to add it to the domain, it will not let me unless I assign the device a static ip. Once I give it a static IP, I can login in and what not with no problems. However, when I set the computer back to DHCP, I can still login but a different user cannot login, even though it has a connection to the server, but not a static IP address.

I hope you are following me here. I have all the computers that access the domain all the time setup with a static IP address, so this is not an issue. But it is for the laptops that leave the workspace. When someone else on the domain tries to login when the laptop is set to DHCP, it won't let them unless an admin logs in and sets it to static. Do you follow?

Is there any way around this? Thanks in advance.
 
cr9c1 said:
... I have a few laptops that are connected to the domain but also leave the workspace occasionally. I understand that the laptops cache the domain data...
Click to expand...

Thats partially true. Windows will cache the domain credentials for any user that logs in while connected to the network. It does NOT cache the entire domain.

...but when I set up a new laptop or computer and first try to add it to the domain, it will not let me unless I assign the device a static ip. Once I give it a static IP, I can login in and what not with no problems. However, when I set the computer back to DHCP, I can still login but a different user cannot login, even though it has a connection to the server, but not a static IP address.
Click to expand...

What do you mean when you say it still has a connection to the server? My guess is that your DHCP scope is on a different subnet than the static IP address. When you assign it static, you're then able to talk to the domain controller. When you remove the static address, the machine is no longer able to talk to the domain controller and falls back on the cahced credentials. If this is what is happening, you're in for some fun an excitement (major headaches) when someone locks their account, or any major AD event occurs (password change day, machine password changes, etc).


Your problem sounds like a DNS issue. Make sure that your DHCP scope is assigning the proper DNS servers and that you can resolve the name of your domain (ping mydomain) while using the DHCP address. You *NEED* proper a proper DNS solution when you're in a domain enviornment, and it NEEDS to be working. If not, weird things can happen as windows tries to compensate for not being able to resolve things that it should be able to resolve.
 
cr9c1 said:
When someone else on the domain tries to login when the laptop is set to DHCP, it won't let them unless an admin logs in and sets it to static. Do you follow?
Click to expand...
If someone tries to log onto a laptop that is off the domain, such as an employee taking a laptop home, they won't be able to do so, unless they have previously logged onto the computer while on the domain, so their credentials are cached. This makes no difference whether or not the IP is static or assigned by DHCP.

If they try logging on to the laptop while it is on your domain, and they can't while it is assigned an IP by DHCP, you have some networking/DHCP config issues to figure out first. DHCP makes life much easier on a domain, so I'd look into this issue first.
 
Thanks for your response. I first figured it was a DNS issue. Currently, the server does not handle DHCP. I have the core router set to assign DHCP. I take it when setting the computer with a static IP address, I set the DNS as the server IP address. However when a computer grabs the IP address via DHCP, it's probably grabbing the ISP DNS, correct? If so that would support my theory of why it works via static. Currently, all computers have static IPs that need to access the server. The laptops only need a static IP address for the user to login once (since laptops are not shared) and otherwise will not require a static.

Am I correct to assume that the only way to fix this, is to get the server to handle DNS? If thats the case, I can leave it as it is, as it's rare that an outside computer will need access to the server.
 
This is because of DNS. You need to setup your DHCP so it hands out a DNS server that 'knows' about your domain (probably the AD controller itself).
 
I assumed so. Thanks for the help guys. I will have to look into how much of a pain it will be. Has anyone done this before? Is it kinda easy to do, or a pain?
 
cr9c1 said:
I assumed so. Thanks for the help guys. I will have to look into how much of a pain it will be. Has anyone done this before? Is it kinda easy to do, or a pain?
Click to expand...

It's generally very easy to do... This is the über high level version, but you should be able to adapt it pretty easily.

Say that your router's IP address is 10.10.10.1
And your DC's address is 10.10.10.2
And your DHCP range is 10.10.10.100-200

On your router, set the DNS server to 10.10.10.2. You might also need to change the DNS server in the router's DHCP settings. If you need more info, post what router you are using.
 
You must log in or register to reply here.
Back
Top