ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Where do I start with replacing the whole MS AD stack

    Scheduled Pinned Locked Moved Water Closet
    microsoftactive directoryaddhcpdns
    104 Posts 8 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by

      Re: What Are You Doing Right Now

      @Donahue said in What Are You Doing Right Now:

      Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

      Start with DHCP and DNS.
      Those are easy, low hanging fruit.

      First DHCP, because it is tied to nothing.

      Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

      DonahueD DashrenderD Emad RE 3 Replies Last reply Reply Quote 3
      • DonahueD
        Donahue @JaredBusch
        last edited by

        @JaredBusch said in Where do I start with replacing the whole MS AD stack:

        Re: What Are You Doing Right Now

        @Donahue said in What Are You Doing Right Now:

        Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

        Start with DHCP and DNS.
        Those are easy, low hanging fruit.

        First DHCP, because it is tied to nothing.

        Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

        I know those are the low hanging fruit, but what I dont know is how much AD want to have DHCP and DNS under it's umbrella. I know I used to have AD by itself, with DHCP on the router and no internal DNS. Everything has seems to work better since I tied them all together.

        JaredBuschJ 1 Reply Last reply Reply Quote 0
        • DonahueD
          Donahue
          last edited by

          what I need to look up is what to run for internal DNS. This whole thing is stupid and makes me hate MS licensing even more.

          1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @Donahue
            last edited by

            @Donahue said in Where do I start with replacing the whole MS AD stack:

            @JaredBusch said in Where do I start with replacing the whole MS AD stack:

            Re: What Are You Doing Right Now

            @Donahue said in What Are You Doing Right Now:

            Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

            Start with DHCP and DNS.
            Those are easy, low hanging fruit.

            First DHCP, because it is tied to nothing.

            Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

            I know those are the low hanging fruit, but what I dont know is how much AD want to have DHCP and DNS under it's umbrella. I know I used to have AD by itself, with DHCP on the router and no internal DNS. Everything has seems to work better since I tied them all together.

            Your problem

            no internal DNS

            I specifically stated in my post that you have to handle that.

            Only fixing the DNS fixed your problems.

            DonahueD 1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403
              last edited by

              Why would you have no internal dns?

              DonahueD scottalanmillerS DashrenderD 3 Replies Last reply Reply Quote 0
              • DonahueD
                Donahue @JaredBusch
                last edited by

                @JaredBusch said in Where do I start with replacing the whole MS AD stack:

                @Donahue said in Where do I start with replacing the whole MS AD stack:

                @JaredBusch said in Where do I start with replacing the whole MS AD stack:

                Re: What Are You Doing Right Now

                @Donahue said in What Are You Doing Right Now:

                Where do I start with replacing the whole AD/DHCP/DNS stack for managing windows machines? I'm locked in to windows desktop OS for the foreseeable future, but I dont need to be dependent on them for everything else. I can see the next generation of services not using windows server in anyway, with SQL being able to be run from linux or windows 10, and something like Nextcloud running the file server.

                Start with DHCP and DNS.
                Those are easy, low hanging fruit.

                First DHCP, because it is tied to nothing.

                Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

                I know those are the low hanging fruit, but what I dont know is how much AD want to have DHCP and DNS under it's umbrella. I know I used to have AD by itself, with DHCP on the router and no internal DNS. Everything has seems to work better since I tied them all together.

                Your problem

                no internal DNS

                I specifically stated in my post that you have to handle that.

                Only fixing the DNS fixed your problems.

                I know I needed internal DNS, and that was what resolved most of my issues. But I was asking where to start with getting some other internal DNS setup.
                I guess I didnt understand your post when you said

                Second DNS. You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch
                  last edited by

                  So first, you setup your DHCP up on your non Windows Server device.

                  Router, pfSense, WTF ever.

                  But you set it up so that the DNS it hands to the clients is the Windows server.

                  At that point, DHCP is migrated.

                  DonahueD 1 Reply Last reply Reply Quote 3
                  • DonahueD
                    Donahue @DustinB3403
                    last edited by

                    @DustinB3403 said in Where do I start with replacing the whole MS AD stack:

                    Why would you have no internal dns?

                    We used to only use public external DNS because we didn't have servers at all. When we first got our servers, I didnt really know what DNS was and we ran for while with no internal DNS, but there were lots of issues as you can imagine.

                    1 Reply Last reply Reply Quote 0
                    • DonahueD
                      Donahue @JaredBusch
                      last edited by

                      @JaredBusch said in Where do I start with replacing the whole MS AD stack:

                      So first, you setup your DHCP up on your non Windows Server device.

                      Router, pfSense, WTF ever.

                      But you set it up so that the DNS it hands to the clients is the Windows server.

                      At that point, DHCP is migrated.

                      no, I got that. But simply using windows DNS as a service requires the CAL. I need to run some other DNS server.

                      DustinB3403D JaredBuschJ 2 Replies Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @Donahue
                        last edited by

                        @Donahue said in Where do I start with replacing the whole MS AD stack:

                        @JaredBusch said in Where do I start with replacing the whole MS AD stack:

                        So first, you setup your DHCP up on your non Windows Server device.

                        Router, pfSense, WTF ever.

                        But you set it up so that the DNS it hands to the clients is the Windows server.

                        At that point, DHCP is migrated.

                        no, I got that. But simply using windows DNS as a service requires the CAL. I need to run some other DNS server.

                        Centos, Fedora, Ubuntu. .

                        1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @Donahue
                          last edited by JaredBusch

                          @Donahue said in Where do I start with replacing the whole MS AD stack:

                          @JaredBusch said in Where do I start with replacing the whole MS AD stack:

                          So first, you setup your DHCP up on your non Windows Server device.

                          Router, pfSense, WTF ever.

                          But you set it up so that the DNS it hands to the clients is the Windows server.

                          At that point, DHCP is migrated.

                          no, I got that. But simply using windows DNS as a service requires the CAL. I need to run some other DNS server.

                          One thing at a time. Changing all the pieces at once is a good way to break your shit, again.

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @DustinB3403
                            last edited by

                            @DustinB3403 said in Where do I start with replacing the whole MS AD stack:

                            Why would you have no internal dns?

                            LANless? Other than being a cache, often no need for internal DNS.

                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch
                              last edited by JaredBusch

                              Once your DHCP is all fixed, then you can move on to DNS.

                              Unless you have a need for a fully managed DNS system with a fuck ton of records, I recommend just using the system that is doing the DHCP. Router, pfSense, WTF ever.

                              Here is how I do it at a remote site for a client that has IPSEC between their sites.

                              This is the config in their ER4

                              10.1.1.4 is the Windows AD server.
                              So the router looks to that first. The options also tell it to know that domain and domain.local are 10.1.1.4

                              0_1543600322170_140fa1fc-128a-4ab7-bd86-0fef264eedaa-image.png

                              JaredBuschJ DonahueD 2 Replies Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @scottalanmiller
                                last edited by

                                @scottalanmiller said in Where do I start with replacing the whole MS AD stack:

                                @DustinB3403 said in Where do I start with replacing the whole MS AD stack:

                                Why would you have no internal dns?

                                LANless? Other than being a cache, often no need for internal DNS.

                                Unrelated to this discussion.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • black3dynamiteB
                                  black3dynamite
                                  last edited by

                                  Like @JaredBusch keeps saying, start with DHCP because that's the easiest. When I was moving away from AD, DHCP was the first thing I started with. Just document any DHCP settings like reservation, network booting and so on.

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @JaredBusch
                                    last edited by

                                    Once you setup DNS, you can manually set your DNS On a test workstation to point to the new system and make sure everything works as expected.

                                    Then you update your DHCP to hand out that IP as the DNS.
                                    0_1543600595155_1303cbdc-cce2-451c-bd95-2cbe47784756-image.png

                                    1 Reply Last reply Reply Quote 0
                                    • DonahueD
                                      Donahue
                                      last edited by

                                      I am in the middle of changing all my DHCP stuff, which is what prompted this whole thing. I want to switch over to reservations for everything, but it got me thinking about CALs, and it all snowballed from there.

                                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @Donahue
                                        last edited by

                                        @Donahue said in Where do I start with replacing the whole MS AD stack:

                                        I am in the middle of changing all my DHCP stuff, which is what prompted this whole thing. I want to switch over to reservations for everything, but it got me thinking about CALs, and it all snowballed from there.

                                        Well first, you don't change anything.

                                        Get it cleaned up and in a known good working state.

                                        DonahueD 1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @JaredBusch
                                          last edited by

                                          @JaredBusch said in Where do I start with replacing the whole MS AD stack:

                                          You need to have your DNS use your AD server as it's forwarder, but everything else can look at your DNS.

                                          How will this affect licensing? Do you only need one CAL for that DNS server, since it's the only thing actually talking to the server? Interesting work-around to MS licensing.

                                          DonahueD 1 Reply Last reply Reply Quote 0
                                          • DonahueD
                                            Donahue @JaredBusch
                                            last edited by

                                            @JaredBusch said in Where do I start with replacing the whole MS AD stack:

                                            Unless you have a need for a fully managed DNS system with a fuck ton of records, I recommend just using the system that is doing the DHCP. Router, pfSense, WTF ever.

                                            I've got just our 50 or so workstations and then our servers as records. I don't need much.

                                            DashrenderD 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 3 / 6
                                            • First post
                                              Last post