News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About
The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot your password?

Server Based Network Guide

YeOldeStonecat's guide to setting up a domain based network
2005-06-15 10:13 by

Getting TCP/IP working with DNS

Often on the forums I’ll see requests for help by people who are attempting to setup local domain based networks, meaning…they have a server that they wish to run as a DC (Domain Controller), and have a proper client/server based network. Prior to Windows 2000 Server, with Windows 2000 Professional or higher clients, the network would still function relatively well even if the protocols and services were setup rather loosely. People often used NetBEUI on the server and Win9X clients, and "it would work". Even with just TCP/IP, name resolution often worked enough. Back then DNS was often really just used for resolving internet address, not for local network resolution.

With 2000 and higher…the focus shifted more on DNS. With Win2K and higher, DNS is now used for local network resolution. When running a domain, it’s important to have this setup correctly.

 

Setting up the Server

I’ll assume a typical setup in this example, behind a basic NAT router (which is what more and more small businesses are using). Screenshots are from my home setup, my router has a LAN IP address of 192.168.69.1, and currently it’s the gateway for my network. My Microsoft Small Business Server 2003 is 192.168.69.11. It’s running as my domain controller, therefore it’s running DHCP, DNS, and WINS…amongst other things. SBS (Small Business Server) installs the WINS service by default, however vanilla server users need only install the WINS service if they run Windows 9X clients…as Win9X needs that for optimal name resolution (rather than utilizing DNS for that). If you’re only running 2K or higher clients on basic setups, don’t worry about installing WINS.

When building a server, I like to setup the TCP/IP upon first desktop login…before continuing with the "Configure Your Server" wizard, which basically kicks off DCPROMO. Here’s where you choose your domain name, such as the default "mydomain.local". I choose the ".local" instead of .com or whatever due to various factors which would be material for another article. The server should look at itself for DNS, and if it’s running WINS…should also look at itself for WINS. Nothing else. In my home example:

Servers IP address 192.168.69.11
Servers subnet mask 255.255.255.0
Servers Gateway 192.168.69.1
DNS 192.168.69.11
WINS 192.168.69.11

Right-click "My Network Places", select "Properties". Right-click "Local Area Connection", select "Properties", double-click "Internet Protocol TCP/IP"

Click to expand
Click to expand

Click on the "Advanced Tab" to get to WINS

Click to expand
Click to expand

If you have any additional member servers on your network, like a server that’s running Exchange, or file storage or something else…they should look at your DC for their DNS and WINS (if used). Example:

ServerBs IP address 192.168.69.12
ServerBs subnet mask 255.255.255.0
ServerBs Gateway 192.168.69.1
ServerBs DNS 192.168.69.11
ServerBs WINS 192.168.69.11

Now, lets finetune your DNS service properties on your DC. What you want to do is find out what your ISPs two DNS servers are. Several ways of finding this out, check your ISP's support pages, or any documentation they sent you, or call up their tech support. Or perhaps the quickest and most accurate, log onto your router, head for the status section, look under the WAN status…you’ll find them there. ISPs rarely change DNS servers, but once in a while it can happen due to a buyout or big overhaul. It might be a good idea to check on this once in a while to make sure you still have the correct DNS servers being used. Now that you found out what your ISPs two DNS servers are, you enter them into the forwarding section of your DNS service properties. To get there, open up your Microsoft Management Console (MMC). Several ways of getting there: Start > Server Management. Or right-click "My Computer" and select "Manage". Or Start > Programs > Administrative Tools > DNS. You drill down through the services to get to your DNS service, right-click the DNS object, select Properties, and you’ll see the "Forwarding" tab there.

Click to expand
Screenshot of the full Small Business Server management console
Click to expand
Screenshot of the basic MMC if you right-click "My Computer" and select "Manage"

The theory is adding your ISPs DNS servers as forwarders, is that any requests that your DC gets which it does not know (such as websites)…it will turn around and ask the DNS servers which you entered here. Your ISPs DNS servers are usually just one hop away, so they’ll reply faster…in theory. If you have special hosting done elsewhere for web and/or POP e-mail, you can enter that hosts DNS servers here also or instead.

Now…for the clients on your network. Similar to your server(s), they should look at your DC as their one and only DNS server. Whether you hand out addresses using DHCP, or manually assign them, you want to follow this rule. I prefer letting the DC run DHCP for the network, things just "work better" when you do that. By default, routers will have their DHCP enabled. By default, routers (depending upon model and firmware used) will hand out your ISPs DNS servers, or their own address and do DNS forwarding themselves. You don’t want this, you need your clients to get your DCs IP address as their one and only DNS server. Now many routers will allow you to edit their DHCP properties, you could edit that and enter your DCs IP for DNS and WINS, however, I prefer to let the Windows server do its job…after all…it’s a server, it should be boss of your network, and the DHCP service on a Windows server is supposedly more robust and reliable than the router. Clients should report into your servers DHCP service for optimal performance. Now the Windows DHCP service will stall out if it detects another device's DHCP service running…so you should disable the DHCP on your router, then configure your server's DHCP scope, authorize, and start it. I often do a client address pool starting at 100, and going up from there. That leaves me with .2 to .99 for static devices like servers, print servers, networked scanners, other "special network services". So workstations should get the following info from DHCP:

IP address 192.168.69.100, 192.168.69.101, ...102, ...103, etc.
Subnet mask 255.255.255.0
Gateway 192.168.69.1
DNS 192.168.69.11
WINS 192.168.69.11 (if applicable)
WINS node type 0x8 Hybrid (if running WINS)

And that should do it. You can create your domain user accounts, run Windows updates on your server, install your networked antivirus program, build your workstations, run their Windows updates, properly join them to the domain…oh yeah, lets take a quick peek at that.

 

Workstations Setup

Now that your server is ready, you want to take your Win2K or XP workstations, and properly join the domain. To do so, sitting at the workstation, right-click "My Computer", select "Properties". Click the "Computer Name" tab. "To rename this computer or join a domain click Change"… Rename the computer if you wish and reboot. Repeat process to this spot again, or if it’s named to your satisfaction, change the radio button from workgroup to domain, and enter your domain name, such as "mydomain.local". You can even enter the shorted netbios name of your domain you put in when you ran DCPROMO. You will get a challenge for authentication, here’s where you enter the Domain Administrator's account name and password (that you use to log onto the server), or enter an account you created with admin rights. It should give you a "Welcome to the blahblahblah domain" message if things were done correctly. It will prompt you to reboot. Pause for a minute - at this point I always change the local Administrator account password, so that it’s at least something, and not blank. Too many worms and viruses spread taking advantage of that account being left blank or weak. Your choice of what to make it, whether it’s the same as the domain admin one, or something else.. just make sure you know it, document it (can be the same across all workstations). Now reboot.

After a reboot, you’re then faced with Ctrl+Alt+Del - before you actually log in, click that new "Options Button" you see. If you click the drop-down arrow, you’ll (within a few seconds as it builds the list) see the domain listed. The first choice would be the netbios name of the computer you’re at. So you have a choice of 1) Local login, or 2) Domain Login. In pretty much most cases you’ll forever leave it at the domain login. The next step that I do is log into the domain using the domain Administrator's account. I do this because I feel it’s the quickest way to add the domain users to the local admin group. It’s important to remember the difference between the "domain accounts/groups", and the "local accounts./groups". You’re pretty much all done with local accounts/groups…except for one more step, which is not necessary - just a personal preference I usually do.

Having logged into the domain on this workstation as the domain admin, right-click "My Computer", select "Manage", navigate down the MMC to "Local Users and Groups"…Groups. This here is the local users and groups...which is separate from the domain users and groups. If your computer was used as a stand alone or in peer to peer mode before, you’ll have those user accounts listed here. But once we’re done with this next step, this will mostly never be used again since this computer is now part of a domain. I add the domain group "Domain Users" to the local "Administrators" group. This means that anyone having a domain account logging onto this workstation will have "local" admin rights. They can install software, install hardware, etc. Whether you choose to do this or not depends on your environment. Most of my small business clients are setup this way, and it can be different for the separate users, depending on whether they like to "play" with their workstations too much. If you don’t do this, to install most software or configure hardware, someone with domain admin rights will have to log onto the workstation. This may or may not work for you. Notice in the following screenshot, you’ll see the domain admins group has already been added to the local Administrators group, and I have already added my domain Catspad\BMayo account. You’ll also see an account that’s called just called BMayo - that is a local account which I never use, I just put it there to visually illustrate what a local account looks like, and a domain account.

Click to expand

Now you can log off as the domain Administrator, and log back into the domain under the user's account. Being the first time that you logged in as that user, it will take a few seconds longer to "build the profile" in of C:\Documents and Settings\… then you boot up to a clean desktop, and proceed to configure as you wish.

And that does it, hope this helps.

I will hopefuly continue to edit based on feedback and future changes in operating systems.

Brian Mayo (YeOldeStonecat)

 

  User Reviews/Comments:
    rate:
   avg:
by Mux - 2006-03-01 14:22
Great write up for someone who is trying to get ' server based Home Network ' Setup !!!
Great !!!

Thank you.

Mux
by Yan - 2006-03-21 18:47
Wonderful!
by ohcanada - 2006-08-28 23:19
Certainly helped me! Thanks
by Nittz - 2006-09-05 14:34
Thank you, this is good stuff...
by Bunster147 - 2006-09-08 14:26
Perfect. Why did I not ask you 2 months ago when I had the problem, Duh. Thanks a million, I will now be able to sleep ay night.
by Amit Vyas - 2006-09-11 01:02
I m very happy to see that such a people are there who are always ready to others , Great , wounderfull

Thnx
by Lokesh Thakur - 2006-09-13 05:53
good

These tips are very usefull, even then they are free.

thanks
by choltas - 2007-03-29 11:57
thank u
by N15H - 2007-05-10 17:14
I found it very usefull. Thanks for your effort and generosity. If you get time please put the updated guide for Vista.

Thnx
by anonymous - 2007-05-23 18:22
phew! i needed this for my networking assignment by tomorrow, your the hero of the day
by Bob_Ellis - 2007-06-01 07:21
Geez! Is it really that easy? Thanks. Total newb going to try this at home.
by Atramhasis - 2007-07-17 16:49
Thanks, this is really an easy introduction to home networking.
Albeit, I think I will not set up all users as Admins...
by TechSoEasy - 2007-07-26 20:12
I understand that the goal of this article was "Getting TCP/IP working with DNS" and it definitely does describe how to accomplish this on a STANDARD Server 2003, but since the example server used was a Small Business Server, then the methods are completely wrong and should never really be used when you have a Small Business Server for your Domain Controller.

All DNS and Networking configurations are handled by running the Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console). It's important to use this wizard instead of manual configurations because SBS has many integrated components which may have conflicts if the settings aren't correct.

You never run DCPROMO on a Small Business Server because it's done as part of the integrated installation and setup. So this sentence is completely off:

"…before continuing with the "Configure Your Server" wizard, which basically kicks off DCPROMO. Here’s where you choose your domain name, such as the default "mydomain.local". "


Additionally, joining a workstation to the domain in an SBS environment is done by running http:///connectcomputer and not through the system properties. Joining in this manner will ensure that things do work properly and you will be able to enjoy all of the features provided by SBS.

So, just a warning to the newbies who posted such glorious praise... if you're using SBS, don't follow the steps above because you will not only waste your time but you will end up with an unsupported configuration that can case further problems for you in the future.

If you're installing just a standard Server 2003, then have at it!
by YeOldeStonecat - 2007-08-06 07:52
Just a reply to "TechSoEasy"...

The article used SBS simply for screenshots..as it's what I was running on my home network at the time. It was not an article on the steps of unbuckling and setting up SBS.

I agree running the Connect to the Internet Wizard within SBS is the proper way to configure and reconfigure SBS, as if you see the many posts I have helping people in the networking forums encourage them to do so. But...once you're familiar with what the wizard does...you'll see that my main points all line up.

Configure your server does kick off "dcpromo"...under the hood. The "configure your server wizard" is just that...a "wizard", which runs a bunch of basic commands under the hood. Again, the article is meant to focus on TCP, DNS, and DHCP, not "how to unbuckle and configure SBS".

How you connect your workstations is a matter of preference...you can run through the ConnectComputer if you want to, or do it the manual way...which is the method I still prefer anyways when I deploy about 1x SBS network a month. 6 of 1, half a dozen of the other, end result is the same, workstations will still get their settings and optional components.
by Adam - 2007-08-11 15:34
Setup local network with a Switch but no router.

Hi,
Excellent article, very thorough. However, I wish to setup the above as a test network locally with a Server (Server 2003 Std) and an XP client. But I do not want this network to connect to the internet at all or a Router for that matter, just a switch.

Am I ok to do the above and ignore the instructions of setting DNS forwarding and if so, what IP address do I need to enter in the DNS forwarding part.

Your help would be really appreciated.
by YeOldeStonecat - 2007-12-15 09:38
So just skip using a gateway. By default DNS on the server will relay to the root servers..but since you won't be connecting to the internet...no requests made for internet addresses.
by kills - 2008-01-12 18:02
Thanks for the article.

But i want to ask, well this should work but it kinda dont want to. I have a home network with router and 2 pc. On one i am running win2003 server and the other laptop is going on winxp. The thing is i am connecting on router from that laptop(yeah this is the client) through wireless. I have gone step by step through your guide, but simply i still get that error domain not available when i try to login to my domain. where could be a problem? do i have setup my dhcp wrong? or is it a problem getting to know the my server when i try to connect to my network through wireless, where could be the problem? thanks
by kills - 2008-01-12 19:19
one more thing, it works when i am connecting my laptop via cable, but not when via wireless, the dhcp is not working then. Cable is fine, but it only assigns me ip adress but not the ip adresses of dns and gateway, so i can't reach internet (when i have set that manually, worked pretty well)
so my question would be what should i do to be able to get connected via wifi (i know this is not a usual case in most of small business networks, but i want to have it working at home where i am most of time on wifi)

and i could add domain users to administrators group because the whole m computer manager freeze, i don't know why :/.

Cool is that now i understand a little bit more how this whole networking in windows works. Thanks, for the tutorial!!a
by YeOldeStonecat - 2008-03-12 10:50
Kills...

If it works with a wired setup...it will work with a wireless setup..if it's a wireless router. TCP will be the same. The key is..make sure you're connecting to YOUR wireless router....DHCP from the server will still flow across the wireless. Check your SSID, wireless security, etc.
by anonymous - 2008-05-21 07:28
sir i got a problem when converting workgroup to domain in test environment in exixsting network..when i join a workgroup system to domain..after joining it gave error ..duplicate name conflict..help
manmohan20@gmail.com
by IanC - 2008-09-14 12:30
I have a bit of a challenge. This solution is very thorough and works quite well for both domain members as well as guest computers to the network. The problem comes about when I bring home my system from the office which is a member of my work domain and attempt to get wireless / domain services. I have gotten around this by assigning a static IP and DNS in the alternate IP option on the client. What does one do if there is no local admin access to the client?
by anonymous - 2009-08-11 22:17
Thank you, extremely helpful.. Thanks again for your time and knowledge
by khan - 2009-12-15 19:58
Hi, Thanks for providing such a good and short info. Everything is simple and straight forward.I was like GPS system, straight to the point. thnks again.
by jandarsun8 - 2013-01-08 03:00
Working with Server 2012, this was still very much helpful. Thank you for the detailed instructions and screen shots. This was exactly what I was looking for while setting up a small domain at a home business while using a Linksys/Cisco small office router.

Again, thank you.
by anonymous - 2013-01-17 23:47
Great write up
comment print discuss top

exec. time: 0.01249 s
Copyright © 1998-2014 Speed Guide, Inc. All rights reserved.
Terms of Use | Privacy Policy