Skip to content
CMH's profile

Visitor

 • 

9 Messages

Thu, Jul 16, 2015 12:00 PM

Small Office Network with a Domain Controller

Need help in setting up a small Office Network with a Domain Controller.

 

I would like to setup a small office network with the following:

1. Domain Controller managing about 10 to 12 workstations

2. Wireless Network

3. Print and File Services

 

Is there a setup or user guide available?

 

Please help.

Thanks.

CMH

Responses

Accepted Solution

Gold Problem solver

 • 

610 Messages

6 y ago

Yes, Comcast's responsibility technically ends at the Comcast gateway; any devices past that, they are not authorized to provide support for.

 

But I am, so let's dig in 😉

 

First off, if you are using the server to provide DHCP (and you are in this case), you will need to disable DHCP on the Comcast gateway.

 

Can you possibly detail your network topology (any routers and their associated IP addresses/subnets, the server's location on the network & its associated IP address/subnet). As well, can you post the output of "ipconfig /all" from a workstation that has obtained an IP address via the WIndows DHCP server?

Accepted Solution

New Contributor

 • 

13 Messages

6 y ago

Hi,

 

It seems to be that some of us are in this same position of setting up a new server.  I read this post, and I'm not trying to hijack this thread but I could sure use the help.  I just received a new Comcast Cisco modem a couple of hours ago which replaced our approximate 10 year old SMC. 

 

My only diference is with the Domain Controller.  At this particular time, I'm more comfortable having the DHCP issues left with the Comcast unit.  I'm also running the Windows Server 2012 R2 Essentials product suggested by train_wreck.  I'm also not "under the gun" to have the entire system up and running since I've got my approximate 10 coworkers setup running Office 365 with Microsoft handling the Exchange server duties.  I've also established a relationship with a cloud storage provider (Egnyte) who is handling our "shared file" duties.  Our PC's are running an Egnyte sych client in real time that works for the most part pretty good.  I've created a workgroup in Win 7 and we share files that should not be in "the cloud" off of our Office Managers PC.  I recently down sized our company at which time I just couldn't afford the Data Suite Citrix Solution with 4 servers (I believe that's what we had), an Exchange server, and all the other IT Company costs.

 

My main issue is that I can't grasp the DHCP, DNS, the IP Suite of protocols, Private IP, Public IP, Subnet Masking, Port Forwarding, Gateways, and associated items.  I've studied, watched, read, etc... and I'm becoming more familiar but it's not going to happen overnight.  What our company needs is really:

 

1. Remote Access (Anywhere Access).  We work at our clients sites 75% of the time.  I also have some coworkers that may be gone for 1 week at a time.  Our end product is really just reports (Word and PDF), spreadsheets, Publisher documents, and a few others.  My issue with this has been the uPnp or lack thereof with the SMC modem.  Also, would Anywhere Access be best accomplished using a VPN?  We do have 1 static IP address and really it doesn't look like we really need it?????  What is it used for.

 

The other issues such as shared printing (we have two large capacity multi-function copier/printer/scanners, and file storage are not as baffling to me.  what I am most concerned (I should say SCARED) about is setting up the Comcast unit incorrectly, having the network go down, or leaving us exposed to in a matter which could jeopardize our clients.

 

I'd go for the domain controller being the server if it was recommended, but I'm just fearful of messing something up.  I've tried hooking up with local IT providers but they want the servers again in a Data Center and the cost is just overwhelming.

 

Any suggestions would be so helpful and I'll move this post if anyone feels I'm hijacking the thread.  But, the other posters situation is something that I could deal with so I'm just trying to learn and piggy back off of the same topic. 

Accepted Solution

Member

 • 

49 Messages

6 y ago

I've OBVIOUSLY high-jacked this thread and ALSO cross-posted with my IPv6 dilemma.

 

So here on out, anyone interested in what I got going here, here is a seperate thread with my IPv6 problem:

 

http://forums.businesshelp.comcast.com/t5/IPV6/How-to-disable-DHCP-ipv6-on-Cisco-DPC3939B-DNS-settings/m-p/26044#U26044

  

 

Thank you both train_wreck and ShifterKartRacer for the awesome detailed help!  Sorry OP!  Your post is very similar to my scenario..but the IPv6 has made it more complex.....I honestly didn't mean to step on your toes...  : )

 

Accepted Solution

New Contributor

 • 

13 Messages

6 y ago

Timd; Thanks for the sharing of the educational materials.  I spent yesterday watching video's on Lynda.com by a gentleman by the name of Mark Jacob.  The ipv4, ipv6, subnet masking, and the actual math behind this all really helped me greatly.  Some of the "vague references" supplied by others were explained.  I did purchase a couple of books albeit not highly technical in nature, and the IP addressing is considered "outside the scope of the book (i.e. topic).  I was dumbfounded by that since it's the inroad to the system.  But it is what it is.  Being that Eli's video's on the topic are 2010 - 2011, he really didn't even touch on ipv6 other than he's been hearing about it since 1999 when he got involved in computers.

 

I've been involved with forums (not Servervault) in my main line of work.  However, I stay back and let the people attack each other by use of sarcasm, terse one line comments, and literally making a person feel like an idiot for even posting a question, comment, or concern.  I'm also aware that the IT industry has some very highly skilled, educated, and professional people that should not be giving their knowlege away for free.  Hey, not an issue with me as I'd pay for the information I need.  I'd be happy to give the list of what I have, what I'd like to do, and fill in the information on all the devices.  If I could learn by reverse engineering or if the person doing the configuration would at least tell me why, I'd appreciate that as well.  I'm not messing with anyones' job security but I am a Scientist, and not knowing anything at all, drives me nuts.  Not to mention, I do enjoy technology as well. 

 

If you'd like to chat more off this site, you can email me at trisATgoisesDOTcom.  Replacing the usual AT and DOT with the correct characters.  I don't want to impose on the fine folks that run these forums and their helping nature.

 

Regards,

 

TG

 

 

Gold Problem solver

 • 

610 Messages

6 y ago

If you have never configured a Windows server before, I would recommend looking into Windows Server 2012 Essentials. It has numerous configuration wizards that make it very easy to setup, and is meant for small networks.

http://www.microsoft.com/en-us/server-cloud/products/windows-server-2012-r2-essentials/

Visitor

 • 

9 Messages

6 y ago

Thank you for the response. 

Yes, I don't have much expeirence with Domain Controllers and Networking and I'll surely look into the link you have posted.

 

Let me be more specific about the issue I'm having:

 

I've a small existing, semi-broken setup with one domain controller (Windows 2008 R2) and a WiFi network. 

 

I would expect that the Domain controller is the one assigning the IP addresses to the clients, but it is not. I checked and found out that the DHCP is enabled on the Comcast Router/Gateway and it is giving the IP addresses to the clients. But this is causing issues for the clients to join the domain as they are not able to find the domain. The nslookup shows that the DNS server is at Comcast. On the Clients the settings are "Automatic" for finding the IP addresses and the DNS.

 

So, when I disable the DHCP on the Comcast device, the clients get IP addresses from the DC (Domain Controller) and are able to login into the domain but then the Internet stops working on the clients. And this also breaks the Wifi network.

 

Not sure how to fix this situation? I called Comcast Customer service but they are not able to help me. They want me to contact some third party IT company for help.

 

I also tried searching for any documents or User guide on setting up a small network with a DC. 

I'm hoping someone experienced like you can help me here. 

 

Thanks.

CMH

 

Visitor

 • 

9 Messages

6 y ago

Thank you Sir.

I'll get all the information this Saturday and will post here.

Thanks.

Visitor

 • 

9 Messages

6 y ago

CXX-Network.PNG

 

Here is a very basic diagram of our Network. We have more PCs but I'm showing just few here. You will get a general idea of the network topology. I'll get more information soon as you requested. Is there a way to contact you over the phone or email?  

Thanks.

CMH

Gold Problem solver

 • 

610 Messages

6 y ago

A few things....

 

It appears you have a wireless router, but are using it just basically as an access point? If so, you'll need to make sure DHCP is off there as well.

 

In terms of the DHCP server, it should be assigning clients IP addresses from within 10.1.10.x/24 with exclusions for 10.1.10.1 and all static IP address devices (such as the domain controller itself, the wireless router, etc.), a default gateway for the clients of 10.1.10.1, and a DNS server address that is the IP of the domain controller.

 

Also, is there any reason you're not using the wireless router as a true router, with its WAN connected to the Comcast gateway and the LAN connected to the switch.....

Member

 • 

49 Messages

6 y ago

Hello train_wreck,

 

I'm in the same situation, but new server setup.  Windows Server 2012 R2 Essentials.

 

Same set up, but integrated WIFI access in the Cisco DPC3939B router.  everything connected to the switch.  Router in/out from internet; gateway.

 

I understand that Ipv4 DHCP needs to be disabled on the router since the SERVER will do DHCP and hand out IP addresses.

 

But what about IPv6 on this router?  How to you disable the IPv6 DHCP on this?  It isn't straight forward like the legacy IPv4 way of doing things. I grasp that part both on the router and windows server settings.

 

From what I understand I need to UNCHECK Stateful and just use IPv4 DHCP on the server? (yes, disable Ipv4 on router also).  But it seems everything is going IPv6?  Should I leave it alone?  The Ipv6 is VERY confusing and archaic.  As best practice, I prefer the SERVER handle DHCP... so I guess I don't want the router doing ipv4 or ipv6 DHCP to avoid conflict, correct?  but what is best practice handling this IPv6 dhcp?  preferably if we need to keep it in tact...which I guess from the server...  scopes?

 

Screenshot below of current DEFAULT settings...not sure exactly what to change / add here:

 

DPC3939B.jpg

Gold Problem solver

 • 

610 Messages

6 y ago

@timd1971:

 

Concerning IPv6, I would hesitate to make any recommendations as COmcast hasn't officially launched v6 for business yet. All of the gateways do support IPv6 to some degree - the Cisco DPC3939B will assign a global IPv6 address to any connected device using either RA announcement packets ("stateless", as it says in the config page) or using an integrated DHCPv6 server. At the moment, I don't think you can configure a separate DHCPv6 server on the LAN to assign addresses.   In general, the same rules that apply for IPv4 in terms of DHCP servers also applies to IPv6; you shouldn't have 2 separate DHCPv6 servers on a network, without specific configurations made on both.

 

I imagine that eventually, Comcast will provide you with a static "prefix" to which you can configure your devices in any way you like; for example, they would give you the prefix 2601:443:1480:5300::/64 (meaning that your IPv6 numbering range would be 2601:443:1480:5300:0000:0000:0000:0000 through 2601:443:1480:5300:ffff:ffff:ffff:ffff ) and you could then configure hosts statically within that range OR have your own DHCPv6 server handing out addresses from this range. This is just speculation, however. I have heard that the official rollout may happen this year.

 

You are correct in thinking that you need to have the Cisco DHCP v4 server disabled if you have the Windows server doing DHCP.

Member

 • 

49 Messages

6 y ago

Thank you train_wreck, you really know your stuff. IPv6 is QUITE baffling... and Comcast not supporting makes it even more difficult.
from what I understand, IPv6 is really something that needs to be implemented, so not sure why Comcast has dropped the ball here?

It doesn't look like I have any choice here. Being Business Comcast, I don't understand the limitation Comcast has imposed. That being the DPC3939B "apparently" cannot disable IPV6 so the Windows Server can then handle all DHCP. (Both IPv4 & IPv6, not JUST IPv4).

I am not sure what to do here being IPv6 is quite important now and needs to be implemented. I don't want to just disable it on both router and server. Apparently it cannot be turned off on router anyways? So even though best practice says Server should handle all DHCP, can I let the DPC3939B just do all the DHCP? Is this truly my only option to keep IPv6? I heard something about Active Directory not working correctly this way? So doomed either way? : (

I don't know anything about the BRIDGE mode, but would that be a option? Does it turn the router into a modem, and then I use a seperate wifi router (i.e. new Asus ac router). Would this maybe be a solution? Would hardware firewall help here?

This IPv6 DHCP is the one thing preventing me from setting up this new server.

I don't mean to highjack this thread, but I think this IPv6 DHCP is a real problem and needs to be addressed in order to correctly complete the server setup. The OP will no doubt run into this problem like we have. It is VERY difficult to find a solution to this. Especially if Comcast hasn't fully implemented IPv6 yet, that is just unacceptable being a Business class router and service. Not good.

Gold Problem solver

 • 

610 Messages

6 y ago


@timd1971 wrote:
I am not sure what to do here being IPv6 is quite important now and needs to be implemented. I don't want to just disable it on both router and server. Apparently it cannot be turned off on router anyways? So even though best practice says Server should handle all DHCP, can I let the DPC3939B just do all the DHCP? Is this truly my only option to keep IPv6?

At the moment, yes, this is about the only option. Some of the other Comcast gateways support what is called "prefix delegation", whereby you can connect a router to the gateway and it will pull a prefix to use for clients behind its LAN.

 

I have never heard of Active Directory services failing to work if there is a separate DHCPv6 server; I would think that if anything, AD auth/replication should just fall back to v4. Haven't tried that though.

 


@timd1971 wrote:
I don't know anything about the BRIDGE mode, but would that be a option? Does it turn the router into a modem, and then I use a seperate wifi router (i.e. new Asus ac router). Would this maybe be a solution? Would hardware firewall help here?

Yes, bridge mode turns the gateway into a standard cable modem, AND also deletes any static IPs you may have. This would allow you to connect a separate router that can do prefix delegation. This would NOT allow you to setup a DHCPv6 server on the Windows machine. Once again, for this I think we'll just have to wait for the static v6 rollout.

 


@timd1971 wrote:
This IPv6 DHCP is the one thing preventing me from setting up this new server.

I wouldn't worry too much about it yet, unless for some reason you have a very pressing need for v6. If you must have it, consider setting up a temprary fc00:: ULA subnet on the WIndows DHCPv6 server. You would ony have local LAN connectivity, but it might help.

New Contributor

 • 

13 Messages

6 y ago

Train_Wreck,

I have to say, understanding all of this so much easier than most of the materials I've come accross.

In a nutshell, is it better to have DNS, AD, and DHCP handled by the Windows Server 2012 R2 Essentials Server? If that's the case, the 3939B would simply be used in Bridge Mode for its' modem? One of the reasons I had Comcast change our SMC was to eliminate an old Snapgear 565 external router, firewall, gateway, and wireless. Maybe I made a mistake in decomissioning the SnapGear?

I've read that DNS is better handled by a Windows Server being that it makes "life easier". I believe this was a video I had watched but it was covering Windows Server 2012 (not R2 or Essentials). I also thought life would be simplifed by going to a "one box fits all" solution (the Comcast Cisco 3939B). Maybe I was wrong in my thinking with that subject also.

One of my thoughts was that you'd think the 3939B would be better handling all these tasks. Probably wrong on my part.

I did notice that the 3939B could not have the ipv6 disabled so I didn't know if that would effect anything. Last night, I was able to let the server obtain it's own address from the 3939B and for the first time I could get Anywhere Access working. That may be in part due to the uPNP being enabled on the 3939B.

I appreciate all this great information! Regards, TG

Gold Problem solver

 • 

610 Messages

6 y ago


@ShifterKartRacer wrote:
In a nutshell, is it better to have DNS, AD, and DHCP handled by the Windows Server 2012 R2 Essentials Server?

Usually yes, because AD is recommended to be integrated with DNS/DHCP, as the services work together to provide dynamic updates among each other. It simplifies management of network entities within the directory to keep it all on the same server. As well, the processing power in the server is much higher than in the gateways, so offloading these network infrastructure services helps conserve resources on the (already resource-strapped) gateways.

 


@ShifterKartRacer wrote:
If that's the case, the 3939B would simply be used in Bridge Mode for its' modem?

It wouldn't technically be "bridge mode" at that point, because the gateway would still be doing routing capabilities (e.g., traffic from 10.1.10.0/24 LAN clients would still need to be NATted out the gateway's WAN address.)

 


@ShifterKartRacer wrote:
 I also thought life would be simplifed by going to a "one box fits all" solution (the Comcast Cisco 3939B). Maybe I was wrong in my thinking with that subject also.

One of my thoughts was that you'd think the 3939B would be better handling all these tasks.

In general, I usually recommend that the policy "jack-of-all-trades, master of none" applies to most networking gear, at least until you get into enterprise-level equipment. I tend to find better results with single, dedicated devices that do one thing well. I prefer to use a standalone router, in conjunction with the Comcast gateway being in bridge mode or provisioned with rented static IPs (to which said router has the static IP configured into.)

 


@ShifterKartRacer wrote:
Last night, I was able to let the server obtain it's own address from the 3939B and for the first time I could get Anywhere Access working. That may be in part due to the uPNP being enabled on the 3939B.

Likely a firewall/port forwarding rule wasn't set for the requisite ports/protocols that are used by "Anwhere Access". Keep in mind, even with DHCP disabled on the gateway, if you are still using it with the stock 10.1.10.x subnet (e.g., your LAN clients are still within that range, and have a default gateway pointing to 10.1.10.1), you will still need to configure appropriate firewall rules on the gateway. In this configuration, it is still functioning as your router.