Can Active Directory be install using a dynamic IP?
Is there a way to create a little local environment over the Amazon cloud (EC2)?
2 Answers
Yes, and as Kumar says, that is not a Best Practice for a PRODUCTION Domain Controller (DC).
It is however completely LEGAL and can work for test situations.
It CAN even work for small production systems if that is your only choice.
Normally an "always on DC" will KEEP the same dynamically assigned address even across reboots (if the reboot time is relatively short). So having it register itself (as they do) in DNS may cause no trouble 95% of the time.
For reboots, the DC will re-register anyway so that isn't a big deal (USUALLY, YMMV).
However, it is technically possible to have a DHCP client obtain a different address SIMPLY BECAUSE the DHCP server says so on renewal -- usually this doesn't happen.
In this case, the "NetLogon" service needs to be restarted (reboots do this automatically) since that service is the one which registers the bulk of the Domain Controller records needed for Active Directory to function correctly.
Problem is that you would normally get no notification when the address changes and might not realize that re-starting NetLogon is necessary.
Net Stop NetLogon
Net Start NetLogon
You can also use the Services.msc control panel application.
One thing to consider: Many people say "dynamic IP" when they really mean "assigned by a DHCP server" -- which usually is the same thing.
However, if you control the DHCP server you can easily arrange for the Domain Controller to have a RESERVATION, and thus always obtain the same IP.
This eliminates practically all of the issues associated with the DC having to request an address from DHCP.
It's always the same -- so technically it is assigned by a DHCP server but is static (even though not manual.)
The larger problem is likely the DNS server -- commonly this is also located on the DC (but again that is not a rule either).
The issue for the DNS server is that it's address needs to be hard coded on the clients -- either directly or through the DHCP server.
If you don't control the DHCP server how are you going to arrange for the correct DNS server? And if you use the one supplied by the DHCP server (outside of your control) then odds are that it will NOT accept the dynamic registrations that your Domain Controller(s) require.
Again, technically, the DCs can be registered manually but that is in practice a generally unworkable method.
--
HerbM
It is however completely LEGAL and can work for test situations.
It CAN even work for small production systems if that is your only choice.
Normally an "always on DC" will KEEP the same dynamically assigned address even across reboots (if the reboot time is relatively short). So having it register itself (as they do) in DNS may cause no trouble 95% of the time.
For reboots, the DC will re-register anyway so that isn't a big deal (USUALLY, YMMV).
However, it is technically possible to have a DHCP client obtain a different address SIMPLY BECAUSE the DHCP server says so on renewal -- usually this doesn't happen.
In this case, the "NetLogon" service needs to be restarted (reboots do this automatically) since that service is the one which registers the bulk of the Domain Controller records needed for Active Directory to function correctly.
Problem is that you would normally get no notification when the address changes and might not realize that re-starting NetLogon is necessary.
Net Stop NetLogon
Net Start NetLogon
You can also use the Services.msc control panel application.
One thing to consider: Many people say "dynamic IP" when they really mean "assigned by a DHCP server" -- which usually is the same thing.
However, if you control the DHCP server you can easily arrange for the Domain Controller to have a RESERVATION, and thus always obtain the same IP.
This eliminates practically all of the issues associated with the DC having to request an address from DHCP.
It's always the same -- so technically it is assigned by a DHCP server but is static (even though not manual.)
The larger problem is likely the DNS server -- commonly this is also located on the DC (but again that is not a rule either).
The issue for the DNS server is that it's address needs to be hard coded on the clients -- either directly or through the DHCP server.
If you don't control the DHCP server how are you going to arrange for the correct DNS server? And if you use the one supplied by the DHCP server (outside of your control) then odds are that it will NOT accept the dynamic registrations that your Domain Controller(s) require.
Again, technically, the DCs can be registered manually but that is in practice a generally unworkable method.
--
HerbM
Yes however certain thins need to be kept in mind
One Make sure that there is a reservation for an IP for the server so that the IP doesnt change
Two Make sure the DHCP device has the scope set such that workstations recieve the DNS servers address of the server which has the zone for active directory.
As Kumar and martin say its not a best practice
One Make sure that there is a reservation for an IP for the server so that the IP doesnt change
Two Make sure the DHCP device has the scope set such that workstations recieve the DNS servers address of the server which has the zone for active directory.
As Kumar and martin say its not a best practice