-
Adversity temporarily visits a strong man but stays with the weak for a lifetime. -
Re: Server 2019 - Active Directory
Oh, I talked to my network guru friend a few minutes ago. I hate to bug him because he stays busy. Anyway, I told him about the double nat problem and he told me 7 different ways to correct the problem. All of them were better solutions than the one I picked. He said changing the subnet on the domain controller should be a last resort.
The easiest solution would have been to call the ISP and have them put their router in bridge mode. Problem solved. Live and learn.
Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Server 2019 - Active Directory
I spent a fair amount of time today going over the proper procedure of changing the IP address on domain controller.
First, you should create a pre and post configuration list. Also, be aware of what is connected to your domain and know what services rely on your DC. For instance, if DHCP is hosted on the DC, you're gonna have to update it to reflect the change in IP address. You'll also have to update your DHCP helper address if you're using multiple routers. (Remember that DHCP uses a broadcast and DHCP Helper is needed to make it past the router.)
Make sure that you point the DC controller back to itself. (Remember that it's no longer pointing to itself because of the IP address change that we just made.) If you have multiple DC's, make sure you change the IP addresses that are pointing back to IP address that you just changed.
Once you've done all of that, there's some commands that need to be run post configuration:
ipconfig /flushdns
ipconfig /registerdns
dcdiag /fix
That should be it.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Server 2019 - Active Directory
At this rate before long you'll be ready for the ultimate test: a failed domain rename with orphaned domain controllers.
Seriously though, I wouldn't wish that on anyone.
Sent from my Pixel 6 Pro using TapatalkComment
-
Re: Server 2019 - Active Directory
I have no idea what that is but it sounds like some pain is involved.
I forgot to mention a couple of other things that I had to change:
1. Copiers & printers: No one will be able to print because the copier is on the old subnet.
2. Some of the DNS server addresses were static on a few PC's and I had to go around to each one and change it. I will not do that again. That's now handled by DHCP.
I also had some issues with Quickbooks. Weird issues but I got it worked out.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Server 2019 - Active Directory
Customer had a domain ending in .local. When they introduced Macs into their environment, things went wonky thanks to Macs using that to discover local resources.
Their IT person at the time decided to rename the domain, but never cleanly removed old domain controllers from years before so the change never fully replicated because of failed DC replication. He was able to cobble something together as a fix but new computers wouldn't add properly.
Two years later, we took over IT ops and spent a good month digging through everything, cleaning out the old DC's and finally getting the domain stable enough to get the policies recreated and build out a new domain to migrate everyone to using the new name.
I wouldn't ever try to rename a domain.
Sent from my Pixel 6 Pro using TapatalkComment
-
Re: Server 2019 - Active Directory
One way to protect from having to reconfigure copiers every time the is to print using NETbios name, one of the options when manually installing the driver. Printers and copiers are set up to DHCP. When the subnet changes, usually because the ISP is changed or replaces a modem, reboot everything and it's done.
Static addresses can be an advantage in a large corporate office should the DHCP ever go down. Top executives and others like accounting and payroll who need constant access to the internet and network resources like sercver folders and printers might benefit from static addresses.Comment
-
Re: Server 2019 - Active Directory
When I was going thru the CCNA, I labbed up a scenario to where I set the copier up via DCHP and used the hostname instead of IP. I then changed the subnet of the connected LAN and I was still able to print. It's fantastic. However, old habits are hard to break and I still use a static IP for printers and copiers. Maybe I should change.
Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Server 2019 - Active Directory
It depends on your dynamic and static ranges. If you have a big enough static network range then doing static IP addresses for printers isn't that big of a deal. I'd only do printers on a DHCP scope with reservations so that the DHCP server always assigns the same address to the device. Straight DHCP may work in smaller environments, but as you get into larger ones latency, VLANs, VPN and other variables can prevent your clients from getting up to date address information.When I was going thru the CCNA, I labbed up a scenario to where I set the copier up via DCHP and used the hostname instead of IP. I then changed the subnet of the connected LAN and I was still able to print. It's fantastic. However, old habits are hard to break and I still use a static IP for printers and copiers. Maybe I should change.
For my larger customers, I'll do a /23 network so that at a minimum they have 510 addresses available, usually split half static half dynamic, or in whatever ratio they need.
Sent from my Pixel 6 Pro using TapatalkComment
-
Re: Server 2019 - Active Directory
Okay, I have a new issue as a result of changing the subnet on the server. When I first set this server up, I implemented Folder Redirection. I know it's outdated, but the customer likes it, so I left it.
The problem I'm having is that on 2 PC's it's saying the user doesn't have permission to view the redirection folder.
It doesn't make any sesnse to me because the permission hasn't changed. And why is it only affecting 2 users?
I'm thinking about removing the GPO and they'll no longer have Folder Redirection...which isn't a big deal, or I could create another shared folder and do it over again.
I'm a little concerned about unintended consequences.
Looking for guidance.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Server 2019 - Active Directory
Here's the exact error that the users are getting:
Windows cannot access \\DC-01\FolderRedirect\JohnDoe
DC-01 is the server
FolderRedirect is the shared folder
John Doe is a made up username for a folder. This is the folder that limited access is granted to only that user. This is where his his document and other folders are redireced.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Server 2019 - Active Directory
Can you manually get to the share through a run command?
What result do you get from the command gpupdate?
NTFS permissions correct server side?
Correct home drive path set in the user's AD attributes?
Is the folder redirection GPO set globally or does it only apply to a specific group? Anything like this should be a separate policy object as opposed to setting it in the domain default.
Same result if the user tries a different PC?
Sent from my Pixel 6 Pro using TapatalkComment
-
Re: Server 2019 - Active Directory
I just left the school. I was there for something else but while I was there, I tried to access the folder thru the run command and I got access all the way to the the document and desktop folders but access was denied.
\\DC-01\FolderRedirect\JohnDoe\documents
Folder Redirection GPO is set to a group, not globally.
I didn't have have much time this morning. I'll be going back one day this week and I'll follow up.Adversity temporarily visits a strong man but stays with the weak for a lifetime.Comment
-
Re: Server 2019 - Active Directory
Do they use the new domain user or maybe still trying to use the old one?
Also, dont have files on your DC. The DC should be the DC and the DC only for various security reasons. You could make the DC a VM and have the Host as the Fileserver thoughComment
Comment