Seeking Help with a Complicated Active Directory Setup

By
Anthony Fisher
-
0
14
Asked By SystemSavvy123 On

Hey everyone, I'm in a bit of a bind with my Active Directory setup and could really use your advice. I set up a Windows 2022 AD server with two NICs using RRAS for NAT, which I now realize is not officially supported with AD. The network is a bit messy, with a router that has a ton of firewall entries and some relics from older setups. Currently, my server acts as the DHCP and DNS server for the PCs under it, but I'm struggling to connect PCs that are under the router to the domain. I've managed to make the domain join work, but I'm having issues with the computer policies not applying, particularly the Default Domain Policy. I've checked DNS and everything seems fine, but I can't figure out why the policies aren't downloading. Any advice on troubleshooting this situation or knowing what might be causing the policy failures would be greatly appreciated! Thanks in advance!

3 Answers

Answered By CuriousCoder99 On

I've had some similar issues before. Sometimes, DNS misconfiguration can sneak up on you, especially with multi-homed setups. Try ensuring that all domain-joined clients are set to use only the DC as their DNS server. It might be worth it to do a little network cleanup—having those old firewall entries might be causing issues as well. If DNS is not behaving as expected, your policies won't apply properly, so make that your top priority!

Answered By NetworkNerd78 On

Two NICs on a DC can really complicate things. It's generally recommended to avoid using multiple interfaces on a DC unless you really know what you're doing. If you can, consolidate your devices onto one network and utilize VLANs if you need separation. Also, do double-check that your AD devices are solely reliant on your DC for DNS resolution, as mixing in other DNS servers like Google can cause a lot of headaches.

Answered By TechieTinkerer42 On

You've got quite a complex setup there! Ideally, your Domain Controller (DC) should only handle domain-related tasks and not have multiple network interfaces. Using RRAS just adds more potential issues. If I were you, I'd consider starting fresh with a new DC installation. Make sure that only your DCs are designated as DNS servers for your domain-joined devices. Mixing DNS with external servers can definitely lead to those random issues you're experiencing. If possible, look into virtualizing a secondary DC to help maintain redundancy and simplify this setup in the long run.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.