When the internet is down, so is Active Directory?
Solution 1:
The DNS is the most important service in every AD setup. It is responsible for locating AD related services as LDAP, KDC etc. So every domain joined computer should have DNS client settings configured to point to a DC. The DNS server on the DC should have Forwarders to point to your ISP. This way if a DNS query gets unresolved, the DC will forward the query to it's forwarders. Here is a schematic of simple DNS query flow:
Computer -> DC (Forwarders) -> ISP
So your DHCP (DC or the router, but not both) should offer leases with DNS pointing to your DC only. Then add Forwarders in your DNS server. This way, when the Internet connection is down, all DNS queries, related to AD will be resolved and you will be able to authenticate and use Active Directory services as a whole.
Also, in a 1 DC setup, the DC should point to itself (127.0.0.1* or its IP) in the DNS settings of its network adapter.
- 127.0.0.1 will work only if the DNS server is configured to listen to all available network adapters
Solution 2:
You should have your Small Business Server (Server Essentials) doing DHCP and DNS. SBS will automatically disable its DHCP service when it detects another DHCP server on the LAN. (You can verify this by checking the event logs, there will be DHCP errors, and the service will likely be stopped)
Since your router is likely handing out the ISPs DNS, your computers cannot authenticate when you power it down.
Connect to your Comcast router and turn off DHCP broadcast, and start your DHCP service on your SBS server. If you used the wizards to configure, the issue you are seeing will likely resolve itself.
Edit: If you are unsure who the DHCP server is, do an ipconfig /all on one of the clients to get the DHCP server IP address.
Solution 3:
If the server is connected to a port on the router and you turn off the router, how would you expect the workstations to communicate with the server? You should connect the server to the same switch as the workstations.
Solution 4:
No. The problem is most probably with DNS. Since it is a AD setup, you also need, and probably have set up DNS on the server. Make sure the stations use this DNS as the primary. Other, more elaborate configurations are also possible.