When the internet is down, so is Active Directory?

networking active-directory dhcp

Solution 1:

The DNS is the most important service in every AD setup. It is responsible for locating AD related services as LDAP, KDC etc. So every domain joined computer should have DNS client settings configured to point to a DC. The DNS server on the DC should have Forwarders to point to your ISP. This way if a DNS query gets unresolved, the DC will forward the query to it's forwarders. Here is a schematic of simple DNS query flow:

Computer -> DC (Forwarders) -> ISP

So your DHCP (DC or the router, but not both) should offer leases with DNS pointing to your DC only. Then add Forwarders in your DNS server. This way, when the Internet connection is down, all DNS queries, related to AD will be resolved and you will be able to authenticate and use Active Directory services as a whole.

Also, in a 1 DC setup, the DC should point to itself (127.0.0.1* or its IP) in the DNS settings of its network adapter.

  • 127.0.0.1 will work only if the DNS server is configured to listen to all available network adapters

Solution 2:

You should have your Small Business Server (Server Essentials) doing DHCP and DNS. SBS will automatically disable its DHCP service when it detects another DHCP server on the LAN. (You can verify this by checking the event logs, there will be DHCP errors, and the service will likely be stopped)

Since your router is likely handing out the ISPs DNS, your computers cannot authenticate when you power it down.

Connect to your Comcast router and turn off DHCP broadcast, and start your DHCP service on your SBS server. If you used the wizards to configure, the issue you are seeing will likely resolve itself.

Edit: If you are unsure who the DHCP server is, do an ipconfig /all on one of the clients to get the DHCP server IP address.

Solution 3:

If the server is connected to a port on the router and you turn off the router, how would you expect the workstations to communicate with the server? You should connect the server to the same switch as the workstations.

Solution 4:

No. The problem is most probably with DNS. Since it is a AD setup, you also need, and probably have set up DNS on the server. Make sure the stations use this DNS as the primary. Other, more elaborate configurations are also possible.

Related

How can I watch a terminal window remotely?
ls command doesn't show folder but I can't create it because folder already exists
How to avoid being scraped?
Change all file permissions to 644 and all folder permissions to 755 recursively
Creating SSH key on Jenkins Master - Centos Yum Install
Automatically set SSH user
Contacting DNS server via command line interface [closed]
Windows - Release & Renew IP in one step?
Is it possible to serve specific pages based on IP address?
How to mount an ISO file in Linux?
Use of 2.5" Laptop Drives in a Server?
how to use a disk with high reallocated sector count?