Active Directory in a home environment?

active-directory windows-domain

I have two questions for you all... If I had a standard home router (Netgear R6300) and was looking at running a basic home domain using Active Directory as the domain controller.

1) How do I go about dealing with DHCP: I understand AD works best when it's allowed to control DHCP entirely, however, with my current setup I'm not sure how viable this is... My idea at the moment is to have the Router deal with DHCP of non-AD binded devices, ie: mobile phones, tablets, PS3, TV, etc and then run another DHCP server with Active Directory with a scope that wont overlap. The reason why I am thinking this is because I can't see a way AD will know to give these nonbinded devices IP's without this? What are the pros/cons of my idea? Is there a better solution with my current hardware?

2) AD binded Laptops -- how will these react when taken away from the domain and connected to a new network? Will there be log in issues so they require local accounts? Or will they be able to login to domain accounts without network access? To put it into perspective... For example, how would taking a home Laptop to a friends house and connecting to their Wifi go?

Cheers, I appreciate any help I can get, this is more of a learning project if anything.


It seems you are very unfamiliar with how DHCP works.

The answer is quite simple though. I'll give 2 posisble options. A recommended solution and an alternative solution.

Recommended solution

Disable DHCP on your router completely and install it on the server.

Alternative solution

Do not install a DHCP server on the AD server and keep using the router, ignoring the warning that AD gives you during install. Make sure you give the server a static IP outside of the DHCP scope of the router. Also make sure you point the DNS server to the server IP on your router, or your clients will have trouble finding the server.

Background information

A DHCP server broadcasts through the network that it is a DCHP server, so whenever any device connects to the router, and DHCP is disabled on the router, the device will automatically find the DHCP server on the server itself and gets the IP it needs from there. An AD server can function in both ways, but when the DHCP server is not available for some reason, things can go bad. When the server runs the DCHP server, it will know when thigns stops working and keeps that in mind. In addition, misconfigurations are less likely to happen, because the server knows what to keep in mind.


1) The best design would be to create two separate subnets. For instance, your home router could have the 192.168.1.0 subnet, and your AD domain could have the 192.168.10.0 subnet.

If your AD devices need to have internet access, you could install a router that will separate the two subnets. Then you can have a DHCP server in your domain, and another one in your home subnet. As router blocks DHCP traffic (broadcast), no home device will ask an IP address to your AD DHCP server. And vice versa. Note you can setup a basic router using Windows Server (Routing role). Or you could use a Linux-like appliance, that also have other roles (VPN, Firewall, Proxy, etc...).

2) By default, when a domain computer can't join the domain to validate credentials, it uses cached credentials. That means, if a users has already logged into this computer, he should be able to logon even if the computer is outside the domain network. Alternatively, you are always able to use a local account.

Related

Why do I need to set up Autologon values in registry twice in before it works and can I fix this?
How can I add my product key permanently to a Windows 10 install USB drive?
How can I extract the drive letter for a new mapped drive in a .bat?
TextMate creates temporary files, and doesn't delete them!
win7 headphone jack not working
Excel 2010 - how to Select or display rows if column C has specific values? No VB
How reliable is Wake on Lan (if configured correctly)?
ssh and home directory permissions
Why is elasticsearch user running SSHD?
No signal on monitor after plug it to a linux box
Alternative for sudo
How to connect 2 LAN each one with its own DSL connection?