D
D
Danil2016-03-08 14:24:03
Active Directory
Danil, 2016-03-08 14:24:03

Is it possible to set up an AD server without DNS and DHCP?

The situation is this: there is a network where everything is OK, but there is no AD. You need to put AD there, is it possible to do this so that the DHCP and DNS settings are taken from the Mikrotik (everything is configured there)? Or advise how to do it right.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
D
Dmitry, 2016-03-08
@Tabletko

AD does not live without DNS. You can leave DHCP on Mikrotik, and DNS will be on the domain controller.

E
Eugene, 2016-03-08
@yellowmew

serve Active Directory, DNS must have its own.
To use DNS on Mikrotik, just set your Mikrotik in DNS forwarder settings.
However, the clients must have a domain controller DNS.

C
chief, 2019-03-03
_

As I see it, my question was merged with this one, so I'll write down my "path" here.
In short, I decided to set up a network where the main DHCP \ DNS \ NAT will be the old system unit (2GHz \ 250MB DDR-400 \ USB Flash 1GB) with OpenWRT written to the USB flash drive.
Why so - because there was an experience of setting up OpenWRT on all kinds of WiFI routers. The system is very light, and at the same time, functionally it is not inferior to Debian\CentOS\NetBSD. (At least in popular trifles). Seriously, right now this dinosaur is serving a ~100PC network, cutting ads right at the entrance (through the built-in Adblock plugin), as well as accessing blocked sites via OpenVPN. And consumes only 30-40MB of RAM. The processor did not rise above 10% at all. Actually, there are two reasons why it was done this way:
- The presence of a bunch of old unnecessary system engineers
- The ability to duplicate a flash drive, and, if necessary, quickly restore the network (If the lightning burns the network, or the motherboard does not withstand 24/7 work .. In general, it doesn’t matter, this is my cactus and I have to gnaw it).
But let's get back to the problem: How to make a domain with Active Directory work normally without installing the DNS role. I had to google a little. And in principle, as a result, the following config was made, with which almost all functions work.
Almost everything, because, for example, I needed to make a file share through DFS, but in the DFS configuration manager, the namespace stubbornly refused to be created, referring to an RPC error. Although if you raise DNS on the Domain Controller, create a namespace (and it is apparently created only on DNS from Windows), and then remove the DNS role from the domain controller, then the DFS ball continues to work normally (so far, though, I haven’t tested much).
Bottom line: If you do not use AD features that are strongly tied to Microsoft DNS, then you can live with NAT DNS on any convenient device with Dnsmasq support.
Actually config: (write the domain name for yourself)
My network: 192.168.121.0/24
# Change the following lines if you want dnsmasq to serve SRV
# records.
# You may add multiple srv-host lines.
# The fields are ,,,,
#Domain
domain=dc.test.ua
#Time Update Server
#address=/time.windows.com/192.168.121.2
#For Win7 and later
#dhcp-option-252,"\n"
#Banned Hosts
#addn-hosts=/etc/banned_hosts
# IF AD DNS be also Used (transfer requests from zone to ip)
#server=/dc.test.ua/192.168.121.2
#Locan domain name if WIN-disabled
#local =/dc.test.ua/
#DNS Servers List
server=/121.168.192.in-addr.arpa/192.168.121.1
#server=/121.168.192.in-addr.arpa/192.168.121.2
#---- -------------------------------------------------- ---------
# REGISTER CNAME TXT
#------------------------------------ ----------------------------
#For this type of registration you need in
# file /etc/hosts something like this:
# 192.168.121.15 troll.dc.test.ua troll
# and then here write:
# cname=ALIAS,REAL_NAME
#cname=controller.dc. test.ua,ise-dc.dc.test.ua
#cname=rdp.dc.test.ua,ise-rdp.dc.test.ua
#cname=fileserver.dc.test.ua,ise-fs.dc. test.ua
#cname=mail.dc.test.ua,ise-mail.dc.test.ua
#-------------------------- -----------
#MX RECORDS
#----------------------------------- --
#Return MX mail.dc.test to PC named ise-mail.dc.test with priority 10
#mx-host=dc.test.ua,mail.dc.test.ua,10
#Default MX with localmx option
# mx-target=mail.dc.test.ua
#Return MX, which pointed to mx-destination for ALL local PCs
#localmx
#------------------------------------------------ ------
# TXT RECORDS
#------------------------------------------
# TXT records. Also we can write SPF here
txt-record=dc.test.ua,"v=spf1 a -all"
txt-record=dc.test.ua,"Wellcome to The Dark Side"
#======== ================================================= ===
#Range of IP Addresses for servers, etc,
#dhcp-range=192.168.121.10,192.168.121.30,24h
#MAXimum DHCP-Leases. Default 150
#dhcp-lease-max=222
#IPv6 Range
#dhcp-range=1234::, ra-only
#RANGE OPTIONS
#dhcp-option=1,255.255.255.0 #NETMASK
#dhcp-option=3,192.168.121.1 #GATEWAY
#dhcp-option=6,192.168.121.1 #DNS Servers
#dhcp-option=15,dc.test.ua #DNS Domain name
#dhcp-option=19,1 #option IP-forwarding ON
#dhcp-option=28,192.168.121.255 #BROADCAST
#dhcp-option=42,192.168.121.1 #NTP time server
#dhcp-option=40,DC #NIS Domain name
#dhco-option=41,192.168.121.2 #NIS Server
#dhcp-option =44,192.168.121.2 #WINS
#dhco-option=45,192.168.121.2 #NetBIOS Server
#dhcp-option=73,192.168.121.2 #Finger Server
#dhcp-option=46,8 #NetBIOS Node
#dhcp-authoritative #IF THIS DHCP IS ONLY ONE IN Network
#------------------------------------
# LOGGING tail -f /var/log/syslog journalctl -f
#------------------------------------
#log-queries
#-------- -----------------------------------------
# REGISTER A and SRV for Active Directory
# -------------------------------------------------
# -------------------------------------------------
# Windows AD | _msdcs.dc.test.ua | Zone
#------------------------------------------------ -
#-->root
cname=430732cb-e159-4333-87d1-6cea750f5b25._msdcs.dc.test.ua,ISE-DC.dc.test.ua
cname=e1b66cc4-35fc-4cd5-8d6c-ab4245f280fe._msdcs.dc .test.ua,ISE-DC2.dc.test.ua
#-->root\dc
#-->root\dc\sites
#-->root\dc\sites\Default-First-Site-Name
#-- >root\dc\sites\Default-First-Site-Name\tcp
srv-host=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.dc.test.ua,ISE-DC.dc.test.ua,88,0,100
srv-host=_kerberos._tcp.Default -First-Site-Name._sites.dc._msdcs.dc.test.ua,ISE-DC2.dc.test.ua,88,0,100
srv-host=_ldap._tcp.Default-First-Site-Name._sites. dc._msdcs.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
srv-host=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.dc.test.ua ,ISE-DC2.dc.test.ua,389,0,100
#-->root\dc\tcp
srv-host=_kerberos._tcp.dc._msdcs.dc.test.ua,ISE-DC.dc.test.ua ,88,0,100
srv-host=_kerberos._tcp.dc._msdcs.dc.test.ua,ISE-DC2.dc.test.ua,88,0,100
srv-host=_ldap._tcp.dc._msdcs.dc.test .ua,ISE-DC.dc.test.ua,389,0,100
srv-host=_ldap._tcp.dc._msdcs.dc.test.ua,ISE-DC2.dc.test.ua,389,0,100
#-->root\domains
#-->root\domains\27b71e15-e809-4875-aa12-cd7575e3f3ab
#-->root\domains\27b71e15-e809-4875-aa12-cd7575e3f3ab\tcp
srv-host=_ldap._tcp .27b71e15-e809-4875-aa12-cd7575e3f3ab.domains._msdcs.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
srv-host=_ldap._tcp.27b71e15-e809-4875-aa12- cd7575e3f3ab.domains._msdcs.dc.test.ua,ISE-DC2.dc.test.ua,389,0,100
#-->root\gc
address=/gc._msdcs.dc.test.ua/192.168.121.2
address= /gc._msdcs.dc.test.ua/192.168.121.3
#-->root\gc\sites
#-->root\gc\sites\Default-First-Site-Name
#-->root\gc\sites\ Default-First-Site-Name\tcp
srv-host=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.dc.test.ua,ISE-DC.dc.test.ua,3268,0,100
srv-host=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.dc.test.ua,ISE-DC2.dc.test.ua,3268,0,100
#-->root\gc\tcp
srv-host=_ldap._tcp.gc._msdcs.dc.test.ua,ISE-DC.dc.test.ua,3268,0,100
srv-host=_ldap._tcp.gc._msdcs.dc.test.ua,ISE -DC2.dc.test.ua,3268,0,100
#-->root\pdc
#-->root\gc\tcp
srv-host=_ldap._tcp.pdc._msdcs.dc.test.ua,ISE-DC. dc.test.ua,389,0,100
#---------------------------------------- ---------
# Windows AD | dc.test.ua | Zone
#------------------------------------------------ -
#-->root
#-->root\sites
#-->root\sites\Default-First-Site-Name
#-->root\sites\Default-First-Site-Name\tcp
srv-host=_gc._tcp.Default-First-Site-Name._sites.dc.test.ua,ISE-DC.dc.test.ua,3268,0,100
srv-host=_gc._tcp.Default-First-Site -Name._sites.dc.test.ua,ISE2-DC.dc.test.ua,3268,0,100
srv-host=_kerberos._tcp.Default-First-Site-Name._sites.dc.test.ua,ISE- DC.dc.test.ua,88,0,100
srv-host=_kerberos._tcp.Default-First-Site-Name._sites.dc.test.ua,ISE2-DC.dc.test.ua,88,0,100
srv- host=_ldap._tcp.Default-First-Site-Name._sites.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
srv-host=_ldap._tcp.Default-First-Site-Name ._sites.dc.test.ua,ISE2-DC.dc.test.ua,389,0,100
#-->root\tcp
srv-host=_gc._tcp.dc.test.ua,ISE-DC.dc.test .ua,3268,0,100
srv-host=_gc._tcp.dc.test.ua,ISE-DC2.dc.test.ua,3268,0,100
srv-host=_kerberos._tcp.dc.test.ua,ISE-DC.dc.test.ua,88,0,100
srv-host=_kerberos._tcp.dc.test.ua,ISE-DC2.dc.test.ua ,88,0,100
srv-host=_kpasswd._tcp.dc.test.ua,ISE-DC.dc.test.ua,464,0,100
srv-host=_kpasswd._tcp.dc.test.ua,ISE-DC2.dc .test.ua,464,0,100
srv-host=_ldap._tcp.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
srv-host=_ldap._tcp.dc.test.ua,ISE -DC2.dc.test.ua,389,0,100
#-->root\udp
srv-host=_kerberos._udp.dc.test.ua,ISE-DC.dc.test.ua,88,0,100
srv-host= _kerberos._udp.dc.test.ua,ISE-DC2.dc.test.ua,88,0,100
srv-host=_kpasswd._udp.dc.test.ua,ISE-DC.dc.test.ua,464,0,100
srv-host=_kpasswd._udp.dc.test.ua,ISE-DC2.dc.test.ua,464,0,100
#-->root\DomainDnsZones
address=/DomainDnsZones.dc.test.ua/192.168.121.2
#-->root\DomainDnsZones\sites
#-->root\DomainDnsZones\sites\Default-First-Site-Name
#-->root\DomainDnsZones\sites\ Default-First-Site-Name\tcp
srv-host=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
#- ->root\DomainDnsZones\tcp
srv-host=_ldap._tcp.DomainDnsZones.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
#-->root\ForestDnsZones
address=/ForestDnsZones.dc. test.ua/192.168.121.2
#-->root\ForestDnsZones\sites
#-->root\ForestDnsZones\sites\Default-First-Site-Name
#-->root\DomainDnsZones\sites\Default-First-Site-Name \tcp
srv-host=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
#-->root\ForestDnsZones\tcp
srv- host=_ldap._tcp.ForestDnsZones.dc.test.ua,ISE-DC.dc.test.ua,389,0,100
#-------ENT NEW CONFIG------------

R
Roman, 2021-04-20
@strelnikovr

https://koobik.net/mikrotik-dns-dhcp-for-active-di...
Working solution

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question