We're not expecting DHCP to manage addersses outside of DHCP scopes. Our network group is looking for a product to ease their management of addresses outside of the DHCP scopes. For example, they need to doc the router management addresses or servers that have static addresses that are outside of the DHCP scopes. That's their strongest argument for purchasing an additional product like MetaIP or Men and Mice.
Thanks for the information regarding QIP. I believe they've dropped their idea of updating (and paying for additional licenses) for QIP. Can you elaborate on the scripting? I've looked around and don't see much DHCP scripting capability at all. In fact, it looks like Microsoft is still working on a WMI provider for DHCP. In addition, it appears that the DNS scripting capability is rudimentary, at best. The primary concerns is to generate a report of all scopes and how heavily utilized they are, determine what device is at what out-of-scope address, determine whether an out-of-scope address is available, determine whether any duplicate DHCP assignments have been made (ICMP is blocked), and change both global and local scope options quickly and easily across multiple DHCP servers. I understand what you're saying about the tradeoffs. Our network group is looking for the Cadillac solution and have latched onto the need to know everything about all IP addresses (whether in a scope or out) as their argument. I disagree with them due to the cost and feel that it can be done with Microsoft tools, if you set it up right. Is it as slick as an expensive tool? Probably not. But if it does it well enough, then why spend the money? I agree that DNS can be used. I also believe that DHCP can be used and you just don't dynamically allocate addresses but instead set up reservations. But we're not far removed from their current method -- Excel spreadsheets. IP address management is simply stated as the need to know what device is on any address and whether any specific address is available. Rememeber that ICMP is blocked. They're not likely to open up ICMP again. NBTSTAT isn't helpful enough as we have too many non-Microsoft devices. At a higher level, they need to know what all of our subnets and vlans are and where they're located. But it's the IP address-specific stuff that they're most concerned about. I think what bugs them most is trying to find out what the management interface IP addresses are on the field office switches and routers. Thanks, Mike ------------------------------------------------------------------------------- > Confused a little: > How can DHCP manage IP addresses it considers out of scope? �Or are you > referring to the idea that DHCP is allowed to register DNS addresses > perhaps? > > As for the differences? �Having used both, I'd say both have plusses and > minusses. > On the plus side, QIP is pretty feature rich and shops that have their > DHCP/DNS controlled by the networking folks, have often picked this setup > for the features it provides. �It's not a lot of features, but for some they > are important. > On the minus side, it can be expensive to own DNS/DHCP if you pay for QIP. > I've seen shops that spent a TON of money to own the same features they > could have had with BIND and last I checked QIP doesn't support the concept > of authenticated updates. �It's either permission the zones or don't, but > you can't use active directory authentication to allow DDNS updates. �That > sucks. �Additionally, since it's a third party app, you will run into issues > where you can't update the host it runs on due to incompatability; btdt :) > > To say you can't manage Microsoft's DNS/DHCP just tells me you're not into > scripting. �It's all available, it's just not all in the GUI. > > Personally, I'd trade authenticated updates/cost of ownership over some of > that functionality. �I can create DNS zones for IP addresses that DHCP > doesn't manage. �I can create scopes that cover all of my ip address ranges, > just some hosts wouldn't use the DHCP scope, right? � > > Plenty of ways I can do this solution based on the network and the hard and > fast requirements vs. the nice to have ideas. Management of IP addresses is > ambiguous outside of your organization; we need some background to > understand what they mean. > > FWIW, some of the largest networks out there use Microsoft DNS/DHCP and do > so just fine. Yours would be a pretty small network comparatively speaking > ;) > > Here's a nice glossy faq that gives some contrast as well: > http://www.lucent.com/livelink/0900940380026b9c_FAQ.pdf > My thoughts anyway. > > Al > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Wednesday, July 07, 2004 2:22 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Slightly OT: Enterprise IP address management? > > We currently have a mish-mash of Microsoft DNS and DHCP in use as well as > QIP (outdated and not supported) for these services. �Our network group is > strongly in favor of an overall IP address management tool such as QIP or > MetaIP for DNS and DHCP as these are just part of the capability of the > tools. �The real value to those tools lies outside of merely DHCP and DNS. > They need to what device is on what address and/or whether the address is > available, regardless of whether it's part of a DHCP scope or not. �We also > have ping blocked throughout most of the environment in response to the > viruses/worms that came out some time ago. > > We're 65,000 users across 600 offices across 6 countries. �We're currently > some Active Directory and some NT4.0. �We have a project to migrate to a > global AD design. �This effort is part of the project. > > What I'm hoping for is that some of you, in large environments like ours, > would be kind enough to share how you're handling DNS/DHCP and IP address > management so we can get some perspective. �Or if you have a recommendation > for a methodology or a product, please share. � > > Our network group's biggest gripe about Microsoft DNS and DHCP is no > centralized reporting or management as well as lack of support for IP > addresses that lie outside of the DHCP scopes. > > Thanks, > Mike > List info � : http://www.activedir.org/mail_list.htm > List FAQ � �: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info � : http://www.activedir.org/mail_list.htm > List FAQ � �: http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
