Hi, This is a ownership issue as you're talking about multiple DHCP servers. By default, when DHCP servers register an IP address on behalf of a client then the DHCP server (the computer account of the DHCP server) becomes the owner of the registered record. If another DHCP server want to register the same record with another IP address it is not allowed to do that because it does not own the record. The story is different when DHCP is hosted on DCs as DCs are allowed to do everything because "Enterprise Domain Controllers" have permissions to all records! To provide for the possibility for other DHCP servers to update the same records each DHCP server COULD be placed in the DNSUpdateProxy Group, BUT this ALSO means that records (and the records of the DHCP server itslef) registered by DHCP servers that are in that group have NO OWNER meaning that every machine/user has the permission to update those records. THIS IS VERY INSECURE, especially when DHCP servers are hosted on DCs (as the ALL the DC record also are insecured!). There is another MORE SECURE way to allow all (and only) DHCP servers to register/update the same records.
For W2K and W2K3 configure a user account to be used (a MUST when DHCP is on a DC!) on each DHCP server so that user account becomes the owner and has the permissions to register/update the client records. Configuring a user account can be done in the following way: * For W2K3: Use the DHCP MMC, right the DHCP server name, select the advanced tab and configure the "DNS dynamic updates registration credentials" * For W2K: the GUI does not provide the same ability as the GUI in W2K3 but it can be configured through typing the following commands: NETSH DHCP SERVER \\<servername> SET DNSCREDENTIALS <UserName> <Domain> <Password> --> press enter (see also http://support.microsoft.com/?kbid=255134) For more info on this see also http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/p roddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/stan dard/proddocs/en-us/sag_DHCP_imp_InteroperabilityDNS.asp I think this should do it! Cheers! Jorge -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 2/22/2005 6:11 PM Subject: [ActiveDir] AD integrated DNS, DHCP, Static addresses, and record ownership I am looking for detailed documentation that would shed some light on how dynamic dns works. The initial registration works fine for us but if the ip address changes the dns entry is not updated. The DHCP servers are configured to register the workstations ip address. I don't know if this is a record ownership issue or DNS aging/scavenging not allowing the update for x days. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
