At 20:35 8/3/2003, you wrote:
Plan of Direction: ================== The plan is to consolidate all DNS/WINS/DHCP services on 2 Windows 2003 standaalone members. Not sure if I expose more security holes if I made these 2 Windows 2003 servers members of NT4 domain member server,
No extra exposure of security risks as long as the boxes are hardened and patched. (This holds true for any box though)
but the plan is once we have the Windows 2003 Active Directory in placed, we will upgrade these 2 Windows 2003 servers our future Windows 2003 Domain controllers.
be advised that you might want to do a lil research on DHCP scopes in AD that are authorized vs unauthorized.
Also, DNS will HAVE TO change one you start AD. DHCP and WINS can still remain outside of the domain, but not DNS.
Questions: ========== 1/ Am I exposing security risk to consolidate all DNS/WINS/DHCP services this way? I dont think Microsoft thinks this is risky for Windows 2003, but what do you agree Microsoft view?
No, but since you've got the machines, I would create a 3rd DHCP server on one of the NT4 boxes Configure it's lease time to be very short so if you have to take it off line, the machines will update quickly to one of the others.
2/ Even if no risk, would you still setup this way? How easy for an administrator to approach their disaster recovery? EG, what if the Active Directory or Global Catalog fails to function, would my DHCP still function to manage my reserved devices like printers and servers?
DHCP is not part of AD. So you are fine. Permissions related to AD objects however........ are a different story. If you have printers that you set security up on (accounting dept) and AD takes a plunge..then there is nothing to verify group membership to. The examples of the same situation with different faces abound. If AD dies, you have other serious issues.
3/ Can Microsoft DHCP server manage non-domain device like printers?
Absolutely. You might need to enable BOOTP since some printers only operate on BOOTP.
4/ Unless the network fails, the fact that I have 2 DHCP servers, DHCP service should continue to function even if one of them fails. Please confirm.
Yes. Make sure the scopes are not the same though. example: DHCP1 10.0.5.1-10.0.5.254 DHCP2 10.0.7.1-10.0.7.254 Assuming an approximately 16bit subnet mask or less.
Are you going to have them plugged into the same switch? Just thinking about single points of failure :-) let the mind wander :-)
-James
thank you.
Regards, BY
It depends on how you define network connectivity. If for some reason the DHCP service stopped processing requests, you would notice that machines without reservations would not be able to get new addresses, but your machines with reserved addresses should still have TCP/IP connectivity. What are your symptoms?
------ You are subscribed as [EMAIL PROTECTED] Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=nt2000&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED]
