Kurt, For remote offices, we have always made sure that we have 2 DC's both with DHCP, although only if they are in a secure location with restricted physical access, we have done this mainly for redundancy, we have looked at running DHCP from a centralised location, but even in this day and age, wan links or VPNs can sometimes be unreliable. This way if the WAN or VPN is down then the users can still logon and still browse the internet.
Cheers Matt -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: 21 February 2010 18:34 To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when "it wasn't working right", without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off "because I said so" but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ _____________________________________________________________ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at [email protected] . Thank You. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
