1

I've read some conflicting posts, so hopefully I can get a clear answer.

I have pfSense running as a DHCP server and DNS Forwarder. I'd like to try out Active Directory as a Domain Controller at home using Windows Server 2012 R2. Would I have to set up Server 2012 R2 as a DHCP/DNS server as well for AD to work properly?

Improve this question

1 Answer 1

Reset to default
0

Active Directory doesn't require DHCP, but it does require DNS. You'd need to set up some sort of DNS for it to work (Microsoft, BIND, etc). Most people use their Active Directory server as their DHCP and DNS server as well, though, as the integration of the three makes things easier.

I'd set up your server as AD/DHCP/DNS, disable the DHCP and DNS forwarding on pfSense, and tell your MS DNS server to take care of the DNS forwarding.

Improve this answer
6
  • Thanks for the advice, but it'd be nice to know why this would be best practice. From the little that I've found, it's possible to have a separate DNS server (e.g. pfSense, if that can even be done - I'm not too familiar with it).
    – Marc05
    Commented Jul 23, 2014 at 4:41
  • 1
    Well when put AD and DHCP and DNS together on one server, they all automatically interoperate together. You can get much of the same functionality with external DNS and DHCP, but you'd have to do some additional configuration. And given that MS's DHCP and DNS are free and does everything most people need, it makes it an easy solution for them.
    – DarkMoon
    Commented Jul 23, 2014 at 6:48
  • Thanks, this led me to find another post: "You can achieve the goal by setting DNS forwarder on all your AD integrated DNS servers, so that the DNS queries that can’t be resolved by your AD DNS server will be forwarded to this separate server." I'll probably have Windows Server 2012 R2 do all of it though.
    – Marc05
    Commented Jul 24, 2014 at 1:41
  • Well, DNS forwarders are what most companies use. For instance, we have our internal DNS server that takes care of our internal domains, but we don't setup and maintain DNS entries for every domain on the Internet. We set up our DNS server to "forward" requests to an external server for non-internal domains, so we only have to worry about the internal ones. Our DNS server then caches the reply for a while, so if someone else requests the same DNS entry, it doesn't have to go out and get it again.
    – DarkMoon
    Commented Jul 24, 2014 at 2:32
  • 1
    Well, it looks like mainly, you need to ensure that you add a few SRV records for service location. If you Google "pfsense dns active directory", you should find a few posts explaining what's needed to make this work.
    – DarkMoon
    Commented Jul 25, 2014 at 4:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .