Preacher Man said:Can a standalone Win2K server be a DHCP server to my network?
I am studying
for the 70-216 and it tells me that a DHCP server must be Authorized in
Active Directory.
And if the server is a standalone then it can't authorize
in the Active Directory. Right?
[/QUOTE]Herb Martin said:Technically yes.
But if it is running Win2000/2003 then it cannot be
authorized -- this will EITHER cause it to stop sending
DHCP offers OR it will defeat the authorization process.
Unless their is a compelling reason, such DHCP servers
should be in the domain (or at least a trusted domain of
the forest).
Only non-MS DHCP servers should be left out (because
you have no real choice).
Then don't worry about such weird cases. Make it
part of the domain.
Correct.
It has not "computer account" to be authorized. Just as
a user with no account in the domain cannot be given
permissions directly (except through trusted domains.)
Ok here's an ignorant question. What if there is no domain?
Herb Martin said:Ok here's an ignorant question. What if there is no domain?
Then authorization is irrelevant as there is "No domain"
in which to authorize anything.
A better question (naive not ignorant) would be: If their
is a domain with authorization enabled (i.e., at least one
DHCP server is authorized) and a workgroup or other
domain on the same wire (broadcast domain) then what
stops the DHCP servers which aren't in the authorized
domain from handing out addresses?
[Servers that aren't in the domain don't query the domain
for the authorized list.]
The answer is: the authorized DHCP servers broadcast
DHCP_INFORM messages indicating that authorization
is require and the non-domain DHCP servers respect this
IF they receive the broadcast.
(It's no worse than a UNIX or NT DHCP server and MIGHT
be better.)
Moral for real life: Never DEPEND on authorization to
protect you, but be happy when it does.
Preacher Man said:I guess what I was asking is, if there is no domain can a Windows 2000
standalone still operate as a general DHCP server?
In reading your reply I
think the answer is no, but I want to be clear.
Thanks again for helping
the less knowledgeable.
I think I make things too difficult sometimes.
Herb Martin said:Ok here's an ignorant question. What if there is no domain?
Then authorization is irrelevant as there is "No domain"
in which to authorize anything.
A better question (naive not ignorant) would be: If their
is a domain with authorization enabled (i.e., at least one
DHCP server is authorized) and a workgroup or other
domain on the same wire (broadcast domain) then what
stops the DHCP servers which aren't in the authorized
domain from handing out addresses?
[Servers that aren't in the domain don't query the domain
for the authorized list.]
The answer is: the authorized DHCP servers broadcast
DHCP_INFORM messages indicating that authorization
is require and the non-domain DHCP servers respect this
IF they receive the broadcast.
(It's no worse than a UNIX or NT DHCP server and MIGHT
be better.)
Moral for real life: Never DEPEND on authorization to
protect you, but be happy when it does.
Herb Martin said:Preacher Man said:I guess what I was asking is, if there is no domain can a Windows 2000
standalone still operate as a general DHCP server?
Yes, that is what I explained.
In fact, a DHCP server MIGHT operate with a domain
(If you don't setup at one as authorized they do not respect
the principal.)
In reading your reply I
think the answer is no, but I want to be clear.
Then I am not writing very clearly.
Without a doman there is nothing and nowhere to
authorize -- unless they hear broadcasts (from authorized
servers of a domain in the same network) indicating
authorization is required, they operate normally.
So with no domain at all -- they just work.
Thanks again for helping
the less knowledgeable.
You are welcome.
I think I make things too difficult sometimes.
Simplification is a learnable skill. Perhaps worth as
much as an MCSE, and certainly one of the most important
skills for OBTAINING an MCSE or any computer expertise.
One of my heroes said:
"As simple a possible and no simpler." -- A. Einstein.
Another wise man once said:"
"The answer to the question is the question itself."
(several simple meanings AND several deep meanings)
Herb Martin said:Ok here's an ignorant question. What if there is no domain?
Then authorization is irrelevant as there is "No domain"
in which to authorize anything.
A better question (naive not ignorant) would be: If their
is a domain with authorization enabled (i.e., at least one
DHCP server is authorized) and a workgroup or other
domain on the same wire (broadcast domain) then what
stops the DHCP servers which aren't in the authorized
domain from handing out addresses?
[Servers that aren't in the domain don't query the domain
for the authorized list.]
The answer is: the authorized DHCP servers broadcast
DHCP_INFORM messages indicating that authorization
is require and the non-domain DHCP servers respect this
IF they receive the broadcast.
(It's no worse than a UNIX or NT DHCP server and MIGHT
be better.)
Moral for real life: Never DEPEND on authorization to
protect you, but be happy when it does.
Preacher Man said:ooohhhh. I finally get it. The DCs is what sends out the broadcast to
shutdown any unauthorized DHCP servers. And if there is no DC there is not
shutdown broadcast. Cool. Thanks again. You da man Herb.
Herb Martin said:Preacher Man said:I guess what I was asking is, if there is no domain can a Windows 2000
standalone still operate as a general DHCP server?
Yes, that is what I explained.
In fact, a DHCP server MIGHT operate with a domain
(If you don't setup at one as authorized they do not respect
the principal.)
In reading your reply I
think the answer is no, but I want to be clear.
Then I am not writing very clearly.
Without a doman there is nothing and nowhere to
authorize -- unless they hear broadcasts (from authorized
servers of a domain in the same network) indicating
authorization is required, they operate normally.
So with no domain at all -- they just work.
Thanks again for helping
the less knowledgeable.
You are welcome.
I think I make things too difficult sometimes.
Simplification is a learnable skill. Perhaps worth as
much as an MCSE, and certainly one of the most important
skills for OBTAINING an MCSE or any computer expertise.
One of my heroes said:
"As simple a possible and no simpler." -- A. Einstein.
Another wise man once said:"
"The answer to the question is the question itself."
(several simple meanings AND several deep meanings)
Ok here's an ignorant question. What if there is no domain?
Then authorization is irrelevant as there is "No domain"
in which to authorize anything.
A better question (naive not ignorant) would be: If their
is a domain with authorization enabled (i.e., at least one
DHCP server is authorized) and a workgroup or other
domain on the same wire (broadcast domain) then what
stops the DHCP servers which aren't in the authorized
domain from handing out addresses?
[Servers that aren't in the domain don't query the domain
for the authorized list.]
The answer is: the authorized DHCP servers broadcast
DHCP_INFORM messages indicating that authorization
is require and the non-domain DHCP servers respect this
IF they receive the broadcast.
(It's no worse than a UNIX or NT DHCP server and MIGHT
be better.)
Moral for real life: Never DEPEND on authorization to
protect you, but be happy when it does.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.