Do not add any User accounts to this group! This group is located in the built-in 'Users' container. add the *computer account* of the DHCP server(s) to the DnsUpdateProxy group in AD. You may have to delete a device's lease from the server and then do an ipconfig /release and /renew (or reboot.) on that device to pull a new lease from DHCP server.Ī few other things I failed to mention earlier: The DHCP server should register the DNS A-record when a *new lease* is created. Make sure password is strong and set to never expire -) So just to be sure, is this user account also a member of Domain Users group? It should not need to be a member of DHCP Administrators group, I don't think it would break anything but I've always just used a Domain User-level acct and I know this works. So far that doesn't appear to have done anything. No, I have now made a user account and added the account to the DHCP administrators group and then added that account under the credentials section in DHCP. I recommend creating a dedicated user account for this purpose, it does not need any 'special' permissions, membership in the Domain Users group is all that is required. In order for the DHCP server to register/update DNS records on the client's behalf, you need to configure Dynamic update credentials on the DHCP server. Have you configured update credentials on the DHCP server? The previous role holder for this job did a poor job and now everything is starting to come back to haunt me.Įdit: Updated number of DC's and clarified locations of DC's I think this DNS issue might also be the cause of other devices not working correctly. The forward lookup zone is set to allow secure and none secure updates and both ageing options are set to 7 hours.ĭHCP server is also DC (FISMO roles) and is running Windows Server 2016 standard. Only one DNS server is set in the scope options (there are four DNS servers in total, three on one site and one on another). The DNS options are set to always dynamically update, discard A and PTR records and Dynamically update DNS records for Clients that not not request updates. Entries that I removed in DNS have not come back.ĭHCP leases is set to eight days (have tried 1 hour but made no difference). If I manually update the DNS entry (or add a manual entry) in the forward lookup zone the locks appear correctly in the security console. There were two DHCP servers with the exact same scopes but I have completely removed the older of these DHCP servers. New wireless/tap card locks are not reporting correctly in DNS. As I just accidentally hit the back button and wiped out everything I had previously typed I will keep this sort.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |