Computers & ProgrammingComputers & NetworkingWindows Server

Designing Active Directory for a SOHO Network

If you are unfamiliar with the term SOHO, it is just an acronym for the phrase, Small Office/Home Office. This article will summarize some high-level considerations with regard to an Active Directory design for small networks.

While the implementation is quite simple, aside from Active Directory, the DHCP and DNS services must be configured correctly, or your client PCs will not be able to communicate properly with your Active Directory Domain Controller(s).

A typical network design would be as follows:

Ff7Ccfcbea304389883C2185C3Bcf37F

The figure above depicts a simple network able to host up to 254 host IPs on the internal private local area network. If more than 254 nodes are required, the subnet mask can be expanded to allow more hosts. Otherwise, additional network segments can be created.

If more segments are introduced, the router must be able to support the creation of more than one VLAN or include multiple internal Ethernet ports. Consult your router’s documentation guide for more information.

DNS Considerations
A common issue on small networks is with the configuration of client DNS settings. If you implement Active Directory on your internal network, the client PCs must be configured to communicate with a DNS server that hosts or has the ability to resolve hostnames and/or SRV records in the domain.

With most Active Directory implementations, the DNS role is installed on the Domain Controllers themselves to take advantage of using Active Directory Integrated Zones. In default SOHO implementations, the DHCP role is active on the router, and clients are configured to use the router for DNS services.

Since the router uses DNS Proxy services, in most situations, you are unable to custom configure the router to forward requests to your internal DNS server(s). The router will simply forward DNS queries to the ISP’s DNS infrastructure. With this scenario, it would not be possible for your internal clients to communicate with your internal Active Directory domain.

DHCP Considerations
As previously mentioned, DHCP services are enabled by default for most consumer-based routers. If the DHCP service is customizable, you will need to configure the client DNS settings to point to the internal DNS server. In the figure above, you would point your clients to the IP address of 192.168.1.200, rather than the router which is performing DNS Proxy services.

If your router does not allow for flexible configuration, it is recommended that you disable DHCP services on the router, and install that role on an internal server on your network. If you only have one server, which is the DC, you can install the DHCP role on that server.

It is acceptable to run the Directory Services, DNS, and DHCP roles on the same server. Otherwise, if you have other servers on your network, you can install the DHCP role on one of those other servers.

If you install and configure DHCP services on your server, you’ll need to create a scope for your SOHO network. Using the design above, a typical scope configured on a Windows Server running DHCP will be as follows:

0Ec6D79985E24355B453C3D28D591609

In this DHCP configuration, the scope range is set to 192.168.1.1192.168.1.254. Since you have nodes on this network configured to use static IPs, an exclusion range of 192.168.1.100192.168.1.254 was added to ensure that DHCP leases are not issued in that range. Depending on your network requirements, these ranges will need to be adjusted to meet your needs.

If your Active Directory domain, DNS, and DHCP are properly configured, most of the name resolution issues associated with directory services will be mitigated.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top