Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Switching from pfSense to Windows AD for DHCP & DNS

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aqxea
      last edited by

      Hi, I am new to pfSense.  I recently bought a used server on eBay and I have ESXi 6 installed with a handful of virtual machines running on them.  I followed this guide to setting up pfSense in ESXi  https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5 and I have 2 Windows Server 2012 R2 VMs, a couple of Windows 10 VMs, and one Windows Server 2016 VM all up and running on an isolated subnet from my home network.  They all have internet access through pfSense with default settings.

      This is how I have pfSense currently setup along with my ESXi network.
      http://imgur.com/a/nP42c

      My goal is to create a lab network completely separate from my home network and use Windows Active Directory.  Currently pfSense is issuing IP addresses.  My question is, what is the best way of going about setting up my Windows Servers as Domain Controllers with AD, DHCP, and DNS roles, and disabling DHCP and DNS in pfSense?

      I hope this make sense.  It's probably an easy question, but I don't want to enable DHCP and DNS on the Windows Servers first and have them conflict with pfSense, and if I disable these functions in pfSense first, I don't want to loose internet access or the ability to connect to the pfSense interface.

      Thank you,
      Mike

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        let the run none-overlapping pools. so lets say pfSense from .10->.20 & windoze .30->.40

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          That's not what he's asking for.

          DNS running on the second pfSense interface (OPT1) doesn't matter because it will only do anything if the hosts on that subnet have it configured as their DNS server. Just don't do that. You could, in fact, set your hosts to use the DCs for DNS then have the DCs forward to pfSense for actual Internet DNS resolution.

          When you create an OPT1 interface a DHCP server is not created automatically so there will be no DHCP server so no problem. If you want to just use LAN that was automatically created, got to Services > DHCP Server and disable it. Configure your DC DHCP server to give your AD clients the addresses of your DCs for DNS.

          Neither has anything to do with whether you have internet access or not, other than without good DHCP and DNS, which should be provided by the DCs, the internet won't work.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.