Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Switching from pfSense to Windows AD for DHCP & DNS

    Installation and Upgrades
    3
    3
    1308
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aqxea last edited by

      Hi, I am new to pfSense.  I recently bought a used server on eBay and I have ESXi 6 installed with a handful of virtual machines running on them.  I followed this guide to setting up pfSense in ESXi  https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5 and I have 2 Windows Server 2012 R2 VMs, a couple of Windows 10 VMs, and one Windows Server 2016 VM all up and running on an isolated subnet from my home network.  They all have internet access through pfSense with default settings.

      This is how I have pfSense currently setup along with my ESXi network.
      http://imgur.com/a/nP42c

      My goal is to create a lab network completely separate from my home network and use Windows Active Directory.  Currently pfSense is issuing IP addresses.  My question is, what is the best way of going about setting up my Windows Servers as Domain Controllers with AD, DHCP, and DNS roles, and disabling DHCP and DNS in pfSense?

      I hope this make sense.  It's probably an easy question, but I don't want to enable DHCP and DNS on the Windows Servers first and have them conflict with pfSense, and if I disable these functions in pfSense first, I don't want to loose internet access or the ability to connect to the pfSense interface.

      Thank you,
      Mike

      1 Reply Last reply Reply Quote 0
      • H
        heper last edited by

        let the run none-overlapping pools. so lets say pfSense from .10->.20 & windoze .30->.40

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          That's not what he's asking for.

          DNS running on the second pfSense interface (OPT1) doesn't matter because it will only do anything if the hosts on that subnet have it configured as their DNS server. Just don't do that. You could, in fact, set your hosts to use the DCs for DNS then have the DCs forward to pfSense for actual Internet DNS resolution.

          When you create an OPT1 interface a DHCP server is not created automatically so there will be no DHCP server so no problem. If you want to just use LAN that was automatically created, got to Services > DHCP Server and disable it. Configure your DC DHCP server to give your AD clients the addresses of your DCs for DNS.

          Neither has anything to do with whether you have internet access or not, other than without good DHCP and DNS, which should be provided by the DCs, the internet won't work.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post