I have a win server 2k3 machine as a domain controller and a dhcp server. All of the wired machines work fine connecting to the domain controller and authenticating but the users that connect to the wireless router (and get their IPs from there) can't find the domain controller and access any of its resources.
So I ask, how do you get a computer to locate a domain controller on a network when it connects to a router on that network?
edit>the client is a win7 pro machine.
edit 2>I had a chance to try this out yesterday and it occurs to me that I left out an important piece of information: The router is the internet access as well.
Turning DHCP off on the router was no good; I could get all of the users logged onto the network and authenticated with the DC, but there was no internet. I did it the other way around and enabled DHCP on the router and disabled it on the server.
It works, every machine is on the internet, but I suspect that users aren't authenticating with the DC. I think this is the case because:
- I can't login to my machine with a different user account than one that has logged on to here in the past
- The "Network" name is just called "Network" in the network and sharing center (it was domainName.local before)
- Shared resources are sporadically unavailable.
I find it odd though because I can still access those resources (after a restart).
I'm guessing you have the wireless router still configured as a router. You need to turn off dhcp on that device and then just connect it to the rest of your network via one of its switch ports. This will turn it into a wireless bridge (instead of a router). After doing this, wireless clients will get their dhcp information from your 2k3 server and should have no connectivity issues.
**Edit after OP added additional information:
This is now sounding like a DNS problem. In an AD domain, clients use DNS to locate domain controllers. From what it sounds, you now have DHCP turned off on the server and turned on on your router. This is fine - you just need to make sure that your DHCP options are set up right.
Since your router is providing your NAT/internet access, you need to make sure that it's setting its own IP address as the default gateway. I'm guessing it's already doing that, as most consumer-grade routers don't allow you to change this value. Also, you'll need to make sure that it's giving out the IP address of your AD server as the primary DNS server. Without doing this, your clients won't be able to look up the IP address of the DC. A follow-on to this is that you'll need to make sure DNS is configured properly on your DC. In the default state, when clients send a DNS request to the server, the server will only be able to give an answer for domains that it knows about. In your case, this will be the domain of your AD. In order to get "full" DNS functionality out of that server, you'll need to specify a DNS forwarder in the DC's DNS server configuration. For this value, enter the IP address(s) of your ISP's dns servers. After doing this, your DC will be able to forward DNS queries it doesn't know the answer to on to your ISP's DNS server.
ErikA's answer was correct but left out a key part, which was why you had no internet access when you implemented it. Since the router in question is between the domain controller and the internet, the domain controller needs to point to that router as the default gateway. That said, assuming that active directory/dhcp/dns are all configured correctly on the server, here is what should be done.
If there is routing between the DC and the wireless router, you can just set the DNS server in the router to be the DC.
If there is no routing, you need do do as Erik has said.
Does the wireless router DHCP give out the correct DNS servers, ie the IP for your domain controllers and not the IP to itself? If not, that's the first thing to fix.
Second, having two DHCP servers might be a bit of a problem - deactivate one of the and have the other one doing the work solo.
Third, ErikA's answer is the neatest way to go...
Most likely your router works as firewall between AD and client.
Try to add rule allowing all traffic to and from the server. In my case I also had to allow Netbios over TCP.