Back

Configuring Multi NIC Domain Controllers for Single IP

stylebackground white Insure that all the NICS only point to your internal DNS servers only and none others such as your ISPs ...

3 min read
Published on Apr 6, 2013
configuration-for-multi-nic-domain-controller-to-publish-single-ip-for-windows-server-2008-r2-2012
  • Insure that all the NICS only point to your internal DNS server(s) only and none others, such as your ISP’s DNS servers’ IP addresses.

  • In Network & Dialup properties, Advanced Menu item, Advanced Settings, move the internal NIC (the network that AD is on) to the top of the binding order (top of the list). http://windows.microsoft.com/en-US/windows-vista/Change-the-order-of-network-protocol-bindings

  • Disable the ability for the Internet NIC to register. The procedure, as mentioned, involves identifying the Internet NIC’s GUID number. This link will show you how: 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per NIC too): http://support.microsoft.com/?id=246804

  • Disable NetBIOS on the outside NIC. That is performed by choosing to disable NetBIOS in IP Properties, Advanced, WINS, disable NetBIOS

  • Disable the “File and Print Service” and disable the “MS Client Service” on the Internet NIC. That is done in NIC properties by unchecking the respective service under the general properties page. If you need these services on the outside NIC (which is unlikely), which allow other machines to connect to your machine for accessing resource on your machine (shared folders, printers, etc.), then you will probably need to keep them enabled.

  • Uncheck “Register this connection” under IP properties, Advanced settings, in IP4 and IP6 “DNS” tab.

  • Delete the Internet NIC IP address, disable Netlogon registration, and manually create the required records:

  • In DNS under the zone name, (your DNS domain name), delete the Internet NIC’s IP references for the “LdapIpAddress”. If this is a GC, you will need to delete the GC IP record as well (the “GcIpAddress”). To do that, in the DNS console, under the zone name, you will see the _msdcs folder. Under that, you will see the _gc folder. To the right, you will see the IP address referencing the GC address. That is called the GcIpAddress. Delete the IP addresses referencing the Internet NIC.

  • To stop these two records from registering that information, use the steps provided in the links below: Private Network Interfaces on a Domain ontroller Are Registered in DNS http://support.microsoft.com/?id=295328 The one section of the article that disables these records is done with this registry entry:

    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters

    DnsAvoidRegisterRecords

    Data type: REG_MULTI_SZ

    Values (2 lines):

    LdapIpAddress

    GcIpAddress

  • Then you will need to manually create these two records in DNS with the IP addresses that you need for the DC. To create the LdapIpAddress, create a new host under the domain, but leave the “hostname” field blank, and provide the internal IP of the DC, which results in a record that looks like:

    • (same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative purposes
  • You need to also manually create the GcIpAddress as well, if this is a GC. That would be under the _msdcs._gc SRV record under the zone. It is created in the same fashion as the LdapIpAddress mentioned above.

  • In the DNS console, right click the server name, choose properties, then under the “Interfaces” tab, force it only to listen to the internal NIC’s IP address, and not the IP address of the Internet NIC.

  • Since this is also a DNS server, the IPs from all NICs will register, even if you tell it not to in the NIC properties. See this to show you how to stop that behavior (this procedure is for Windows 2000, but will also work for Windows 2003): 275554 - The Host’s A Record Is Registered in DNS After You Choose Not to Register the Connection’s Address: http://support.microsoft.com/?id=275554

Learn about our Managed Service & Cloud Consulting services.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

GCC High Vs GCC for Protecting CUI with CMMC

Learn the key differences between GCC and GCC High for handling CUI under CMMC, DFARS, and NIST 800-171. Find out which cloud meets your compliance needs.

Mar 31, 2025
4 min read
Risks of not using a CMMC RPO

The Risks of Not Using a CMMC RPO for Compliance and Certification Readiness

A CMMC RPO helps organizations prepare for certification and avoid compliance failures. Learn why working with an RPO is essential for achieving CMMC compliance.

Mar 20, 2025
8 min read
CMMC 2.0 Require GCC High for Compliance

Does CMMC 2.0 Require GCC High for Compliance?

Does CMMC 2.0 require GCC High? Learn the cloud options for compliance, data security, and protecting CUI under NIST 800-171 and DFARS.

Mar 17, 2025
10 min read
Office 365 License Comparison: Business Plans Vs. E5, E3 and E1

CMMC RPO vs a C3PAO: Understanding Their Roles in Compliance

Understanding the difference between an RPO and a C3PAO is crucial for CMMC compliance. Learn why they should be separate and how an RPO helps prepare for certification.

Mar 15, 2025
6 min read
Can You Meet CMMC with Google Workspace?

Can You Meet CMMC with Google Workspace?

Is Google Workspace CMMC compliant? Learn about its DFARS, NIST 800-171, and ITAR limitations and how migrating to GCC High ensures full compliance.

Mar 4, 2025
7 min read
Is Maintaining a GCC High Tenant Worth It for Non-Government

Evaluating the Need for a GCC High Tenant in Non-Government Organizations

Explore whether maintaining a GCC High tenant is necessary for organizations not involved in government work. Understand the pros and cons, costs, and compliance considerations.

Feb 25, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation