Back

Configuring Multi NIC Domain Controllers for Single IP

stylebackground white Insure that all the NICS only point to your internal DNS servers only and none others such as your ISPs ...

3 min read
Published on Apr 6, 2013
Configuring Multi NIC Domain Controllers for Single IP
  • Insure that all the NICS only point to your internal DNS server(s) only and none others, such as your ISP’s DNS servers’ IP addresses.

  • In Network & Dialup properties, Advanced Menu item, Advanced Settings, move the internal NIC (the network that AD is on) to the top of the binding order (top of the list). http://windows.microsoft.com/en-US/windows-vista/Change-the-order-of-network-protocol-bindings

  • Disable the ability for the Internet NIC to register. The procedure, as mentioned, involves identifying the Internet NIC’s GUID number. This link will show you how: 246804 - How to Enable-Disable Windows 2000 Dynamic DNS Registrations (per NIC too): http://support.microsoft.com/?id=246804

  • Disable NetBIOS on the outside NIC. That is performed by choosing to disable NetBIOS in IP Properties, Advanced, WINS, disable NetBIOS

  • Disable the “File and Print Service” and disable the “MS Client Service” on the Internet NIC. That is done in NIC properties by unchecking the respective service under the general properties page. If you need these services on the outside NIC (which is unlikely), which allow other machines to connect to your machine for accessing resource on your machine (shared folders, printers, etc.), then you will probably need to keep them enabled.

  • Uncheck “Register this connection” under IP properties, Advanced settings, in IP4 and IP6 “DNS” tab.

  • Delete the Internet NIC IP address, disable Netlogon registration, and manually create the required records:

  • In DNS under the zone name, (your DNS domain name), delete the Internet NIC’s IP references for the “LdapIpAddress”. If this is a GC, you will need to delete the GC IP record as well (the “GcIpAddress”). To do that, in the DNS console, under the zone name, you will see the _msdcs folder. Under that, you will see the _gc folder. To the right, you will see the IP address referencing the GC address. That is called the GcIpAddress. Delete the IP addresses referencing the Internet NIC.

  • To stop these two records from registering that information, use the steps provided in the links below: Private Network Interfaces on a Domain ontroller Are Registered in DNS http://support.microsoft.com/?id=295328 The one section of the article that disables these records is done with this registry entry:

    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParameters

    DnsAvoidRegisterRecords

    Data type: REG_MULTI_SZ

    Values (2 lines):

    LdapIpAddress

    GcIpAddress

  • Then you will need to manually create these two records in DNS with the IP addresses that you need for the DC. To create the LdapIpAddress, create a new host under the domain, but leave the “hostname” field blank, and provide the internal IP of the DC, which results in a record that looks like:

    • (same as parent) A 192.168.5.200 (192.168.5.200 is used for illustrative purposes
  • You need to also manually create the GcIpAddress as well, if this is a GC. That would be under the _msdcs._gc SRV record under the zone. It is created in the same fashion as the LdapIpAddress mentioned above.

  • In the DNS console, right click the server name, choose properties, then under the “Interfaces” tab, force it only to listen to the internal NIC’s IP address, and not the IP address of the Internet NIC.

  • Since this is also a DNS server, the IPs from all NICs will register, even if you tell it not to in the NIC properties. See this to show you how to stop that behavior (this procedure is for Windows 2000, but will also work for Windows 2003): 275554 - The Host’s A Record Is Registered in DNS After You Choose Not to Register the Connection’s Address: http://support.microsoft.com/?id=275554

Learn about our Managed Service & Cloud Consulting services.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

Understanding the GCC High Validation Process

Understanding the GCC High Validation Process

Learn how Microsoft validates organizations for GCC High, including eligibility requirements, documentation, and approval timelines for secure cloud access.

Sep 3, 2025
8 min read
Azure Backup Features and Advantages | Data Protection Guide

Understanding Azure Backup: Features and Advantage

Explore the key features and benefits of Azure Backup, including secure cloud-based recovery, policy automation, and compliance-friendly storage.

Sep 2, 2025
6 min read
How to Obtain GCC High Licenses for Your Organization

How to Obtain GCC High Licenses for Your Organization

Learn how to obtain GCC High licenses for your organization. Understand eligibility, required documentation, and Microsoft’s validation process for secure government cloud use.

Sep 1, 2025
7 min read
Top CMMC Assessment Checklist Resources

Top 7 CMMC Assessment Checklist Resources

Explore the top CMMC assessment checklist resources to prepare for compliance. Learn what tools, templates, and guides can streamline your certification journey.

Aug 28, 2025
6 min read
Cloud Backup Solutions for Microsoft 365 | Benefits & Protection

Benefits of Implementing Cloud Backup Solutions for Microsoft 365

Learn the key benefits of cloud backup for Microsoft 365, including enhanced data protection, compliance support, and recovery from cyber threats.

Aug 27, 2025
6 min read
CMMC Level 3 Security Controls: Understanding NIST 800-172

Understanding NIST 800-172 Enhanced Security Controls for CMMC Level 3

Learn how NIST 800-172 enhances CMMC Level 3 compliance with advanced security controls for protecting CUI against sophisticated cyber threats.

Aug 27, 2025
7 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation