DHCP não deve ser instalado em um controlador de domínio

2

Por que o DHCP não deve ser instalado em um controlador de domínio? > Quais são as desvantagens disso? Quais problemas podem ser causados se eu o instalar no DC?

    
por user72647 01.03.2011 / 17:10

2 respostas

5

Esta não é a sabedoria convencional. Talvez você esteja confundindo RRAS com DHCP? Isso é problemático porque é multihome da DC. DHCP em DCs é extremamente comum.

    
por 01.03.2011 / 18:12
1

In addition, the DHCP Server service should not be placed on an Active Directory domain controller if this can be avoided. The reason for this is because this changes security related to service locator (SRV) records, which domain controllers are responsible for publishing. SRV records detail the location of domain controller s, Kerberos servers, and other servers, and the changes to the security of these records when you install DHCP means that the records could be altered by any client on the network. The reason this happens is because DHCP servers must be able to update client records dynamically if a client’s IP address changes. Because of this, they are made members of the DNSUpdateProxy group, and members of this group do not have any security applied to objects they create in the DNS database. If you can’t avoid placing DHCP on a domain con- troller, it is recommended that you remove the DHCP server from the DNSUpdateProxy group. This should avoid the security problem outlined here, but will also prevent the DHCP server from dynamically updating client records in DNS when the client IP addresses change.

Fonte: "Inside Out do Windows Server 2003"

    
por 15.12.2011 / 17:09