[THIN] Re: Active Directory question

  • From: "Jeff Durbin" <techlists@xxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Wed, 21 Jul 2004 08:42:41 +1200

It could have to do with DHCP if you have Conflict Detection enabled. See:
 
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/
17w2kada.mspx
On the Advanced tab, set Conflict Detection Attempts to a value other than
zero. The value you enter determines the number of times DHCP server checks
an IP address before leasing it to a client. DHCP server checks IP addresses
by sending a ping request over the network.

 The workstations can ping the default gateways at startup if they can't
find the DHCP server also:

The availability of a DHCP server doesn't effect startup or logon (in most
cases). DHCP clients can start and users can log on even if a DHCP server
isn't available. During startup, the client looks for a DHCP server. If a
DHCP server is available, the client gets its configuration information from
the server. If a DHCP server isn't available and the client's previous lease
is still valid, the client pings the default gateway listed in the lease. A
successful ping tells the client that it's probably on the same network it
was on when it was issued the lease, and the client will continue to use the
lease as described previously. A failed ping tells the client that it may be
on a different network. In this case, the client uses IP autoconfiguration.
The client also uses IP autoconfiguration if a DHCP server isn't available
and the previous lease has expired.

 
Food for thought.
 
JD


  _____  

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Luchette, Jon
Sent: Tuesday, 20 July 2004 5:46 a.m.
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Active Directory question



Hello,  

 

We have recently set up an IDS (Intrusion Detection) system on our network
and are seeing a large amount of ICMP traffic (pings) traveling from all
client workstations to our two Domain Controllers, that are also running
DNS.  We are a mixed mode domain.  I was just wondering if anybody knew if
it is normal for a client workstation to contact a domain controller at
regular intervals via ping/ICMP or not?  Why does this happen/is this
something that I should worry about?  

 

Thanks,

 

/jL

Other related posts: