Navigation
LANSG home Windows Active Directory Updates and security Server resources Server acquisition Linux OS X

Active Directory configuration

Firewall configuration

In order to maintain access to domain controllers through firewalls, please allow access to the following IP ranges. These ranges have been reserved for exclusive use by DCs and WINS servers.

128.250.6.88 - 128.250.6.95 unimelb.edu.au (128.250.6.88/29)
128.250.6.96 - 128.250.6.103 student.unimelb.edu.au (128.250.6.96/29)

128.250.144.64 - 128.250.144.79 unimelb.edu.au (128.250.144.64/28)
128.250.144.80 - 128.250.144.95 student.unimelb.edu.au (128.250.144.80/28)

Note that the last two also constitute a single subnet of 32 addresses (128.250.144.64/27).

For futher information on which ports needs to be considered, please contact LAN Server Group.

WINS servers

University policy stipulates that departments should configure their Windows clients to use the central WINS servers. There are no real benefits to having departmentally based WINS servers - an analogy would be each department maintaining its own internal telephone directory and keeping this information private.

Windows computers configured to use the central University DHCP server will automatically be assigned the correct WINS server addresses.

If you need to manually enter WINS information, please use the following:

128.250.144.64 (new, preferred)
128.250.144.80 (new, preferred)
128.250.6.95
128.250.6.96
128.250.6.97 (to be decommissioned July 2005)
128.250.6.98 (to be decommissioned July 2005)

The central University DHCP server issues the first four WINS servers in the order given above.

LDAP and Samba Kerberos

When configuring an LDAP or Samba client to query the Active Directory you must manually specify a server address. Rather than hard-coding a domain controller hostname or IP address, we recommend using the aliases below.

LANSG will update these aliases as required, ensuring that our routine replacement of domain controllers will not cause your configuration to suddenly fail.

For the UNIMELB domain:

ad1.unimelb.edu.au
ad2.unimelb.edu.au

For the STUDENT domain:

ad1.student.unimelb.edu.au
ad2.student.unimelb.edu.au

Other Samba configuration

To join a Samba server to the Active Directory, you will need to use the WINS and Kerberos settings described above. More detailed information is available in the Linux server course notes.

Domain controllers

You should try to avoid manually specifying a domain controller address if possible, as the hostnames and IP addresses may change when machines are decommissioned and replaced. This does not affect the overall working of the Active Directory but will cause problems for client configurations relying on a hardcoded address.

In case of logon scripts, consider using the %LOGONSERVER% environment variable.

For VBScript access to the LDAP provider consider using something along the lines of:

Set o_usr = GetObject("LDAP://ad1.unimelb.edu.au/cn=UserName,ou=ClientServices,ou=id,dc=unimelb,dc=edu,dc=au ")

Set o_usr = GetObject("LDAP://ad1.student.unimelb.edu.au/cn=UserName,ou=students,dc=student,dc=unimelb,dc=edu,dc=au ")

For feedback or suggestions on this information, please contact LAN Server Group.

top of page

Information Division LAN Server Group