+ Post New Thread
Results 1 to 14 of 14
Windows Thread, Strange DHCP entry in Technical; Hello everybody Hopefully someone can shed some light on this because I'm just stumped. I found a strange entry in ...
  1. #1

    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    167
    Thank Post
    54
    Thanked 17 Times in 16 Posts
    Rep Power
    21

    Strange DHCP entry

    Hello everybody

    Hopefully someone can shed some light on this because I'm just stumped.

    I found a strange entry in the dhcp IP lease list. The computer name didn't follow our naming conventions and it also had a FQDN. There was no active directory account or a DNS entry for this computer.

    I've been told that one of our sixth form has been plugging his laptop into the network, but if this is his laptop and he has managed to join the domain, why no AD or DNS entries?

    I could do without this as we finish for Christmas tomorrow.

    Thanks

  2. #2


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 434 Times in 353 Posts
    Rep Power
    126

    Re: Strange DHCP entry

    You don't need to join the domain to get a DHCP entry. Depending how your network is set up it might be possible for him to plug and get internet access.

    It also could be something like a printer or access point.

  3. #3

    Join Date
    Dec 2005
    Posts
    521
    Thank Post
    34
    Thanked 86 Times in 76 Posts
    Rep Power
    39

    Re: Strange DHCP entry

    If you have DHCP providing IP addresses for your network a user will be allocated an ip address and be visible on your network.

    More often than not - just sat in the workgroup.

    I'm guessing with no AD or DNS entries he wont have joined your domain at all... just has an ip address.

    Depending on how your network is setup securitywise he could access many things or nothing

    The same happened at the school I work at and now I'm much more relaxed knowing we dont use DHCP anymore.

  4. #4

    Join Date
    Mar 2007
    Posts
    1,748
    Thank Post
    79
    Thanked 288 Times in 219 Posts
    Rep Power
    70

    Re: Strange DHCP entry

    its the fqdn bit i dont understand, we have the same here.

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110

    Re: Strange DHCP entry

    Some devices and OS append the domain suffix if you specify it in dhcp, others do not. You don't have to be a domain member to do it.

  6. #6
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33

    Re: Strange DHCP entry

    Possibly you haven't tweaked your domain to remove the right for ordinary users to add up to 10 computers to the domain (?)

    Is it possible he's added his laptop, picked up a DHCP lease with a FQDN, then removed his computer from the domain again - with DHCP being the only place that leaves a trace.

    I had a few muppets do this, so I now get email alerts each time there's a new DHCP lease. It can get a bit "noisy" at the start of term, but I feel more on top of the situation. We've also removed the right to add computers to the domain for standard users.

  7. #7

    Join Date
    Aug 2005
    Location
    Birmingham
    Posts
    167
    Thank Post
    54
    Thanked 17 Times in 16 Posts
    Rep Power
    21

    Re: Strange DHCP entry

    Quote Originally Posted by strawberry
    its the fqdn bit i dont understand, we have the same here.
    Here a DHCP entry only shows a FQDN after a computer has been joined to the domain, until then just the computer name is shown.

  8. #8

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,131
    Thank Post
    1,907
    Thanked 1,342 Times in 741 Posts
    Blog Entries
    3
    Rep Power
    395

    Re: Strange DHCP entry

    It's a shame you can't send a 10,000 volt surge down the cable that blows their bloody laptop to bits when they plug it in isn't it!?

  9. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339

    Re: Strange DHCP entry

    @jcs808 - I agree with what's been already said. The user just has an IP allocated by DHCP which is completely normal. They could then browse the web (for example) manually entering proxy settings (if you use a proxy). They cannot browse the network and even if they entered \\servername\sharename, they'll still be asked for a username and password.

    If there's no entry in AD or DNS then they haven't joined the domain.

  10. #10
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33

    Re: Strange DHCP entry

    With dynamic updates, would a computer which is removed from the domain not also have its DNS record removed? Obviously the computer account would go from AD at the same time.

    EDIT: Failing that, it's also possible DNS scavenging could be set up on a more aggressive interval than DHCP lease expiry. Either way it sounds consistent with the computer having been added to the domain and then removed again.

  11. #11
    AustenLowe
    Guest

    Re: Strange DHCP entry

    It sounds like your dns zone for your domain has Nonsecure and Secure Dynamic updates allowed which is why a foreign device has a fqdn address.
    When configured to secure only, the dhcp mmc will only show the devices hostname as it wont allow the host to register an A-record (and PTR if setup) unless it belongs to the Active Directory domain.

  12. #12

    Join Date
    Mar 2011
    Location
    Canberra
    Posts
    108
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    11
    just a rogue device....student laptop or staff laptop from home perhaps....

  13. #13

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,829
    Thank Post
    840
    Thanked 1,399 Times in 962 Posts
    Blog Entries
    47
    Rep Power
    603
    Quote Originally Posted by rbance View Post
    just a rogue device....student laptop or staff laptop from home perhaps....
    nuh-nuh-nuh-nuh-nuh-nuh-nuh-nuh nuh-nuh-nuh-nuh-nuh-nuh-nuh-nuh NECRO

  14. #14

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,068
    Thank Post
    379
    Thanked 428 Times in 317 Posts
    Rep Power
    361
    well that was a blast from the past...

SHARE:
+ Post New Thread

Similar Threads

  1. MRBS - Entry Types
    By Mauger in forum Network and Classroom Management
    Replies: 5
    Last Post: 9th January 2008, 11:38 AM
  2. Temp data entry/admin job, must have CRB based in Bath
    By SpecialAgent in forum Educational IT Jobs
    Replies: 0
    Last Post: 25th October 2007, 11:00 AM
  3. Adding DNS Entry
    By thegrassisgreener in forum Windows
    Replies: 13
    Last Post: 2nd October 2007, 10:17 AM
  4. [ACS] Double Entry - Report
    By mark80 in forum MIS Systems
    Replies: 3
    Last Post: 7th June 2007, 02:53 PM
  5. Log entry if RAM is removed?
    By pete in forum Windows
    Replies: 21
    Last Post: 20th February 2006, 07:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •