+ Post New Thread
Results 1 to 5 of 5
Windows Thread, DNS for AD Group in Technical; Hi, Is there a way to have a certain AD group use 1 set of DNS and the rest use ...
  1. #1

    Join Date
    Apr 2007
    Location
    York
    Posts
    548
    Thank Post
    8
    Thanked 4 Times in 4 Posts
    Rep Power
    19

    DNS for AD Group

    Hi,
    Is there a way to have a certain AD group use 1 set of DNS and the rest use another.

    Basically I have blocked facebook.com via an A Record in DNS to a dead IP address. I want to block dailymotion for 1 group of users but allow it for everyone else. I don't have ISA

    Thanks

  2. #2

    Join Date
    Apr 2011
    Location
    Manchester
    Posts
    173
    Thank Post
    10
    Thanked 8 Times in 7 Posts
    Rep Power
    21
    I think the best option might be to setup a proxy.
    do you only have the one server?
    and I'm assuming you dont have a cache box(proxy)

    Depending on the current load or roles your server has then it might be worth installing squid proxy using AD authentication, I've never done this but based on the fact our school is using a Cache pilot from equinet it uses Ad auth and runs Squid. it allows you to block or allow access to certain sites depending on the AD group they belong to. as well as it's primary function to serve as a web cache.

  3. #3
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    I would do this with a proxy/firewall. But i guess you could do this the hard way by creating a loginscript that copies a modified hostname (that points facebook.com to dead ip) based on AD groups to the local machine.

    bio..

  4. #4
    januttall's Avatar
    Join Date
    Sep 2010
    Posts
    225
    Thank Post
    17
    Thanked 28 Times in 28 Posts
    Blog Entries
    1
    Rep Power
    13
    I have set up a ubuntu server box with squid, and dansguardian, webmin and the dansguardian plugin for webmin. we have difrent lists for difrent sets of users staff students admin. and it authenitcates via ident which we have deployed through GPO. there is also a script wich i think is on the dansguardian homepage to copy a list of specific users, we copy admin and staff as students are in the lower group so if some one brings anything in and connects they are automaticly filterd as students. and it can be set up transparently so no setings in each machine have to be specifyed if you so wished.

  5. #5

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    DNS is set per domain/network rather than per OU or Security Group. I don't think it'd ever be possible with how Active Directory currently works. I agree a proxy would be the best way.

SHARE:
+ Post New Thread

Similar Threads

  1. Dansguardian Use AD groups for filtering
    By bart21 in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 18th October 2010, 03:09 PM
  2. ISA 2006 + blocking internet for AD group
    By Paid_Peanuts in forum Windows
    Replies: 8
    Last Post: 7th December 2007, 06:46 PM
  3. Mapping AD groups to Unix groups
    By localzuk in forum *nix
    Replies: 23
    Last Post: 11th February 2007, 08:57 PM
  4. PC World seeks your expertise for Focus Group - Manchester
    By StewartKnight in forum General Chat
    Replies: 3
    Last Post: 7th February 2007, 10:10 PM
  5. Essential add-on for AD Users & Computers
    By ajbritton in forum Downloads
    Replies: 9
    Last Post: 10th August 2006, 02:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •