HowTo setup NS DC

NethServer Version: 7.9.2009
Module: AD Container

Good Morning,

right now I am planning to replace our Windows Server 2016 Standard AD DC with a NS DC.

After reading the manual some questions popped up I would like to ask howto.

I got it right that the AD DC gets an own IP adress on a NS. Do I have to give the WIN clients as a DNS Entry the container IP ??

The DNS of the NS won´t get any entries to avoid issues with AD Domain ?

The Port forwarding on our router gets what target ? The IP from NS itself or the container IP from AD ?

I usually connect Network shares with the IP adress and not the servername. Even in true WIN AD I do it that way. If I connect to shares which ip I have to choose ? The NS or the container IP ?

Thx in advance.



Morning Thomas!

I would enter in the IP of your AD in NethServer’s DNS.
You can easily make entries as needed in NethServer’s DNS, I use this at all clients along with OPNsense as primary DNS.

AD’s IP does NOT need access from the Internet.
But NethServer does need Portforwarding, if you want to run LetsEncrypt easily!
(LE verifiys that the server is available using http (Port 80).

The shares are on Nethserver, so you need to use that IP.
Clients can use Name or IP, both work!

You CAN use GPO to set clients Shares, install MS-RSAT on a Win10 (Admin-PC).
You do need Domain Admin rights for most stuff!

If you plan on using Nextcloud, add in a group nextcloud-users to your AD.
This makes it possible that you only have real users in Nextcloud, not every Windows System Users and Groups… This clutters up the user list and makes for a very bad overview.

BTW: I use certain IP standards at all clients, eg:

NS-AD: 11
NS: 20
Printer: 31
NAS: 70
PBS: 78
Proxmox 61, 62, etc.

If you like I can send you the XL list as a sample to use…
It has entries for POS, Cameras, Home Automation; VoIP / SIPfones and much more…

My 2 cents


Please do this! I am in the middle of a new SAMBA/AD Nethserver deployment for a client with 10 users and a TrueNAS fileserver. After all of my Win 10 machines have been registered on the domain, every time someone logs in, this GPO kicks in and mounts the file shares to the user’s group membership. No scripting, 1 mapped drive GPO to rule them all and very easy to setup.