I will like to block some of the users with OpenDNS, but let the manager browse freely.
I added the OpenDNS forwarders to the Domain Controller (Windows server 2008 R2) and all the clients are using the DC DNS server as their preferred DNS server.
OpenDNS is working perfectly on all the computers, but now I need to figure out how to unblock the manager.
I changed the preferred DNS on the manager’s computer and setup the router’s IP (the router is using DNS servers 8.8.8.8 and 8.8.4.4) he is now able to browse freely, but after a few days he’s not able to access the server, because the preferred DNS server is not longer the domain controller and the computer can’t resolve the server’s name or domain name, also if I check the forward lookup zone on the DC, the computer doesn’t register.
Any ideas on how to get this to work, setting up a secondary domain controller is not an option. I can’t have the manager loose connection to the server, and he needs to be able to browse freely.
With Active Directory, you MUST use the AD DNS servers otherwise what you describe is going to keep happening. If you’re blocking users using OpenDNS, I’m assuming you must have some type of paid subscription with them? If so, the solution is fairly straightforward - you can deploy their AD integration packages and install a couple of OpenDNS resolver virtual machines to handle outbound DNS. After you do this and the AD information is pushed to OpenDNS, you can actually set up policies based on the Active Directory username, computername, OU, etc.