7 Replies

  • This thread seems to cover it https://social.technet.microsoft.com/Forums/azure/en-US/98b81225-0d05-46db-8991-6f61fed004ff/deliver...

    States that even though not visible in the registry the group ID is being used. Note that the GPO to enable group id (enable not set) needs to be in place along with the dhcp option.

    1 found this helpful thumb_up thumb_down
  • Thanks for this. I did see the thread but one of the MS support guys stated it could not be done via DHCP scopes so i stopped reading at that point (lesson learned)

    I would still like to know where the encrypted GroupID is stored, is it sored on the C:\ or is it a temp file? therefore,  i would also like to know if the GroupID will stick to the workstation after a reboot off the LAN.

    My worry is i have user A who is in Site A and he logs into the LAN in site A and gets the DOGroupID via DHCP 234. User A the goes to Site B which is set to not use DO. I need to know if GroupID will stick with the device, as i don't want User A pulling updates from other uses in Site A when he is located in Site B for that short time.

    If this is a temp file that is applied at DHCP then lost when the laptop is powered off then thats fine. If its a file stored somewhere on the device then i need to write a script that will remove the GOGroupID from the device when logged into Site B

    I hope this makes sense and would appreciate any information on my query.

    Was this post helpful? thumb_up thumb_down
  • Does the other location have a different IP Scope? Why not use GPO and Sites to configure the DO? Setup the other site in AD Sites and Services - giving the IP Ranges of both sites. Go into gpmc.msc and right click on Sites and choose Show Sites. Apply your GPO's for DO at the Site level.

    GPOs apply

    LocalGP > Site > Domain > OU

    So as long as there's no other policies that override the Site ones, they will be implemented.

    Was this post helpful? thumb_up thumb_down
  • I have around 90 subnets on my WAN in total. I also have a cloud based VPN (Azure) which almost all workstation devices will connect to at one point. 

    I was wanting to set groupID at DHCP level for each subnet so it reduces network utilization while i have a high number of laptops in any particular office.

    I don't want the groupID to stick to a workstation when it is on the VPN as the VPN has visibility to all my subnets.

    Am i going about this deployment in the correct way in your professional opinion?

    Was this post helpful? thumb_up thumb_down
  • I don't have the experience in this area, so I can't comment on that. DHCP scopes do sound like an option, if it works that way, but I can't comment.

    If the VPN is in a site that doesn't allow for DO (or explicitly disables DO), then GPO/Sites still would work.

    Was this post helpful? thumb_up thumb_down
  • OK, thanks for the information.

    Would you happen to know where the location of the GroupID is placed on a workstation after DHCP applies the GroupID ? And do you know if applying GroupID will stick to the device in a file location/config file (i cant see it in registry). If the DHCP scope provides an encrypted GUID in a temp file which committed to memory then this is good for me. If not i will need to learn where the file is so i can delete it when a workstation connects to my VPN.

    Was this post helpful? thumb_up thumb_down
  • I can offer you this


    1 found this helpful thumb_up thumb_down

Read these next...