Is logon-clientIP address information available in AD ?

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We have Websense proxy in my organization and I understand such software
need to get the client IP address info in order to allow/deny access to the
network.

My question is this, if a client logs on on a remote site (replication to
MainOffice occurs every 1 hour), when and how is the "client IP address"
information stored in Ad ? If such client IP address upon logon is stored in
AD, is that replicated to other DC's ?

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

It isn't. AD doesn't maintain that info.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Marlon Brown wrote:
> We have Websense proxy in my organization and I understand such software
> need to get the client IP address info in order to allow/deny access to the
> network.
>
> My question is this, if a client logs on on a remote site (replication to
> MainOffice occurs every 1 hour), when and how is the "client IP address"
> information stored in Ad ? If such client IP address upon logon is stored in
> AD, is that replicated to other DC's ?
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

every TCP/IP connection requires a proper IP address and such applications
can easily retrieve the info you mentioned. This works regardless of static /
fix or dynamic IP on the client, as well as location.


"Marlon Brown" wrote:

> We have Websense proxy in my organization and I understand such software
> need to get the client IP address info in order to allow/deny access to the
> network.
>
> My question is this, if a client logs on on a remote site (replication to
> MainOffice occurs every 1 hour), when and how is the "client IP address"
> information stored in Ad ? If such client IP address upon logon is stored in
> AD, is that replicated to other DC's ?
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi, Marlon,

The newest version of Websense (v5.5) will adequately use rules based upon
NT and AD groups or individual user names to allow/deny access to policies -
you don't need machine IP addresses any more.

Simply set up a security group and use the Websense console to link a policy
to this group.

If you need to allow/deny access from, say, a Cybercafé machine or kiosk
machine, assign it a static IP address (or reserve one on your DHCP server)
and use that.

As per the other replies previous to this one, AD does not store IP
addresses (unless you're referring to AD-integrated DNS zones holding the
name to IP address mapping).

Regards,
Dave

"Marlon Brown" <marlon_brownj@hotmail.com> wrote in message
news:%23$hVFGN4EHA.4072@TK2MSFTNGP10.phx.gbl...
> We have Websense proxy in my organization and I understand such software
> need to get the client IP address info in order to allow/deny access to
> the network.
>
> My question is this, if a client logs on on a remote site (replication to
> MainOffice occurs every 1 hour), when and how is the "client IP address"
> information stored in Ad ? If such client IP address upon logon is stored
> in AD, is that replicated to other DC's ?
>