>Hi Guys,
>
>Just want to aks if this is posible.
>
>I have setup Win2k3 Active Directory and enabled DHCP and makes this box as the Domain Controller. My problem is we have some other groups within the network that are not belong to this domain but since the DHCP server is present on my server whenever they obtain IP my Server gives them IP and eventually give them access to the internet.
>
>My question is is it posible to not allow the DHCP server to give IP Addresses until the certain machine/user login first to the Domain??

No, it is not possible. The workstation must connect to the network (i.e. be given an IP address) before it can log in to the domain.

If you want to limit Internet access you can do something like this:

- assign fixed IP addresses to those w/s not members of your domain, so they don't even try to get an IP address via DHCP. Keep these fixed addresses in a range e.g. 192.168.1.50 to 192.168.0.75
- limit the scope of your DHCP to just the number of machines that should be getting an IP from your DHCP server. For example, if you have 20 machines on your network and only 10 should get an IP via DHCP, set your DHCP scope to (for example) 192.168.100 to 192.168.0.109. That way, once all 10 of your machines are booted up there are no more IPs available via DHCP for anyone else. If a fixed IP user tries to set their machine to "get an IP automatically" they won't get one because one is not available. If they get one while one of your machines is switched off, your machine won't be able to get on which will alert you to a hack attempt.
- configure your router so the fixed IPs don't have Internet access. You may still want to allow them access for e-mail. Consult with your network admin on how to do this in your environment

It's probably better to use fixed IPs for everyone if you want to limit access but depending on the size of your environment the mix of fixed & DHCP as outlined above may work for you.