Re: DNS - Urgent Help
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/27/05
- Previous message: Jorge_de_Almeida_Pinto: "Re: Re: Re: Re: Re: SCECLI 1202 Events with an error code 0x5"
- Next in thread: Roger Abell: "Re: DNS - Urgent Help"
- Maybe reply: Roger Abell: "Re: DNS - Urgent Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 26 Jun 2005 23:19:25 -0500
Seeing your number of users/computers if you could create a single domain
then it would be much easier to configure everything and you would need less
domain controllers. In Windows 2000/2003 you can use Organizational Units to
effectively manage users and computers and you could name OU's with the
names that you are planning to use for domains. There of course can be
business and political reasons for using separate domains such as the need
for different password policy. Domains in a forest however should not be
considered security boundaries as that would require separate forests.
Separate forests can still have external trusts between them to domains in
the forests or forest trusts can be configured for forests that are at
Windows 2003 functional level.
As for dns. Since this is a Windows 2000 newsgroup I would assume that your
domains are Windows 2000. Windows 2003 domains are much more flexible in the
configuration with conditional forwarding, stub zones, and dns partition
replication that can be forest wide. For Windows 2000 [and Windows 2003] you
can use secondary dns zones to help with name resolution for other domains
in the forest. For instance you could have all your domain controllers
contain Active Directory integrated dns zones for their domain and then
contain secondary dns zones for the other domains. That would insure that
each domain could resolve dns names for all domains in the forest. The
domain controllers for each domain would then be the preferred dns servers
for all computers in the domain including the domain controllers. Initially
you would need to configure the first domain controller in a new tree domain
to point to a domain controller in the root domain as you have found out.
If you do use secondary dns servers be sure to configure dns zone transfers
to be allowed to only to authorized dns servers and not "any". The link
below may help. --- Steve
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/optimize/c19w2kad.mspx
"Medo_in_Egypt" <MedoinEgypt@discussions.microsoft.com> wrote in message
news:D1F5528B-71A2-4D53-BF15-BD31BF14CA79@microsoft.com...
> Dear All,
>
> We are Planing to Have One Forest, with Multiple Domains Trees as the
> following :-
>
> 1. KTC.COM
> 2. MUX.COM
> 3. TRU.COM
> 4. LON-UK.COM
>
> and Each one of the abouve Domain have 25 users as the following :-
> 1. KTC.COM ( Have 25 Users ).
> 2. MUX.COM ( Have 25 Users).
> 3. TRU.COM ( Have 25 Users).
> 4. LON-UK.COM ( have 25 Users ).
>
> So the Total Users will be 100 Users.
>
> i am going to install KTC.COM as the Forest Root Domain, & Install DNS
> server on one Machine and configure one Forward Zone with name of the
> Forest
> Root Doamin which is ( KTC.COM) and this DNS server is the Root ( .) .
>
> and i found that its Working and the Forest Root is Working and the Domain
> Controller is Able to communicate with the Default DNS.
>
> All of 100 users in the Same Network with this IP-Address Schema (
> 192.168.1.X ) / 24.
>
> Now, i want to install the Domain ( MUX.COM) as New Domain Tree in the
> exsisting Forest to share the same Exchange Box.
>
> so what i did is :-
>
> 1. Bring New Server.
> 2.Install Windows Advanced Server 2000 Enterprise edition.
> 3.Put this IP-Address 192.168.1.20 & the DNS For this server will be the
> Same which is 192.168.1.20.
> 4. Install the DNS on that Machine.
> 5.Run this Command ( DCPROMO).
>
> Here is the Problem, i found that , while i am trying to install the
> domain,
> its display error message which is ( The Domain Controller for Domain
> KTC.COM, is Not available ).
>
> so when i face this situation, i said to my self, this is because the
> Domain
> ( MUX) is unable to find the DNS and then unable to find the Domain
> Controller for KTC.
>
> ( Because the Role is , the Active Directory Clients - WinXP-PRO, Win
> Server, Win2000 Pro, Win98 ...ETC, should first ASK there DNS server to
> Get
> from him the Specifc Resource Recourd , and in this Case i was installed
> DNS
> on This Machine and i made it as Root , which is Wronge ).
>
> So what i did is :-
> 1.uninstall the DNS server from the Domain ( MUX.COM )
> 2.Create Forward Lookup Zone with this Name ( MUX.COM).
> 3. Configure the Server to register him self in the DNS of the Domain
> KTC.COM ( By Changing the IP-Address of the Preferd DNS server, to be the
> DNS
> server of the Domain KTC.COM , instead of MUX.COM ).
> 4. Run again the DCPROMO Command .
>
> then i found that its working Perfect. without any problem and the Trust
> Relation ship is created automatically and the Users in Both Domains are
> able
> to access each other .
>
> =====================================================
>
> My Questions is :-
>
> 1. Can the DNS Host Multiple Domains like My Situation , or Not ?
>
> 2. is there any Problems i will face it in the Future from this Design ,
> with One DNS Server and hosted Multiple Domains on it , and the clients
> for
> MUX , will recorde them self only in MUX.COM Forward Lookup Zone, and the
> users of KTC.COM, will register them self in the KTC.COM Forward Lookup
> Zone.
> , do you excepect any Problems in the Future ?
> =====================================================
> I tested it from The Clients which is they are register them self in The
> Forward Lookup Zone of the domain KTC.COM, by using the command NSLOOKUP,
> and
> i found that they are able to commnuicate with the DNS server & can see
> each
> other in this Forward Lookup Zone only with the name of the Domain (
> KTC.COM
> ), while they are unable to see any Resource for the domain ( MUX.COM ) at
> all, and the same situation for MUX.COM, they are able only to see the
> Resouce in the Domain MUX.COM only and unable to see the Resource in
> KTC.COM.
>
> so do you think i am correct , or not ? Please Help ?
>
>
- Previous message: Jorge_de_Almeida_Pinto: "Re: Re: Re: Re: Re: SCECLI 1202 Events with an error code 0x5"
- Next in thread: Roger Abell: "Re: DNS - Urgent Help"
- Maybe reply: Roger Abell: "Re: DNS - Urgent Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
