Re: DNS Entries

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 11/05/04 

Date: Fri, 5 Nov 2004 18:02:36 -0500

In news:e6awwTzwEHA.3260@TK2MSFTNGP10.phx.gbl,
Adrian Marsh (NNTP) <marsh_removeme_@lucent.com> made a post then I
commented below
> I'm setting up a DC to work with a QIP DNS server, prior to moving a
> domain across to that DNS network. Dynamic DNS updates from the DC
> aren't an option, as our admin enfore strict update rules which
> prohibit it.
> At the moment my test server (netdiag -v output) reports the below DNS
> entries missing.
>
> My question is:
>
> If I enter these entries into QIP DNS as below, are there any others
> that the clients might need to be able to authenticate/login etc ? Or
> is this a complete list?
>
> For example, I'm sure I'd read somewhere that the SID of the domain
> was needed, eg :
>
> 7c5ecb37-e59f-406d-96d3-75f0fac16cba. SRV 0 0 389
>
> on its own, but its not complaining about that one in the list below.
>
> Second, how can I translate SIDs back to machine names in the AD
> Network. I'm curious to find out what the SID (2ef5f965...) is below.
>
> Adrian
>

This record:
2ef5f965-03c1-452b-9cd7-7d3d25eebad6._msdcs.uk-lab.lucent.com
Actually is not a SID, but rather the domain GUID. That is the identifier in
DNS and in the physical AD database identifying that domain. You can use
NTDSUtil to grab that data. As the record states, you can look under the
_msdcs zone in DNS to see that record. Each domain has one. To resolve it to
an IP, according to this output, it will look for this record in DNS under
the "uk-lab.lucent.com" zone:
(same as parent) Host 135.86.199.246

Now, according to this output, your AD DNS domain name is lucent.com or is
it "uk-lab.lucent.com"?? Which zone exists in DNS? What name are you using?

AD requires the SRV records, which get auto dynamically registered. If they
will NOT allow you to register, that is a tough one. You can provide them
the netlogon.dns file located in the system32\config folder, which has all
the records. You need to provide them this record from all DCs. 

-- 
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
-- 
=================================

Relevant Pages

  • Re: gdm and network-manager issues SOLVED
    ... up order is wrong How can I fix this? ... Once I start X and log on as my user I have no DNS service. ... Lenny using netinstaller then dist-upgraded to Sid. ...
    (Debian-User)
  • Re: Problems with giving the Domain Users group access to folders
    ... You certainly don't want to have computers with the same sid. ... Any fatal error is not good with netdiag. ... First thing to check is dns ... configuration in that domain controllers should point to the first domain controller ...
    (microsoft.public.win2000.security)
  • Re: DNS Entries
    ... > I'm setting up a DC to work with a QIP DNS server, ... > domain across to that DNS network. ... > If I enter these entries into QIP DNS as below, ... I'm curious to find out what the SID is below. ...
    (microsoft.public.win2000.advanced_server)
  • Re: Error Message About Domain Controller
    ... spoke to a network engineer last night and he basically told me the same ... > vanilla windows nor SBS). ... > alphanumeric sequence is created, this is the domain SID. ... I didn't have the DNS Pointing to the ...
    (microsoft.public.windows.server.sbs)
  • Re: Win NT to 2003 migration
    ... > should have checked the server's NIC card card DNS ... > subdomains, once installed and the server promoted to AD, ... > profile. ... you migrate the account SID the profiles will be migrated to the new domain. ...
    (microsoft.public.windows.server.dns)