Re: new DC created
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Tue, 27 Mar 2007 07:54:05 -0500
Inline
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Linda Marie" <2lm@xxxxxxxxxxx> wrote in message
news:uztc8sEcHHA.264@xxxxxxxxxxxxxxxxxxxxxxx
The new IT boss had us create a new backup domain controller. The machine
is only to be used if your existign domain controller fails (it has
problems so it is very possible) - he told us to give it a different
domain name - don't ask me why - we tried to talk him out of this with no
success. He choose a domain name without checking whois - it turns out the
name is registered to another company. He had me create all the user
accounts on this new DC - it has not yet had AD installed it is the first
DC in the forest.
So if the current DC goes we are to connect this to the Internet and use
it - I know we will have to join all the computers to a workgroup and then
join this new domain.
Your boss needs to manage the day to day affairs of the business and you
need to read up on AD and then explain to your boss why this is a convoluted
mess. With AD you have built in fault tolerance by bringing up multiple
Dc's in the same domain, the clients are intelligent enough to find a
working DC if one of the multiple dc's in your domain fails. If a dc fails
there is absolutely nothing you have to do to the domain to keep things
working, other than get the dc that failed back up and running.
I am concerned about how this will work - or fail to work.
Besides the fact the other company may sue us (we are not associated with
then in any way.
Another compant can't sue you if you use a domain name that is already in
use, but then no one on the internet will be able to gain access to any
resources your company might have since you can createA records for dns so
others out there can find your domain presence. This is a really bad idea
and is just waiting for all kinds of internal issues if you use this name
and someone ends up entering this domain name as part of a browser access.
Your internal machines will never be able to reach this other address since
the internal dns servers see the same domain name and won't forward to
external dns servers.
Will we even be able to install AD on this machine? When it goes to the
Internet during the process will it fail because the name is already in
use?
Sure, AD doesn't care what you name it. DNS is where you are going to have
issues.
Example - if he had decided to name it microsoft.com - would AD install
work - or becuase microsoft.com is known on the Internet would it fail?
What other types of problems are we likely to run across? I have never
installed a DC without using the correct name before and am having trouble
figuring our what might happen.
Our mail would be OK - it is hosted off site.
I would like to start all over with this machine and build it the correct
way - any good reasons to do this are wlecome. So far we have had no luck
trying to explain any of this to him, so MS articles etc. would also help.
The problem (Like I said earlier) is you have to read up on this so you can
explain in detail, he is the boss and it sounds like you have a slight bit
more of knowledge than he does and he doesn't want to accept any of your
input.
Thanks
Linda Marie
.
- Follow-Ups:
- Re: new DC created
- From: Linda Marie
- Re: new DC created
- References:
- new DC created
- From: Linda Marie
- new DC created
- Prev by Date: Re: IMPACT of (Delegation Control of Group Policy) on Active Direc
- Next by Date: Re: AD
- Previous by thread: new DC created
- Next by thread: Re: new DC created
- Index(es):
Relevant Pages
|
