Re: new DC created

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:%23rexB8GcHHA.4832@xxxxxxxxxxxxxxxxxxxxxxx
Inline

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Linda Marie" <2lm@xxxxxxxxxxx> wrote in message
news:uztc8sEcHHA.264@xxxxxxxxxxxxxxxxxxxxxxx
The new IT boss had us create a new backup domain controller. The machine
is only to be used if your existign domain controller fails (it has
problems so it is very possible) - he told us to give it a different
domain name - don't ask me why - we tried to talk him out of this with no
success. He choose a domain name without checking whois - it turns out
the name is registered to another company. He had me create all the user
accounts on this new DC - it has not yet had AD installed it is the first
DC in the forest.
So if the current DC goes we are to connect this to the Internet and use
it - I know we will have to join all the computers to a workgroup and
then join this new domain.

Your boss needs to manage the day to day affairs of the business and you
need to read up on AD and then explain to your boss why this is a
convoluted mess. With AD you have built in fault tolerance by bringing up
multiple Dc's in the same domain, the clients are intelligent enough to
find a working DC if one of the multiple dc's in your domain fails. If a
dc fails there is absolutely nothing you have to do to the domain to keep
things working, other than get the dc that failed back up and running.

I am concerned about how this will work - or fail to work.
Besides the fact the other company may sue us (we are not associated with
then in any way.

Another compant can't sue you if you use a domain name that is already in
use, but then no one on the internet will be able to gain access to any
resources your company might have since you can createA records for dns so
others out there can find your domain presence. This is a really bad idea
and is just waiting for all kinds of internal issues if you use this name
and someone ends up entering this domain name as part of a browser access.
Your internal machines will never be able to reach this other address
since the internal dns servers see the same domain name and won't forward
to external dns servers.

Will we even be able to install AD on this machine? When it goes to the
Internet during the process will it fail because the name is already in
use?

Sure, AD doesn't care what you name it. DNS is where you are going to
have issues.

Example - if he had decided to name it microsoft.com - would AD install
work - or becuase microsoft.com is known on the Internet would it fail?

What other types of problems are we likely to run across? I have never
installed a DC without using the correct name before and am having
trouble figuring our what might happen.
Our mail would be OK - it is hosted off site.


I would like to start all over with this machine and build it the correct
way - any good reasons to do this are wlecome. So far we have had no luck
trying to explain any of this to him, so MS articles etc. would also
help.

The problem (Like I said earlier) is you have to read up on this so you
can explain in detail, he is the boss and it sounds like you have a slight
bit more of knowledge than he does and he doesn't want to accept any of
your input.

Thanks
Linda Marie




I understand AD - and DNS - that is why I was against this - I cannot say
any more if I want to keep my job.
I was hoping for a great reason to reformat and re-install this new spare
DC.
I have been searching the Internet for one.
So it seems there is not one.
This new machine is not part of our domain. No users log on to it. I created
the users - no AD - no synchronizing with our current domain controller.
It is to be used only if our current machine fails.
Stupid - isn't it?
Why he did not make it part of the current domain is a long story I won't
bother you with.
As I said I was hoping someone would tell me it would not dcpromote.
Hw won't let me use OU's either - everyone under users and added to security
groups. Sigh
Thanks anyway for the responses.

Linda Marie


.

Relevant Pages

  • Re: i can ping my dns server but have no internet access
    ... >(would connect to isp but could not surf the internet). ... >ping the gateway and dns server but can not ping www.microsoft.com. ... If the first succeeds and the second fails, ... Please post any reply as a follow-up message in the news group ...
    (microsoft.public.windowsxp.network_web)
  • Re: new DC created
    ... So if the current DC goes we are to connect this to the Internet and use ... Your boss needs to manage the day to day affairs of the business and you ... working DC if one of the multiple dc's in your domain fails. ... the internal dns servers see the same domain name and won't forward to ...
    (microsoft.public.windows.server.active_directory)
  • Re: New User Wizard Fails
    ... and it gets through most of it and then fails. ... On his local machine established users can sign in and access the internet, ... >> login to the workstation and access internet resources but not access the ...
    (microsoft.public.windows.server.sbs)
  • Windows update fails, freezes, fails to logon on hotmail, fails to send mail from outlook express, w
    ... if you cannot update using windows XP update service, Internet ... Explorer freezes during update on 0% or 33% or 66%, ... Hotmail logon fails. ...
    (microsoft.public.windowsxp.general)
  • Re: Windows cannot find the network path error message in GPMC
    ... Preferred DNS server. ... bar of the Network Connections window, ... sure you have Forwarders to your ISP DNS servers Enabled. ... preventing access to this computer from the Internet" is Not checked on this ...
    (microsoft.public.windows.group_policy)