Re: ad and dns setup

Parent Child config.

2 Dcs per domain for a total of 6 Dcs


"Jorge Silva" wrote:

Is this a parent child configuration or 2 tree root domains?
How many DCs for each domain?



--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"PDIDY" <PDIDY@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:96DA105E-2A5B-49D7-907B-DADB70ABDDAE@xxxxxxxxxxxxxxxx
before i start this just a couple of things:
I have 6 dcs and all have dns, so I do this on each server or only 1 in
each
domain, since it is ad intergrated, and once i create the sites in ad
sites
and services should i delete the old ones as it might conflict with the
new
ones..and one more thing if i need to do this on all the servers it it
better
to change the config on all servers first and then reboot 1 at a time or
do
the root first followed by the children

"Jorge Silva" wrote:

- Make sure that DNS service is installed.
- Make sure that the DC1 points to itself on Preferred DNS NIC
properties.
- Make Sure that you've DNS Zone for your domain and the _msdcs zone
created, and these zones should be ADI (Active Directory Integrated), and
allow Secure updates (better from security prespective).
- Make sure that AD Sites and Services have the correct subnet(s)
assigned.
- Mark Server as GCs in Active Directory Sites and Services.

- Delete everything INSIDE the _msdcs zone and forward lookupZone for
your
domain.
- Delete the files netlogon.dnb and netlogon.dns from
%systemroot%\system32\config.
- Run From cmd
ipconfig /registerdns
- Restart the netlogon service and confirm the creation of the
netlogon.dnb
and netlogon.dns Files in System32.
- Run from cmd
netdiag /fix
- Confirm the creation of the records on DNS server.
- You can do a reboot check evrything Ok (1 at the time).


-Run dcdiag and netdiag.


--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"PDIDY" <PDIDY@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5F241E62-7A3C-4FBC-A7B9-93460F5BEF8A@xxxxxxxxxxxxxxxx
Jorge,

Sorry for the little information. I took an exsiting functioning AD
strcuture from VMware and copied it over. So there was no need to seize
any
of the roles,even though server 1 in a.com has all the roles.
All I want to do is change networks and bring the test env. back up
with
new
IP address..The only things killing me is DNS..:(

Thanks,

Paul

"Jorge Silva" wrote:

Hi
(assuming that your test server is NOT going to be connected again to
the
production environment)
Can you explain how did you removed the setup from a different
network?
Did you removed references to existing DCs in the Real environment?
Did
you
Seize the roles? Did you run dcdiag and netdiag after that?



--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"PDIDY" <PDIDY@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:13E0327D-A09A-4EEA-8530-07B9472417D4@xxxxxxxxxxxxxxxx
okay here is my setup.....

I have a test env. with forest a.com and 2 domains within, b.a.com
and
c.a.com.(all win2003)
I have pulled this setup from a different network and want to
configure
it
on a different network.
I have three ad sites and all the ou's and gpo's are setup. I am
not
worried about names conflicting as this will be on an isolated
network
but
would like to keep all the ad stuff intact.
I tried to change the ip setup on all these servers and restarted
dns
and
the netlogon service. i did a dnsflush and dns register and i am
still
not
able to have dns work correctly. all the dcs(6 in all, are dns
servers
and
there are 2 servers per site)....i am getting alot of kdc errors and
frs
errors as well as nslookup doesn't come back with the right server.
my
question besides what am i missing is, do i need to change the ns in
dns
on
all machines, and should i get rid of all old ips in dns and replace
with
new
ones...also i created new ad sites with the new ip addresses and
assigned
servers to those sites and deleted the old ones.. i rebooted one of
the
a.com
servers and now i can't even log in...i guess my question is when
changing
over to a new network with an exsiting ad and dns, how can i achive
no
pain
in doing this?









.

Relevant Pages

  • Re: ad and dns setup
    ... "Jorge Silva" wrote: ... domain It gave me 2 errors, no dns servers have dns records for this dc ... error no logon servers.. ... Make sure that the _msdcs zone exists and the scope is set ...
    (microsoft.public.windows.server.active_directory)
  • Re: ad and dns setup
    ... MCSE, MVP Directory Services ... domain It gave me 2 errors, no dns servers have dns records for this dc ... error no logon servers.. ... "Jorge Silva" wrote: ...
    (microsoft.public.windows.server.active_directory)
  • Re: build now, join later
    ... admin rights in a child domain. ... instance configure DNS for failover, ... requires more than two dozen servers, ... them to create the child domain and their DCs with it, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Default SOA and NS records with Windows 2000 AD Integrated DNS
    ... Just for AD integrated zones? ... Are these DCs your domain controllers for your internal ... We already had DNS ... servers setup for AD I'm sure it just made sense at the time to ...
    (microsoft.public.windows.server.dns)
  • Re: Very Critical issue
    ... the clients are configured to go to local Domain Controller for DNS query. ... created secondary zone for b.com in the root server of a.com and vise versa. ... As we are migrating all the users first, the file and other servers are ... "Jorge Silva" wrote: ...
    (microsoft.public.windows.server.active_directory)