Re: About DNS naming convention for Active Directory

Replied inline below...

In news:eOVo4gpaFHA.3328@xxxxxxxxxxxxxxxxxxxx,
Newbie <newbie@xxxxxxxxxxx> stated, and I replied below:

Below is the email I posted on windows.server.active_directory
newsgroup and someone suggested to re-post here as it's related to
DNS issues.
------------------------------------

Hi,

I've successfully upgraded a NT4 PDC to Windows 2003 Active Directory
running interm mode.  Clients can connect to AD no problem.  I
configured without setting up AD as DNS server.

How did you do that??????
AD REQUIRES DNS. That is how everything part of an AD domain finds the domain controllers and other AD services.


I have a few questions:

a) Is it necessary to use our Internet domain name as Domain Name for
Active Directory?  At the moment, I'm using something like:
corporate.companynamelocal.com for the first AD in the forest.  We do
have a public Internet domain name (i.e. companyname.com) but not
sure if this is necessary.  For the rest of the AD in the forest,
what naming convention should I use?  Most likely, we'll have one AD
per physical building.

No, not necessary to make it the same. This has been a long drawn out debate over the past 5 or more years, and frankly, it comes down to what you want to do. There are plus and minuses to both methods. I;ve installed them both ways. Using the same name, however, can add additional administrative tasks.

You can use a method such as calling the forest root company.com or company.corp, then a child domain, if you have a compelling reason to create child domains, such as separate administrative boundaries, security differences from your domain, etc, you can create them based on location or division, such as usa.company.corp, etc. Your imagination, or actually your businesss requirements will dictate the design.

Here's a design article explaining all of this:

Download details Windows Server 2003 Active Directory Branch Office Guide:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9353A4F6-A8A8-40BB-9FA7-3A95C9540112&displaylang=en

310996 - Active Directory Services and Windows 2000 or Windows Server 2003 Domains (Part 1):
http://support.microsoft.com/default.aspx?kbid=310996

310996 - Active Directory Services and Windows 2000 or Windows Server 2003 Domains (Part 2):
http://support.microsoft.com/default.aspx?kbid=3109967


b) I set up a brand new install of W2K3 server and ran DCPROMO, I
couldn't make the server to contact first AD.  I set up WINS on the
first AD and on the fresh W2K3, I added WINS address as well in the
LMHOST file, I have the DNS of the first AD.  From a DOS window, I
can ping first AD using DNS name.


AD Domains have NOTHING TO DO WITH NETBIOS NAMES (which is what WINS deals with). AD relies PURELY on DNS. NT4 was different...this is a totally different ballgame. All machines query DNS for domain service locations. They are in the form of SRV records (the ones that start with the underscores in front of their names, such as _msdcs, _sites, _udp, _tcp). If they are missing under your zone name, AD will malfunction.

If you are having problems, this is purely an incorrect DNS or client side configuration issue. Main things to keep in mind:

1. ALL machines in an AD domain MUST ONLY use the internal DNS server. You cannot use your ISP's DNS server in any IP configuration of your network cards or from DHCP. Only the internal server.,
2. You can configure a forwarder for efficient Internet resolution, if you like.


..
Here are some reading for you to do. I hope this will helpyou understand AD and DNS:

Win2000 and Win2003 AD and DNS FAQs:
http://support.microsoft.com/?id=291382

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
http://support.microsoft.com/default.aspx?scid=kb;EN-US;323380

Good luck!


Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
Infinite Diversities in Infinite Combinations.
================================= 

.

Relevant Pages

  • Re: Non-domain connection problem
    ... "Gregg Hill" wrote: ... You said that you "hard coded the DNS server to a known DNS on the ... Connect to Internet from external network ...
    (microsoft.public.windows.server.sbs)
  • Re: Added router, lost web site
    ... Did your ISP create a DNS record for your FQDN? ... > really have a direct connection. ... > Internet connection information: ... > Preferred DNS server: someisp DNS server address ...
    (microsoft.public.windows.server.sbs)
  • Re: Unix Bind and Windows DNS with Dynamic update issues!!!
    ... >> 2) All internal DNS clients NIC\IP properties must specify SOLELY ... >> we are running UNIX BIND as internal and external DNS server. ... > expose your sensitive internal information on the Internet. ... >> internal clients like Windows, Mac etc are pointing to UNIX BIND server to ...
    (microsoft.public.win2000.dns)
  • Re: Unix Bind and Windows DNS with Dynamic update issues!!!
    ... All internal DNS clients NIC\IP properties must specify SOLELY ... we are running UNIX BIND as internal and external DNS server. ... > for all but the largest (in terms of Internet presence) companies. ...
    (microsoft.public.win2000.dns)
  • Re: Unable to join my new XP pro wkstation to the Win 2K pro server domain.
    ... You must have an internal DNS zone for each AD domain that is ... maintained separately from the Internet versions of these zone (if ... You need an INTERNAL DNS server for the zones. ... Herb Martin> tia ...
    (microsoft.public.windows.server.networking)
Loading