Re: Internal DNS suffix same as external

Tech-Archive recommends: Fix windows errors by optimizing your registry

In news:1123599603.487443.174490@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
Joshua Gramlich <jggramlich@xxxxxxxxx> made this post, which I then
commented about below:
> Hello,
>
> My predecessor in this organization here set up the Windows domain in
> a not correct way.
>
> The external web server for the org is www.castle.com. The internal
> (I guess the "WINS" name) name of the windows domain is COCONUT which
> has a domain suffix set as castle.com.
>
> Sometimes, DNS doesn't seem to work quite correctly, and folks that
> are trying to reach internal servers are pointed to the external web
> server (hosted off site).
>
>
>
> In an ideal world, I would rebuild the entire windows domain and make
> sure the local domain was castle.local and the external was
> castle.com...but since we don't live in an ideal world, I was hoping
> to get some advice from the group as to my options.

COCONUT and castle.com are separate names. COCONUT is the NetBIOS name,
which will show up in the dropdown list when a client logs on (the legacy
NetBIOS name). However, they can also logon as username@xxxxxxxxxx (called
the UPN name) and the bottom domain list will gray out.

COCONUT has nothing to do with DNS registration.

However, your issues are due to the split namespace. For your folks to reach
the internal servers, simply create the www entry under your own internal
DNS zone called castle.com and provide the internal private IP. If you want
them to get to it via http//castle.com, that would require additonal
registry changes and administrative tasks on all DCs and is not worth the
hassle.

Just keep with your current setup, it's alot work to change the domain over,
and understand the differences explaining to the users as well.

Also, just a reminder, all machines must ONLY use the internal DNS server in
their IP properties. Configure a forwarder to efficiently resolve external
names.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================


.

Relevant Pages

  • Re: Cannot Resolve Names Outside Windows Domain
    ... What do you mean "nslookup does not work correctly when I leave the domain"? ... If you don't connect to the domain, which DNS you will use? ... nslookup works properly when I am logged into the windows domain: ... the domain server on the windows domain, the ip address, but the name is ...
    (microsoft.public.windowsxp.network_web)
  • Re: Radius Authentication
    ... Ive read before that there has to be a user on the local server with ... Radius server, ... Windows domain account (if the name contains spaces then refer to the ...
    (freebsd-questions)
  • Re: Sanity check - Exchagne DB limits
    ... All *standard Windows Domain tools* do allow you to select all options - the *SBS Wiards* may well not - these are designed to simplify configuration for admins with little experience. ... e.g. if you have difficulty adding a user without a wizard then adding a second server to a domain isn't something you would be doing in the first place. ... in that when you are creating a user, you do not get an option as to what Exchange server, or mailbox store to put the user's mailbox in. ...
    (microsoft.public.windows.server.sbs)
  • Re: help with domains
    ... please am a newbie to all this active directory and windows domain ... by your own admission a "newbie" to AD and domains. ... what we want to do is use a third server running ... do active directory stuff for each user, ...
    (microsoft.public.windows.server.active_directory)
  • Re: User can login with ANY password
    ... After changing the password on the NT Server, ... Microsoft Networks properties - and check the "Log on to Windows ... I noticed that if I checked the "Log on to Windows Domain" check ... >> map drives and stuff WITHOUT the proper NT credentials! ...
    (comp.os.ms-windows.nt.admin.security)