Re: Advice on deleting DNS and starting new in a forest
- From: Jackedup <Jackedup@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Dec 2006 07:49:00 -0800
Yes I have delegation. I don't want to start a new forest just want to
correct DNS so that the clients in my branches domain authenticate to the DC
in there site.
"Herb Martin" wrote:
"Jackedup" <Jackedup@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:0B673931-73DA-4A83-886C-59D231197F70@xxxxxxxxxxxxxxxx
Here is our situation we have a forest with a root and 2 child domains we
are
basically set up just like the Branch Office Deployment Guide with the
exception of the way DNS is set up. Our root has 2 DC's and the zone is
setup
as Active Directory Integrated in the domain and has a forwarder for our
ISA
server and set to not use recursion for this domain.
I would never consider "starting a new forest" due to
any sort of DNS deployment problems -- that would be
foolish in every case I can imagine.
Do you have delegation to the child domain/zones (or
some other method for the root to resolve the branches)?
In the Data Center we
have 2 DC's and it is Active Directory Integrated in the forest it has
forwarders for the root domain and branches domain it is also set to not
use
recursion for this domain.
Are you talkiing here about conditional forwarding
to specific domain/zone names?
The branches domain is Active Directory Integrated
in the forest
Then why do you need to conditional forward for Branch
domain DNS if it is Forest-Wide Integrated?
we have at least 70 DC's with 68 sites 2 of the DC's reside in
the Data Center it is also set to not use recursion and has forwarders for
the Data Center and Root domain. Also there are reverse lookups setup for
each subnet for all the sites which do not update records correctly. We do
have sites setup with the subnets and all of our DC's at our branches
domain
are in the respective site.
Your Sites must include ALL Subnets not just those
"of [your] DCs". Client Site must be identifiable too.
Our main problem is this our clients in our branches domain will
authenticate to DC's anywhere in the network and not necessarily the one
in
there site this causes slowdown during logon.
Sounds (from this and above) like you have only defined
SOME of the subnets for each site when you must define
every subnet used by either DC or clients.
Also when an account gets
locked out it is always hard to find which DC shows that they have been
locked out in order to unlock the user. After reading the Branch Office
Deployment guide I have found out that none of the settings discussed were
implemented such as disabling automated site coverage, site link
transitivity
and the group policy settings including others.
What does "automated site coverage" mean?
The default "site link transitivity" should usually
be left alone unless you have specific situations
which indicate the need for disabling (or custom)
"Site Link Bridge-Grouping"
What others?
From reading this I
understand that all those settings are supposed to help with the client
authenticating to DC's in there own sites.
Usually the defaults work just fine.
My question is this what would be the best way to clean this up so that it
can be setup directly
What do you mean by "directly"? As opposed to what?
and am I right in following the branch office
deployment guide? Any help or suggestions would be appreciated.
Sounds like your Site "subnet definitions" are messed up.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
- References:
- Re: Advice on deleting DNS and starting new in a forest
- From: Herb Martin
- Re: Advice on deleting DNS and starting new in a forest
- Prev by Date: Re: DNS Management Win2k3
- Next by Date: Re: Advice on deleting DNS and starting new in a forest
- Previous by thread: Re: Advice on deleting DNS and starting new in a forest
- Next by thread: Re: Advice on deleting DNS and starting new in a forest
- Index(es):
Relevant Pages
|
