Re: best dns config for new tree in forest


"Eric Darby" <eric@xxxxxxxxxxx> wrote in message
news:%23A5wBhLuHHA.768@xxxxxxxxxxxxxxxxxxxxxxx
because all of the other domains are child domains of the forest root. I
want to start a new tree to make sure the policies and permissions are all
clean.

Policies can be reset with DCGPOfix.exe

Having to manage all the permissions and owership on existing
resources will be much uglier than just reseting permissions.


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:ewEa2xFuHHA.576@xxxxxxxxxxxxxxxxxxxxxxx

"Eric Darby" <eric@xxxxxxxxxxx> wrote in message
news:%23BcT9iDuHHA.3640@xxxxxxxxxxxxxxxxxxxxxxx
i am in the process of flattening my domain and have created a new domain
tree to migrate all of my child domains into.

Why not just migrated into ONE of the existing domains?

On the new Domain what is the best way to configure the AD Integrated
DNS?

On the new domain? Is it in a new forest? (IF NOT you cannot get
rid of all the old domains anyway.)

If it is in a new forest there is only ONE way to setup AD Integrated DNS
that really makes much sense with 2003, and literally only one choice if
you have 2000 DNS-DCs.

Use either All DNS-DCs in the Domain, or use ALL DCs (if you have
2000 DCs).

If you have more than one Domain in that forest (or it's in the current
forest with the other domains) then you could theoretically use All
DNS-DCs
in Forest.

This is not the key design problem.


I need to see the forest root and child domains of the old tree while
making the transition.

The key problem is having a way for the new domain to find (all of) the
old domains, and a way for the old domains to find the new one which
being in a new tree implies they cannot use the same rooted hierarchy
and you will either have to hold "cross secondaries" or "cross stubs"
for the OTHER Trees -- or you can use Conditional Forwarding on
each side.


Should I have replication to All DNS servers in the AD forest?

That works if the new domain is in the same forest -- but then you
will always have at least one of the current domains (cannot remove
it) plus the new domain.

The forest root domain is going to remain and it is currently set to
replicate to All DNS servers in the AD forest.

If you do it this way you have more efficient replication in most cases.

If your domains are small it will practically always be a good choice.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)





.

Relevant Pages

  • Re: Newbie questions about pruning privet hedge
    ... I make decisions based on tree biology when possible regarding forest health ... I understand that you have a background in wood products, ...
    (rec.gardens)
  • logging comment
    ... environmental disgrace; it had a huge, huge economic impact,". ... Beware of so-called forest experts who do not understand of tree ... biology. ...
    (rec.gardens)
  • Re: Landscaping Shrubs: Spruce Up Your Yard
    ... What's important is that tree biology is considered when making decisions on ... the studies drifted toward wood ... In 1907 the lab was discontinued and the Forest Products ...
    (rec.gardens)
  • Re: AD Forest Split Procedure
    ... Exchange data was exported, Exchange ... Two business originally one owner, one domain, one forest. ... cleanup; about a two or three days each. ... one DC from the other tree and of course DC's ...
    (microsoft.public.windows.server.migration)
  • Re: Global Catalog Server in Windows Server 2003
    ... Would the GCS in turn ... there is no tree above. ... > I realize that password policies do not replicate because they are not ... > dc2.contoso.com that create a forest: ...
    (microsoft.public.windows.server.active_directory)