Re: W2K3 AD Configuration Question

From: Richard Young (Young_at_discussions.microsoft.com)
Date: 12/19/04 

Date: Sun, 19 Dec 2004 08:05:02 -0800

Miha, thank you the informaiton you provided was very helpful. One question:
If the preferred DNS record points back to the DC on the internal network,
and the DC points to the ISP's DNS server, as the preferred server, will this
confuse the system on the internal network in any way? (I've made the changes
that you recommended, all except for the last, and the system is functioning.
 The log-in time has not changed - it takes about minute or so for clients to
log-into the domain.)

"Miha Pihler" wrote:

> Hi Richard,
>
> In Active Directory domain clients use DNS to find domain controllers. For
> this they uses special records called resource records that can not be found
> in your ISP's DNS server. These resource records tell the clients which
> server is global catalog (among other information that clients might need).
> So one of your servers (e.g. Active Directory server) will have to be DNS
> server for your active directory domain.
>
> You can continue to use your firewall NAT device as DHCP server. You will
> just have to reconfigure it to give out your active directory DNS for
> preferred DNS.
>
> Note: Clients and all servers (including domain controllers) that are
> members of domain must point to your internal DNS server if you want your
> domain to function properly.
>
> After you change this on your network, configure your DNS server (probably
> your AD server) to forward unknown requests to your ISP.
>
> ..net name is OK as long as this name is not already in use on the internet.
> If it is, your clients will have very hard time comunicating or browsing
> their web site.
>
> Feel free to post back if you have any additional questions.
>
> Mike
>
> "Richard" <Richard@discussions.microsoft.com> wrote in message
> news:96586BDD-817F-42A9-A0B2-6A27C91A5F57@microsoft.com...
> > I'm setting up a small lan (less than fifeteen machines including a single
> > W2K3 server), I am experiencing some odd behavior with the configuration
> > and
> > I am seeking advices/pointers to correct the problem. The configuration
> > is
> > as followings:
> >
> > Cable Modem connected a standalone Firewall/NAT server which in turn is
> > connected to a 10/100 Mbps Switch. (The Firewall/NAT server also acts as
> > the
> > DHCP server for the network.)
> >
> > W2K3 is running AD but is not configured as the DHCP or DNS server; these
> > functions are handled externally by the ISP and internally by the
> > Firewall/NAT server. When a setup the W2k3 domain i used the Management
> > Wizards. When requested to enter a domain name I entered a name with the
> > *.net suffix, question: Should I have used the *.local suffix instead, as
> > this system (network) will not be registered on the Internet? The network
> > is
> > meant for private use only but access from the nine or so clients on this
> > private network will need access to the Internet.
> >
> > One of the problems that I continue to see is that from time-to-time the
> > client systems cannot locate and be authicated by the DC. When this
> > happens
> > I have to logoff of the client, which complains that it cannot save user
> > profile information nor can it sync the users My Documents folder which is
> > stored on the DC. In addition, connectivity to all fileshares located on
> > the
> > DC are lost as well. Once the user logs off and then re-logs into the
> > server
> > everything is fine...at least until the problem repeats itself. Any
> > suggestions for resolving this issue? Connectivity to the Internet is not
> > lost when the authenication problem with the DC occurs. A user, from any
> > system, can surf the Web without interruption.
>
>
>

Relevant Pages

  • Re: Active Directory setup
    ... > Now configure your DNS server on your active directory so that the clients ... > will be able to resolve computers on the internet. ... Open DNS MMC on your ... > server and right click the server's name in MMC. ...
    (microsoft.public.windows.server.setup)
  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA Server Problems, please help
    ... > clients are unaffected, is it secureNAT clients which are affected? ... then checked Send the original host header to the publishing server instead ... > provided unrestricted internet access. ...
    (microsoft.public.windows.server.sbs)
  • Re: can ping but not see websites from clients
    ... servers and workstations have to know/use the internal DNS ... Not only the server. ... and one site to the internet, that you can only see in the router itself. ... Because your clients have to reach the domain resources, ...
    (microsoft.public.windows.server.general)