Hello,

Here is my environment.
Single NT 4 domain, 2 BDC's, 2 physical locations with 100Mb/s link
650 PC's all statically assigned IP addresses (DHCP not an option)
DNS is running BIND 9.x

We have tested upgrading a domain to AD in this scenario and the DNS test
portion of AD passed. Is there any "gotchas" or preferred methods to upgrade
to Active Directory given the above information before I proceed with going
live?

Thanks,
Ed

since all of your 650 clients have static IP's and are all pointing to
your current PDC's and/or BDC's, you will have to point them to the new
DNS, WINS servers in AD.

utalize DHCP once you migrate.

also make sure you have a ready to go BDC that you can promote back up
to PDC for disaster recovery in the event you have to roll back.


Rich

I am in the process of upgrading from an NT 4 domain to Windows 2003 AD as
well. Also, I have BIND servers along with Windows DNS servers. I just
recently brought our Windows 2003 domain controller in production. If all of
your PC's truly require static IP addresses, then it is not necessary to
bring a DHCP server into the mix. If you have computers where DHCP could be
used, then I would add a DHCP server to your network. It is not difficult to
configure a DHCP server, as long as you have a server to install it. If the
zone transfers are setup properly between the BIND and Windows DNS servers,
then it won't matter if you have your computers DNS configuration looking at
the BIND or Windows DNS servers. I am running a mix of BIND and Microsoft
DNS servers right now. Eventually, we will eliminate the BIND servers.

Correct there is no need for DHCP if everyone is configured with static
ips. My point suggesting DHCP would be to easily manage the network
computers.

>From the sound of the original post I got the impression he was
migrating from NT - 2003 server so therefore once the NT domain is no
longer up, hence the migration, all the static IP addresses assigned on
the network would have to point to the new dns and wins servers for
authentication and resolution.

Rich

The issue is all of our PC's are currently pointing to the BIND Servers and
DHCP is not an option. so with that said, is there a problem with using BIND
as the DNS for Active Directory?

"RC" wrote:

> Correct there is no need for DHCP if everyone is configured with static
> ips. My point suggesting DHCP would be to easily manage the network
> computers.
>
> >From the sound of the original post I got the impression he was
> migrating from NT - 2003 server so therefore once the NT domain is no
> longer up, hence the migration, all the static IP addresses assigned on
> the network would have to point to the new dns and wins servers for
> authentication and resolution.
>
> Rich
>
>

No there shouldnt be any problems. As long as the DNS servers (bind
servers) that the clients are pointing to now are still available after
the migration.

just allow zone transfers on the zones.

Rich

I would agree with RC that you should not have any problems with using the
BIND servers for DNS.

Ed wrote:
> The issue is all of our PC's are currently pointing to the BIND
> Servers and DHCP is not an option. so with that said, is there a
> problem with using BIND as the DNS for Active Directory?

You can continue to use the BIND servers so long as you configure the BIND
servers either by using delegations, stub zones, or secondary zones to
locate the Active Directory domain's zones and let the Domain Controller use
its own DNS. This provides security for the DC to make dynamic updates in
DNS for all the records it needs to register.

255913 - Integrating Windows 2000 DNS into an Existing BIND or Windows NT
4.0-Based DNS Namespace
http://support.microsoft.com/default...255913&sd=RMVP



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

is that necessary??..the article you are referring to references BIND version
4.9.7 and earlier. We are running version 8.x.x, which supports SRV records,
and dynamic updates.

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Ed wrote:
> > The issue is all of our PC's are currently pointing to the BIND
> > Servers and DHCP is not an option. so with that said, is there a
> > problem with using BIND as the DNS for Active Directory?
>
> You can continue to use the BIND servers so long as you configure the BIND
> servers either by using delegations, stub zones, or secondary zones to
> locate the Active Directory domain's zones and let the Domain Controller use
> its own DNS. This provides security for the DC to make dynamic updates in
> DNS for all the records it needs to register.
>
> 255913 - Integrating Windows 2000 DNS into an Existing BIND or Windows NT
> 4.0-Based DNS Namespace
> http://support.microsoft.com/default...255913&sd=RMVP
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

Ed wrote:
> is that necessary??..the article you are referring to references BIND
> version
> 4.9.7 and earlier. We are running version 8.x.x, which supports SRV
> records, and dynamic updates.

BIND any version does not support Microsoft's version of Dynamic Updates. It
only supports dynamic updates from and ISC DHCP server. You will have to
delegate, use secondaries or manually add all the records.
Your zones will be much more secure if you store them in Active Directory
and allow only secure updates. You can delegate or stub the zones or use a
secondary.
Honestly, the easiest way to combine AD DNS into a BIND environment is to
make the AD domain a sub domain of one of your BIND zones, then delegate
that sub domain on the BIND to the MS DNS. This makes it almost transparent
to the users and they'll never know the difference.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

gotcha, very ful..thanks. We created a subdomain on the BIND Server and
delegated the zones per the kb article on "integrating windows 2000 DNS into
an existing BIND or NT based DNS namespace" and all looks good.

When we add additional DC's, where should we point to for DNS...the BIND
Server or the MS Server...and should the same be true for all member servers?
My guess would be the MS, since it supports the MS specific SRV records.
Than the MS DNS server will update its data to the BIND server.

Thanks for all you ..

-Ed

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Ed wrote:
> > is that necessary??..the article you are referring to references BIND
> > version
> > 4.9.7 and earlier. We are running version 8.x.x, which supports SRV
> > records, and dynamic updates.
>
> BIND any version does not support Microsoft's version of Dynamic Updates. It
> only supports dynamic updates from and ISC DHCP server. You will have to
> delegate, use secondaries or manually add all the records.
> Your zones will be much more secure if you store them in Active Directory
> and allow only secure updates. You can delegate or stub the zones or use a
> secondary.
> Honestly, the easiest way to combine AD DNS into a BIND environment is to
> make the AD domain a sub domain of one of your BIND zones, then delegate
> that sub domain on the BIND to the MS DNS. This makes it almost transparent
> to the users and they'll never know the difference.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

"Ed" <Ed@discussions.microsoft.com> wrote in message
news:33F366D1-1FBB-48D4-B65D-0556C5DD0D61@microsoft.com...
> gotcha, very ful..thanks. We created a subdomain on the BIND Server
> and
> delegated the zones per the kb article on "integrating windows 2000 DNS
> into
> an existing BIND or NT based DNS namespace" and all looks good.

You will be much happier in the long run. BIND can be used
to support AD but Microsoft DNS, and AD Integrated DNS in
specific, is much better for supporting a Windows domain.

> When we add additional DC's, where should we point to for DNS...the BIND
> Server or the MS Server...and should the same be true for all member
> servers?

The technical answer is that DNS clients must be pointed to
(any of) the DNS servers which can resolve every name that
client will ever need. So technically the clients could be
pointed to either the DNS servers within the domain or the
DNS servers running BIND (since they delegate).

It is common however to point DNS clients to the ones in their
own domain, and probably most correct to just point them to
the one that is 'network closest', i.e., that is most efficient.

As to servers, these are DNS clients too and follow both the
same rules and considerations as any other DNS client. This
applied to DCs and the DNS servers themselves -- they are
also DNS clients separate from any server role they play.

> My guess would be the MS, since it supports the MS specific SRV records.

That is normal, but technically they will only be able to register
with the (traditional) Primary OR any of the AD Integrated DNS
server "set" so as long as they can FIND these they will work.

> Than the MS DNS server will update its data to the BIND server.

Technically the BIND servers will pull (do a "zone transfer")
from their master, which will be the MS DNS IF the BIND servers
are set as Secondary DNS servers (not if they are merely delegating.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> Thanks for all you ..
>
> -Ed
>
> "Kevin D. Goodknecht Sr. [MVP]" wrote:
>
>> Ed wrote:
>> > is that necessary??..the article you are referring to references BIND
>> > version
>> > 4.9.7 and earlier. We are running version 8.x.x, which supports SRV
>> > records, and dynamic updates.
>>
>> BIND any version does not support Microsoft's version of Dynamic Updates.
>> It
>> only supports dynamic updates from and ISC DHCP server. You will have to
>> delegate, use secondaries or manually add all the records.
>> Your zones will be much more secure if you store them in Active Directory
>> and allow only secure updates. You can delegate or stub the zones or use
>> a
>> secondary.
>> Honestly, the easiest way to combine AD DNS into a BIND environment is to
>> make the AD domain a sub domain of one of your BIND zones, then delegate
>> that sub domain on the BIND to the MS DNS. This makes it almost
>> transparent
>> to the users and they'll never know the difference.
>>
>> --
>> Best regards,
>> Kevin D. Goodknecht Sr. [MVP]
>> Hope This s
>> ===================================
>> When responding to posts, please "Reply to Group"
>> via your newsreader so that others may learn and
>> benefit from your issue, to respond directly to
>> me remove the nospam. from my email address.
>> ===================================
>> http://www.lonestaramerica.com/
>> http://support.wftx.us/
>> http://message.wftx.us/
>> ===================================
>> Use Outlook Express?... Get OE_Quotefix:
>> It will strip signature out and more
>> http://home.in.tum.de/~jain/software/oe-quotefix/
>> ===================================
>> Keep a back up of your OE settings and folders
>> with OEBackup:
>> http://www.oe.com/OEBackup/Default.aspx
>> ===================================
>>
>>
>>

Ed wrote:
> gotcha, very ful..thanks. We created a subdomain on the BIND
> Server and delegated the zones per the kb article on "integrating
> windows 2000 DNS into an existing BIND or NT based DNS namespace" and
> all looks good.
>
> When we add additional DC's, where should we point to for DNS...the
> BIND Server or the MS Server...and should the same be true for all
> member servers? My guess would be the MS, since it supports the MS
> specific SRV records.
> Than the MS DNS server will update its data to the BIND server.

The short answer is to point the Domain Controllers directly to the AD DNS
servers to reduce network traffic when the DCs register their records. IIRC,
DCs register Netlogon records every two hours from startup by default.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================