Re: DNS - Active Directory - domain - starting over.

12/04/2006, 01h33

"Leo" <foyrnb@hotmail.com> wrote in message
news:427n329i63d005acf0g8rpum0kcrpgijck@4ax.com...
> ? or words to that effect.
>
> It's beginning to look like we need to scrap everything and start over
> with our domain, active directory, and DNS. Can anybody with the
> mess we've got ourselves into please?

We'll try but if you have more than a few days invested
then this is practically never the best answer.

Even if you start over, unless you understand how to set
it up correctly you will likely reach a similar situation
quickly, and since if you can set it up correctly you can
almost always fix the current setup.

> We have a small domain called (for the sake of example)
> "example.co.uk". This is the internet domain for the company, which
> we shall call "Example Ltd."

If this is ONLY the "Internet" (presence) DNS name then
that is ACTUALLY A VERY GOOD THING.

While you CAN use the same name externally as you
do for the internal AD domain it is not generally the
best idea for most people.

> When we set up the PDC for the domain we called it "Server1". Then
> somehow when we set up the domain itself it became called
> "example.townname" instead of "example.co.uk", so the server is called
> "server1.example.townname".

Actually your choice, however unintended is not that bad.

Unless you have some (older machines) which have trouble
with the LENGTH of the final tag (townname) it's pretty good
as long as the name makes SENSE to you and your users.

> Since then active directory, DNS, printing services, and a host of
> other things just don't work properly.

Not due to that choice of name.

> My question is basically what to do next.

Fix the DNS SETUP (configure it correctly on both the
DNS Servers and the DNS clients -- DCs are also DNS
clients) -- replication and authentication issues are almost
always DNS based when using AD.

> We want to rename the domain on the PDC so that DNS lookups can work
> properly.

Your problem is almost certainly unrelated to the DNS
name (except in that it may be confusing you or your
other admins.)

> Does the domain have to be called example.co.uk in order for active
> directory to work?

Absolutely not. It needs to be consistent on all of the
internal machines; all of the internal servers -- especially
DCS -- must be DNS clients of those (internal) DNS servers
which can resolve this name.

> Do we have to set up a new PDC in a new domain, then set up trust
> between the two domains, then copy the (masses of) network files
> across from one domain to the other, or is it possible to achieve the
> same effect by just "resetting" the domain on the current pdc?

No. Don't go there.

If you really had a domain that needed to be renamed we could
(possibly) you with that but you almost certainly have a
more basic problem.

The most common such problem is configuring DNS clients
(including DCs are DNS clients, remember !!!) STRICTLY
with the internal DNS server (set) on their NIC->IP properties.

Do NOT try to mix an external and internal DNS server there;
people do this in the mistaken idea that both will be used.

Internal DNS servers usually FORWARD to external servers
(at the firewall or ISP) for resolving the Internet. Internal
DNS servers must be able to resovle EVERY name the internal
clients will need.

Herb are DNS for AD general recommendations:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server

C-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> --
> John

12/04/2006, 17h13

"Herb Martin" <news@LearnQuick.com> wrote:

>"Leo" <foyrnb@hotmail.com> wrote in message

<snip tale of dns dross>

>> When we set up the PDC for the domain we called it "Server1". Then
>> somehow when we set up the domain itself it became called
>> "example.townname" instead of "example.co.uk", so the server is called
>> "server1.example.townname".
>

>> My question is basically what to do next.
>
>Fix the DNS SETUP (configure it correctly on both the
>DNS Servers and the DNS clients -- DCs are also DNS
>clients) -- replication and authentication issues are almost
>always DNS based when using AD.
>

Thank you very much. That's cleared things up substantially.

Right. I'm off to do some reading....

Expect some tooth grinding, and clumps of hair on the floor in the
near future....

I'll be back!

12/04/2006, 17h32

> Right. I'm off to do some reading....
>
> Expect some tooth grinding, and clumps of hair on the floor in the
> near future....
>

Keep it simple and logical. DNS is actually VERY LOGICALLY
and fairly easy ONCE you understand the basics.

BUT it is also trivial to mess up if you don't understand something.

Fortunately it's easy to find and fix errors if you approach it
systematically and EXPECT TO UNDERSTAND the problem
and to be able to find the problem with simple tools.

(Ping, nslookup, DCDiag, NetDiag, ipconfig, etc.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Leo" <foyrnb@hotmail.com> wrote in message
news:s1vp32hvug4j77facat8b1ng4n8aq37m3s@4ax.com...
> "Herb Martin" <news@LearnQuick.com> wrote:
>
>>"Leo" <foyrnb@hotmail.com> wrote in message
>
> <snip tale of dns dross>
>
>>> When we set up the PDC for the domain we called it "Server1". Then
>>> somehow when we set up the domain itself it became called
>>> "example.townname" instead of "example.co.uk", so the server is called
>>> "server1.example.townname".
>>
>
>>> My question is basically what to do next.
>>
>>Fix the DNS SETUP (configure it correctly on both the
>>DNS Servers and the DNS clients -- DCs are also DNS
>>clients) -- replication and authentication issues are almost
>>always DNS based when using AD.
>>
>
> Thank you very much. That's cleared things up substantially.
>
>
> Right. I'm off to do some reading....
>
> Expect some tooth grinding, and clumps of hair on the floor in the
> near future....
>
> I'll be back!

12/04/2006, 01h33	#1
Herb Martin Messages: n/a Hébergeur:	Re: DNS - Active Directory - domain - starting over. "Leo" <foyrnb@hotmail.com> wrote in message news:427n329i63d005acf0g8rpum0kcrpgijck@4ax.com... > ? or words to that effect. > > It's beginning to look like we need to scrap everything and start over > with our domain, active directory, and DNS. Can anybody with the > mess we've got ourselves into please? We'll try but if you have more than a few days invested then this is practically never the best answer. Even if you start over, unless you understand how to set it up correctly you will likely reach a similar situation quickly, and since if you can set it up correctly you can almost always fix the current setup. > We have a small domain called (for the sake of example) > "example.co.uk". This is the internet domain for the company, which > we shall call "Example Ltd." If this is ONLY the "Internet" (presence) DNS name then that is ACTUALLY A VERY GOOD THING. While you CAN use the same name externally as you do for the internal AD domain it is not generally the best idea for most people. > When we set up the PDC for the domain we called it "Server1". Then > somehow when we set up the domain itself it became called > "example.townname" instead of "example.co.uk", so the server is called > "server1.example.townname". Actually your choice, however unintended is not that bad. Unless you have some (older machines) which have trouble with the LENGTH of the final tag (townname) it's pretty good as long as the name makes SENSE to you and your users. > Since then active directory, DNS, printing services, and a host of > other things just don't work properly. Not due to that choice of name. > My question is basically what to do next. Fix the DNS SETUP (configure it correctly on both the DNS Servers and the DNS clients -- DCs are also DNS clients) -- replication and authentication issues are almost always DNS based when using AD. > We want to rename the domain on the PDC so that DNS lookups can work > properly. Your problem is almost certainly unrelated to the DNS name (except in that it may be confusing you or your other admins.) > Does the domain have to be called example.co.uk in order for active > directory to work? Absolutely not. It needs to be consistent on all of the internal machines; all of the internal servers -- especially DCS -- must be DNS clients of those (internal) DNS servers which can resolve this name. > Do we have to set up a new PDC in a new domain, then set up trust > between the two domains, then copy the (masses of) network files > across from one domain to the other, or is it possible to achieve the > same effect by just "resetting" the domain on the current pdc? No. Don't go there. If you really had a domain that needed to be renamed we could (possibly) you with that but you almost certainly have a more basic problem. The most common such problem is configuring DNS clients (including DCs are DNS clients, remember !!!) STRICTLY with the internal DNS server (set) on their NIC->IP properties. Do NOT try to mix an external and internal DNS server there; people do this in the mistaken idea that both will be used. Internal DNS servers usually FORWARD to external servers (at the firewall or ISP) for resolving the Internet. Internal DNS servers must be able to resovle EVERY name the internal clients will need. Herb are DNS for AD general recommendations: 1) Dynamic for the zone supporting AD 2) All internal DNS clients NIC\IP properties must specify SOLELY that internal, dynamic DNS server (set.) 3) DCs and even DNS servers are DNS clients too -- see #2 4) If you have more than one Domain, every DNS server must be able to resolve ALL domains (either directly or indirectly) netdiag /fix ....or maybe: dcdiag /fix (Win2003 can do this from Support tools): nltest /dsregdns /serverC-ServerNameGoesHere http://support.microsoft.com/kb/q260371/ Ensure that DNS zones/domains are fully replicated to all DNS servers for that (internal) zone/domain. Also useful may be running DCDiag on each DC, sending the output to a text file, and searching for FAIL, ERROR, WARN. -- Herb Martin, MCSE, MVP Accelerated MCSE http://www.LearnQuick.Com [phone number on web site] > -- > John

12/04/2006, 17h32	#3
Herb Martin Messages: n/a Hébergeur:	Re: DNS - Active Directory - domain - starting over. > Right. I'm off to do some reading.... > > Expect some tooth grinding, and clumps of hair on the floor in the > near future.... > Keep it simple and logical. DNS is actually VERY LOGICALLY and fairly easy ONCE you understand the basics. BUT it is also trivial to mess up if you don't understand something. Fortunately it's easy to find and fix errors if you approach it systematically and EXPECT TO UNDERSTAND the problem and to be able to find the problem with simple tools. (Ping, nslookup, DCDiag, NetDiag, ipconfig, etc.) -- Herb Martin, MCSE, MVP Accelerated MCSE http://www.LearnQuick.Com [phone number on web site] "Leo" <foyrnb@hotmail.com> wrote in message news:s1vp32hvug4j77facat8b1ng4n8aq37m3s@4ax.com... > "Herb Martin" <news@LearnQuick.com> wrote: > >>"Leo" <foyrnb@hotmail.com> wrote in message > > <snip tale of dns dross> > >>> When we set up the PDC for the domain we called it "Server1". Then >>> somehow when we set up the domain itself it became called >>> "example.townname" instead of "example.co.uk", so the server is called >>> "server1.example.townname". >> > >>> My question is basically what to do next. >> >>Fix the DNS SETUP (configure it correctly on both the >>DNS Servers and the DNS clients -- DCs are also DNS >>clients) -- replication and authentication issues are almost >>always DNS based when using AD. >> > > Thank you very much. That's cleared things up substantially. > > > Right. I'm off to do some reading.... > > Expect some tooth grinding, and clumps of hair on the floor in the > near future.... > > I'll be back!

12/04/2006, 17h13	#2
Leo Messages: n/a Hébergeur:	Re: DNS - Active Directory - domain - starting over. "Herb Martin" <news@LearnQuick.com> wrote: >"Leo" <foyrnb@hotmail.com> wrote in message <snip tale of dns dross> >> When we set up the PDC for the domain we called it "Server1". Then >> somehow when we set up the domain itself it became called >> "example.townname" instead of "example.co.uk", so the server is called >> "server1.example.townname". > >> My question is basically what to do next. > >Fix the DNS SETUP (configure it correctly on both the >DNS Servers and the DNS clients -- DCs are also DNS >clients) -- replication and authentication issues are almost >always DNS based when using AD. > Thank you very much. That's cleared things up substantially. Right. I'm off to do some reading.... Expect some tooth grinding, and clumps of hair on the floor in the near future.... I'll be back!

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email