Hello

we have a parent domain xxx.com.
we have create a childdomain child.xxx.com.


now i have a DNS problem:
the child.xxx.com was a secondary dns zone.


But the child.xxx.com was not in the same location as the parent
domain.
I need a GC on the child domain.

http://support.microsoft.com/?id=255248
=> no GC, GC just in the Parent Domain.


Are there any possibilites?

thanks

<admin@ip-style.com> wrote in message
news:1159857780.389906.119600@b28g2000cwb.googlegr oups.com...
> Hello
>
> we have a parent domain xxx.com.
> we have create a childdomain child.xxx.com.
> now i have a DNS problem:
> the child.xxx.com was a secondary dns zone.

All DNS zones need both a Primary and optional
but important Secondaries (or equivalent*) sufficient
for performance and fault tolerance purposes,
including dealing with important WAN locations.

*An AD Integrated "set" of DNS-DCs can replace the
Single traditional Primary, and function with or without
additional secondaries.

Every zone has it's own set of servers, the Primary or
equivalent being REQUIRED at a minimum.

By definition there was a Primary for that child zone
at least when you create the zone, so either correct it's
problems or switch a child secondary to become Primary.

> But the child.xxx.com was not in the same location as the parent
> domain.

DNS routes so techically locations don't always matter
for DNS, but it is a good idea to have additional Secondaries
(or perhaps better AD Integrated) DNS servers wherever
you have separate significant locations, generally where you
have DCs.

> I need a GC on the child domain.

Technically GCs don't have anything DIRECTLY to do with
Domains (except that they must run on SOME DC which is
by definition in some domain) but rather are a FOREST
resource.

You should place your MINIMUM number of GCs by
Site -- every Site needs as least one, two for fault tolerance,
and more when performance of network applications such
as Exchange is an issue (Exchange uses the GC in place of
its older "Global Address List" or GAL).

Any DC can be made a GC (with some very trivial restrictions
for keeping the Infrastructure master and GC apart in multi
domain setups UNLESS you make every DC in the domain a GC.)

If you have a SMALL multidomain forest you can make every
GC a DC usually and this may frequently be best -- generally a
single domain forest should have every DC a GC.

> http://support.microsoft.com/?id=255248
> => no GC, GC just in the Parent Domain.

> Are there any possibilites?

Add GCs by going to Sites and servers and selecting a DC,
expanding its "NTDS" properties and "checking the box".

Wait for replication.

BTW, it is a good idea to run DCDiag on every DC and
ensure that you have both full replication and correct DNS
replication for the plethora of DC records through the
Forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


> thanks
>

admin@ip-style.com wrote:
> Hello
>
> we have a parent domain xxx.com.
> we have create a childdomain child.xxx.com.
>
>
> now i have a DNS problem:
> the child.xxx.com was a secondary dns zone.
>
>
> But the child.xxx.com was not in the same location as the parent
> domain.
> I need a GC on the child domain.
>
> http://support.microsoft.com/?id=255248
> => no GC, GC just in the Parent Domain.
>
> Are there any possibilites?

In addition to Herb's comments for making a DC a Global Catalog, the GC
record is registered in gc.msdcs.xxx.com location. Assuming this is Win2k,
ADI zones cannot be replicated across domain boundaries, so you'll need
Secondary zones on the Win2k Child DNS servers, so the child members can
find these records, and child Domain Controllers can find the master servers
to register in. (All Domain Controllers in a forest register records in
_msdcs.xxx.com, which is why Win2k3 made this a separate zone that
replicates to all DC/DNS in the forest.)
You have to do this by using a Secondary zone, or by using Forwarding from
the child to the parent servers with "Do not use recursion" selected.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

Hello Martin

Best thanks for your reply.

GC was activated on the site in the childdomain.

parentdomain.com (with 2 gc's, 2 dc's)
child.parentdomain.com (with 1gc, 1dc)


Confuse is the following thing:
DNS
=> Partentdomain:
parentdomain.com
=> _tcp
=> I can see some _gc SRV entry from every gc / dc in the
parentdomain

=> Childdomain:
child.parentdomain.com
=> _tcp
=> I can't see any _gc SRV entry.

Is there any relation with GC functionality?
Or is it normal that on the childdomain are no _gc SRV entries?


Thanks, best regards




Herb Martin schrieb:

> <admin@ip-style.com> wrote in message
> news:1159857780.389906.119600@b28g2000cwb.googlegr oups.com...
> > Hello
> >
> > we have a parent domain xxx.com.
> > we have create a childdomain child.xxx.com.
> > now i have a DNS problem:
> > the child.xxx.com was a secondary dns zone.
>
> All DNS zones need both a Primary and optional
> but important Secondaries (or equivalent*) sufficient
> for performance and fault tolerance purposes,
> including dealing with important WAN locations.
>
> *An AD Integrated "set" of DNS-DCs can replace the
> Single traditional Primary, and function with or without
> additional secondaries.
>
> Every zone has it's own set of servers, the Primary or
> equivalent being REQUIRED at a minimum.
>
> By definition there was a Primary for that child zone
> at least when you create the zone, so either correct it's
> problems or switch a child secondary to become Primary.
>
> > But the child.xxx.com was not in the same location as the parent
> > domain.
>
> DNS routes so techically locations don't always matter
> for DNS, but it is a good idea to have additional Secondaries
> (or perhaps better AD Integrated) DNS servers wherever
> you have separate significant locations, generally where you
> have DCs.
>
> > I need a GC on the child domain.
>
> Technically GCs don't have anything DIRECTLY to do with
> Domains (except that they must run on SOME DC which is
> by definition in some domain) but rather are a FOREST
> resource.
>
> You should place your MINIMUM number of GCs by
> Site -- every Site needs as least one, two for fault tolerance,
> and more when performance of network applications such
> as Exchange is an issue (Exchange uses the GC in place of
> its older "Global Address List" or GAL).
>
> Any DC can be made a GC (with some very trivial restrictions
> for keeping the Infrastructure master and GC apart in multi
> domain setups UNLESS you make every DC in the domain a GC.)
>
> If you have a SMALL multidomain forest you can make every
> GC a DC usually and this may frequently be best -- generally a
> single domain forest should have every DC a GC.
>
> > http://support.microsoft.com/?id=255248
> > => no GC, GC just in the Parent Domain.
>
> > Are there any possibilites?
>
> Add GCs by going to Sites and servers and selecting a DC,
> expanding its "NTDS" properties and "checking the box".
>
> Wait for replication.
>
> BTW, it is a good idea to run DCDiag on every DC and
> ensure that you have both full replication and correct DNS
> replication for the plethora of DC records through the
> Forest.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
> > thanks
> >

<admin@ip-style.com> wrote in message
news:1159880753.333949.51090@m73g2000cwd.googlegro ups.com...
> GC was activated on the site in the childdomain.
> parentdomain.com (with 2 gc's, 2 dc's)
> child.parentdomain.com (with 1gc, 1dc)

So, every DC in the Forest is a GC, and specifically
every Site has at least one GC.

> Confuse is the following thing:
> DNS
> => Partentdomain:
> parentdomain.com
> => _tcp
> => I can see some _gc SRV entry from every gc / dc in the
> parentdomain
>
> => Childdomain:
> child.parentdomain.com
> => _tcp
> => I can't see any _gc SRV entry.
>
> Is there any relation with GC functionality?
> Or is it normal that on the childdomain are no _gc SRV entries?

There should be GC references in both the _msdcs._sites._sitename etc.
and in the corresponding _sites._sitename etc.

IF a DC is a GC and your run DCDiag is SHOULD also complain
if the records are not all correct.

How does the "child DNS Server" (there's no such thing really but
we all speak this way) find names in the PARENT zone? Does it
hold a copy of the parent zone? (There are other ways in Win2003
but this is the main choice for Win2000.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>
> Thanks, best regards
>
>
>
>
> Herb Martin schrieb:
>
>> <admin@ip-style.com> wrote in message
>> news:1159857780.389906.119600@b28g2000cwb.googlegr oups.com...
>> > Hello
>> >
>> > we have a parent domain xxx.com.
>> > we have create a childdomain child.xxx.com.
>> > now i have a DNS problem:
>> > the child.xxx.com was a secondary dns zone.
>>
>> All DNS zones need both a Primary and optional
>> but important Secondaries (or equivalent*) sufficient
>> for performance and fault tolerance purposes,
>> including dealing with important WAN locations.
>>
>> *An AD Integrated "set" of DNS-DCs can replace the
>> Single traditional Primary, and function with or without
>> additional secondaries.
>>
>> Every zone has it's own set of servers, the Primary or
>> equivalent being REQUIRED at a minimum.
>>
>> By definition there was a Primary for that child zone
>> at least when you create the zone, so either correct it's
>> problems or switch a child secondary to become Primary.
>>
>> > But the child.xxx.com was not in the same location as the parent
>> > domain.
>>
>> DNS routes so techically locations don't always matter
>> for DNS, but it is a good idea to have additional Secondaries
>> (or perhaps better AD Integrated) DNS servers wherever
>> you have separate significant locations, generally where you
>> have DCs.
>>
>> > I need a GC on the child domain.
>>
>> Technically GCs don't have anything DIRECTLY to do with
>> Domains (except that they must run on SOME DC which is
>> by definition in some domain) but rather are a FOREST
>> resource.
>>
>> You should place your MINIMUM number of GCs by
>> Site -- every Site needs as least one, two for fault tolerance,
>> and more when performance of network applications such
>> as Exchange is an issue (Exchange uses the GC in place of
>> its older "Global Address List" or GAL).
>>
>> Any DC can be made a GC (with some very trivial restrictions
>> for keeping the Infrastructure master and GC apart in multi
>> domain setups UNLESS you make every DC in the domain a GC.)
>>
>> If you have a SMALL multidomain forest you can make every
>> GC a DC usually and this may frequently be best -- generally a
>> single domain forest should have every DC a GC.
>>
>> > http://support.microsoft.com/?id=255248
>> > => no GC, GC just in the Parent Domain.
>>
>> > Are there any possibilites?
>>
>> Add GCs by going to Sites and servers and selecting a DC,
>> expanding its "NTDS" properties and "checking the box".
>>
>> Wait for replication.
>>
>> BTW, it is a good idea to run DCDiag on every DC and
>> ensure that you have both full replication and correct DNS
>> replication for the plethora of DC records through the
>> Forest.
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>
>> > thanks
>> >
>

Yeah should be a copy.

We have in the parent domain a W2k DC and a W2k3 DC.
In the Childdomain, there's a W2k3 DC.




Herb Martin schrieb:

> <admin@ip-style.com> wrote in message
> news:1159880753.333949.51090@m73g2000cwd.googlegro ups.com...
> > GC was activated on the site in the childdomain.
> > parentdomain.com (with 2 gc's, 2 dc's)
> > child.parentdomain.com (with 1gc, 1dc)
>
> So, every DC in the Forest is a GC, and specifically
> every Site has at least one GC.
>
> > Confuse is the following thing:
> > DNS
> > => Partentdomain:
> > parentdomain.com
> > => _tcp
> > => I can see some _gc SRV entry from every gc / dc in the
> > parentdomain
> >
> > => Childdomain:
> > child.parentdomain.com
> > => _tcp
> > => I can't see any _gc SRV entry.
> >
> > Is there any relation with GC functionality?
> > Or is it normal that on the childdomain are no _gc SRV entries?
>
> There should be GC references in both the _msdcs._sites._sitename etc.
> and in the corresponding _sites._sitename etc.
>
> IF a DC is a GC and your run DCDiag is SHOULD also complain
> if the records are not all correct.
>
> How does the "child DNS Server" (there's no such thing really but
> we all speak this way) find names in the PARENT zone? Does it
> hold a copy of the parent zone? (There are other ways in Win2003
> but this is the main choice for Win2000.)
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
> >
> > Thanks, best regards
> >
> >
> >
> >
> > Herb Martin schrieb:
> >
> >> <admin@ip-style.com> wrote in message
> >> news:1159857780.389906.119600@b28g2000cwb.googlegr oups.com...
> >> > Hello
> >> >
> >> > we have a parent domain xxx.com.
> >> > we have create a childdomain child.xxx.com.
> >> > now i have a DNS problem:
> >> > the child.xxx.com was a secondary dns zone.
> >>
> >> All DNS zones need both a Primary and optional
> >> but important Secondaries (or equivalent*) sufficient
> >> for performance and fault tolerance purposes,
> >> including dealing with important WAN locations.
> >>
> >> *An AD Integrated "set" of DNS-DCs can replace the
> >> Single traditional Primary, and function with or without
> >> additional secondaries.
> >>
> >> Every zone has it's own set of servers, the Primary or
> >> equivalent being REQUIRED at a minimum.
> >>
> >> By definition there was a Primary for that child zone
> >> at least when you create the zone, so either correct it's
> >> problems or switch a child secondary to become Primary.
> >>
> >> > But the child.xxx.com was not in the same location as the parent
> >> > domain.
> >>
> >> DNS routes so techically locations don't always matter
> >> for DNS, but it is a good idea to have additional Secondaries
> >> (or perhaps better AD Integrated) DNS servers wherever
> >> you have separate significant locations, generally where you
> >> have DCs.
> >>
> >> > I need a GC on the child domain.
> >>
> >> Technically GCs don't have anything DIRECTLY to do with
> >> Domains (except that they must run on SOME DC which is
> >> by definition in some domain) but rather are a FOREST
> >> resource.
> >>
> >> You should place your MINIMUM number of GCs by
> >> Site -- every Site needs as least one, two for fault tolerance,
> >> and more when performance of network applications such
> >> as Exchange is an issue (Exchange uses the GC in place of
> >> its older "Global Address List" or GAL).
> >>
> >> Any DC can be made a GC (with some very trivial restrictions
> >> for keeping the Infrastructure master and GC apart in multi
> >> domain setups UNLESS you make every DC in the domain a GC.)
> >>
> >> If you have a SMALL multidomain forest you can make every
> >> GC a DC usually and this may frequently be best -- generally a
> >> single domain forest should have every DC a GC.
> >>
> >> > http://support.microsoft.com/?id=255248
> >> > => no GC, GC just in the Parent Domain.
> >>
> >> > Are there any possibilites?
> >>
> >> Add GCs by going to Sites and servers and selecting a DC,
> >> expanding its "NTDS" properties and "checking the box".
> >>
> >> Wait for replication.
> >>
> >> BTW, it is a good idea to run DCDiag on every DC and
> >> ensure that you have both full replication and correct DNS
> >> replication for the plethora of DC records through the
> >> Forest.
> >>
> >> --
> >> Herb Martin, MCSE, MVP
> >> Accelerated MCSE
> >> http://www.LearnQuick.Com
> >> [phone number on web site]
> >>
> >>
> >> > thanks
> >> >
> >

admin@ip-style.com wrote:
> Hello Martin
>
> Best thanks for your reply.
>
> GC was activated on the site in the childdomain.
>
> parentdomain.com (with 2 gc's, 2 dc's)
> child.parentdomain.com (with 1gc, 1dc)
>
>
> Confuse is the following thing:
> DNS
> => Partentdomain:
> parentdomain.com
> => _tcp
> => I can see some _gc SRV entry from every gc / dc in the
> parentdomain
>
> => Childdomain:
> child.parentdomain.com
> => _tcp
> => I can't see any _gc SRV entry.
>
> Is there any relation with GC functionality?
> Or is it normal that on the childdomain are no _gc SRV entries?

All Global Catalog records are registered under the DNS forest root,
regardless of site or domain.

Here are the Netlogon registrations and where they are registered.
LdapIpAddress A <DnsDomainName>
Ldap SRV _ldap._tcp.<DnsDomainName>
LdapAtSite SRV _ldap._tcp.<SiteName>._sites.<DnsDomainName>
Pdc SRV _ldap._tcp.pdc._msdcs.<DnsDomainName>
Gc SRV _ldap._tcp.gc._msdcs.<DnsForestName>
GcAtSite SRV
_ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestN ame>
DcByGuid SRV
_ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestN ame>
GcIpAddress A _gc._msdcs.<DnsForestName>
DsaCname CNAME <DsaGuid>._msdcs.<DnsForestName>
Kdc SRV _kerberos._tcp.dc._msdcs.<DnsDomainName>
KdcAtSite SRV
_kerberos._tcp.dc._msdcs.<SiteName>._sites.<DnsDom ainName>
Dc SRV _ldap._tcp.dc._msdcs.<DnsDomainName>
DcAtSite SRV
_ldap._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainN ame>
Rfc1510Kdc SRV _kerberos._tcp.<DnsDomainName>
Rfc1510KdcAtSite SRV _kerberos._tcp.<SiteName>._sites.<DnsDomainName>
GenericGc SRV _gc._tcp.<DnsForestName>
GenericGcAtSite SRV _gc._tcp.<SiteName>._sites.<DnsForestName>
Rfc1510UdpKdc SRV _kerberos._udp.<DnsDomainName>
Rfc1510Kpwd SRV _kpasswd._tcp.<DnsDomainName>
Rfc1510UdpKpwd SRV _kpasswd._udp.<DnsDomainName>



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================