RE: [ActiveDir] Authoritative Domain Problem
Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix ), but more importantly the MS Exchange Server we have online would not support the domain name change. Therefore, because of the Exchange server I could not risk performing this task a second time since the Exchange Server was just recently moved to this new domain in question and I received a lot of grief because of the migration process. So here is my question. Is it possible to have the DNS server of the DC forward an authoritative request to a public nameserver? I have tried doing this by configuring the "Forwarders" tab under the DNS propertied without success. The workaround being used right now is to change the DHCP server order by having the public nameservers listed first and then the DC DNS server listed last. This of course doesn't sound like a good solution. If forwarding is not an option, then is it possible for the internal DC DNS server to query the external public nameserver and then pull the data that it does not currently have? If so, can you please lead me in the right direction? I hope that I have made my question clear. If anyone is able to help, I will be more than happy to answer any and all questions that I can.
RE: [ActiveDir] Authoritative Domain Problem
Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesnt take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Wednesday, March 10, 2004 9:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix ), but more importantly the MS Exchange Server we have online would not support the domain name change. Therefore, because of the Exchange server I could not risk performing this task a second time since the Exchange Server was just recently moved to this new domain in question and I received a lot of grief because of the migration process. So here is my question. Is it possible to have the DNS server of the DC forward an authoritative request to a public nameserver? I have tried doing this by configuring the Forwarders tab under the DNS propertied without success. The workaround being used right now is to change the DHCP server order by having the public nameservers listed first and then the DC DNS server listed last. This of course doesn't sound like a good solution. If forwarding is not an option, then is it possible for the internal DC DNS server to query the external public nameserver and then pull the data that it does not currently have? If so, can you please lead me in the right direction? I hope that I have made my question clear. If anyone is able to help, I will be more than happy to answer any and all questions that I can.
RE: [ActiveDir] Authoritative Domain Problem
vague recollectionProgrammatically managing DNS in Win2000 was/is klunky. The WMI DNS provider in Win2k3 is much better, and may offer a good path for you. I seem to recall Robbie posting on this a while back, but I could be wrong. /vague recollection Short term, you can probably build a duct tape and baling wire solution using a combination of nslookup to dump the information from your Linux DNS server, vbscript or perl to modify the dumped DNS information if necessary, and a batch file with dnscmd.exe (Windows Support Tools) to add the records in your Win2k3 DNS Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 9:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Authoritative Domain Problem Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesn't take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Wednesday, March 10, 2004 9:47 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix ), but more importantly the MS Exchange Server we have online would not support the domain name change. Therefore, because of the Exchange server I could not risk performing this task a second time since the Exchange Server was just recently moved to this new domain in question and I received a lot of grief because of the migration process. So here is my question. Is it possible to have the DNS server of the DC forward an authoritative request to a public nameserver? I have tried doing this by configuring the "Forwarders" tab under the DNS propertied without success. The workaround being used right now is to change the DHCP server order by having the public nameservers listed first and then the DC DNS server listed last. This of course doesn't sound like a good solution. If forwarding is not an option, then is it possible for the internal DC DNS server to query the external public nameserver and then pull the data that it does not currently have? If so, can you please lead me in the right direction? I hope that I have made my question clear. If anyone is able to help, I will be more than happy to answer any and all questions that I can.
RE: [ActiveDir] Authoritative Domain Problem
Title: Message Why not open the port between DC and the outside server long enough to pull a single secondary transfer, then close it and change the zone in AD to AD integrated? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 12:02 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem vague recollectionProgrammatically managing DNS in Win2000 was/is klunky. The WMI DNS provider in Win2k3 is much better, and may offer a good path for you. I seem to recall Robbie posting on this a while back, but I could be wrong. /vague recollection Short term, you can probably build a duct tape and baling wire solution using a combination of nslookup to dump the information from your Linux DNS server, vbscript or perl to modify the dumped DNS information if necessary, and a batch file with dnscmd.exe (Windows Support Tools) to add the records in your Win2k3 DNS Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 9:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Authoritative Domain Problem Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesn't take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Wednesday, March 10, 2004 9:47 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix ), but more importantly the MS Exchange Server we have online would not support the domain name change. Therefore, because of the Exchange server I could not risk performing this task a second time since the Exchange Server was just recently moved to this new domain in question and I received a lot of grief because of the migration process. So here is my question. Is it possible to have the DNS server of the DC forward an authoritative request to a public nameserver? I have tried doing this by configuring the "Forwarders" tab under the DNS propertied without success. The workaround being used right now is to change the DHCP server order by having the public nameservers listed first and then the DC DNS server listed last. This of course doesn't sound like a good solution. If forwarding is not an option, then is it possible for the internal DC DNS server to query the external public nameserver and then pull the data that it does not currently have?
RE: [ActiveDir] Authoritative Domain Problem
Title: Message If the zone had minimal changes, that would definitely be an option. But this zone can be edited a number of times a day as more servers are added to our network. But a way is needed to have one update done for both servers or have the DC poll the Linux server and get the information that it does not have. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Wednesday, March 10, 2004 1:31 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem Why not open the port between DC and the outside server long enough to pull a single secondary transfer, then close it and change the zone in AD to AD integrated? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 12:02 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem vague recollectionProgrammatically managing DNS in Win2000 was/is klunky. The WMI DNS provider in Win2k3 is much better, and may offer a good path for you. I seem to recall Robbie posting on this a while back, but I could be wrong. /vague recollection Short term, you can probably build a duct tape and baling wire solution using a combination of nslookup to dump the information from your Linux DNS server, vbscript or perl to modify the dumped DNS information if necessary, and a batch file with dnscmd.exe (Windows Support Tools) to add the records in your Win2k3 DNS Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 9:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Authoritative Domain Problem Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesn't take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Wednesday, March 10, 2004 9:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix ), but more importantly the MS Exchange Server we have online would not support the domain name change. Therefore, because of the Exchange server I could not risk performing this task a second time since the Exchange Server was just recently moved to this new domain in question and I received a lot of grief because of the migration process. So here is my question. Is it possible to have the DNS server of the DC forward an authoritative request to a public nameserver? I have tried doing this by configuring the Forwarders tab under the DNS propertied without success. The workaround being used right now is to change the DHCP server order
RE: [ActiveDir] Authoritative Domain Problem
Title: Message We run split DNS on most of our production domains (yeah, I've got a few... dozen). Its not all that hard to keep them synced - are you seriously changing public facing DNS records daily? That strikes me as unlikely. Roger -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 1:52 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Authoritative Domain Problem If the zone had minimal changes, that would definitely be an option. But this zone can be edited a number of times a day as more servers are added to our network. But a way is needed to have one update done for both servers or have the DC poll the Linux server and get the information that it does not have. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger SeielstadSent: Wednesday, March 10, 2004 1:31 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Why not open the port between DC and the outside server long enough to pull a single secondary transfer, then close it and change the zone in AD to AD integrated? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 12:02 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem vague recollectionProgrammatically managing DNS in Win2000 was/is klunky. The WMI DNS provider in Win2k3 is much better, and may offer a good path for you. I seem to recall Robbie posting on this a while back, but I could be wrong. /vague recollection Short term, you can probably build a duct tape and baling wire solution using a combination of nslookup to dump the information from your Linux DNS server, vbscript or perl to modify the dumped DNS information if necessary, and a batch file with dnscmd.exe (Windows Support Tools) to add the records in your Win2k3 DNS Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 9:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Authoritative Domain Problem Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesn't take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Wednesday, March 10, 2004 9:47 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I
RE: [ActiveDir] Authoritative Domain Problem
Title: Message If he already has a mycompany.net zone running on his DC, I don't see how he could add in another instance of mycompany.net as a secondary on the DCto do the transfer from the outside server. From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 11:31 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Why not open the port between DC and the outside server long enough to pull a single secondary transfer, then close it and change the zone in AD to AD integrated? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 12:02 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem vague recollectionProgrammatically managing DNS in Win2000 was/is klunky. The WMI DNS provider in Win2k3 is much better, and may offer a good path for you. I seem to recall Robbie posting on this a while back, but I could be wrong. /vague recollection Short term, you can probably build a duct tape and baling wire solution using a combination of nslookup to dump the information from your Linux DNS server, vbscript or perl to modify the dumped DNS information if necessary, and a batch file with dnscmd.exe (Windows Support Tools) to add the records in your Win2k3 DNS Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 9:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Authoritative Domain Problem Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesn't take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Wednesday, March 10, 2004 9:47 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix ), but more importantly the MS Exchange Server we have online would not support the domain name change. Therefore, because of the Exchange server I could not risk performing this task a second time since the Exchange Server was just recently moved to this new domain in question and I received a lot of grief because of the migration process. So here is my question. Is it possible to have the DNS server of the DC forward an authoritative request to a public nameserver? I have tried doing this by configuring the "Forwarders" tab under the DNS propertied without success. The workaround being used right now is
RE: [ActiveDir] Authoritative Domain Problem
Title: Message Cant you copy the zone file itself and move it to the other DC? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Wednesday, March 10, 2004 4:18 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem If he already has a mycompany.net zone running on his DC, I don't see how he could add in another instance of mycompany.net as a secondary on the DCto do the transfer from the outside server. From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 11:31 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem Why not open the port between DC and the outside server long enough to pull a single secondary transfer, then close it and change the zone in AD to AD integrated? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 12:02 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem vague recollectionProgrammatically managing DNS in Win2000 was/is klunky. The WMI DNS provider in Win2k3 is much better, and may offer a good path for you. I seem to recall Robbie posting on this a while back, but I could be wrong. /vague recollection Short term, you can probably build a duct tape and baling wire solution using a combination of nslookup to dump the information from your Linux DNS server, vbscript or perl to modify the dumped DNS information if necessary, and a batch file with dnscmd.exe (Windows Support Tools) to add the records in your Win2k3 DNS Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 9:21 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Authoritative Domain Problem Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesn't take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Wednesday, March 10, 2004 9:47 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix ), but more importantly the MS Exchange Server we have online would not support the domain name change. Therefore, because of the Exchange server I could not risk performing this task a second time since the Exchange Server was just recently moved to this new domain in question and I received a lot of grief because of the migration process. So here is my question. Is it possible to have the DNS server of the DC forward an authoritative request to a public nameserver? I have tried doing this by configuring the Forwarders tab under
RE: [ActiveDir] Authoritative Domain Problem
Title: Message Yes, but you still face having to integrate it with the records for the same zone on the DC so that you don't blow away the SRV records (or anything else that's registered in the AD DNS). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 2:52 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Authoritative Domain Problem Can't you copy the zone file itself and move it to the other DC? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Wednesday, March 10, 2004 4:18 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem If he already has a mycompany.net zone running on his DC, I don't see how he could add in another instance of mycompany.net as a secondary on the DCto do the transfer from the outside server. From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 11:31 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Why not open the port between DC and the outside server long enough to pull a single secondary transfer, then close it and change the zone in AD to AD integrated? -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: Coleman, Hunter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 12:02 PMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem vague recollectionProgrammatically managing DNS in Win2000 was/is klunky. The WMI DNS provider in Win2k3 is much better, and may offer a good path for you. I seem to recall Robbie posting on this a while back, but I could be wrong. /vague recollection Short term, you can probably build a duct tape and baling wire solution using a combination of nslookup to dump the information from your Linux DNS server, vbscript or perl to modify the dumped DNS information if necessary, and a batch file with dnscmd.exe (Windows Support Tools) to add the records in your Win2k3 DNS Hunter From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 9:21 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Authoritative Domain Problem Our public nameserver is running Linux and we could enable it for use on the DC but that would mean we would have to punch a hole in the firewall. But putting a hole in the firewall is not something that will be approved. Doing something with ADSI programming seems to be the only logical solution at this point but my experience just doesn't take me there yet. I am doing a lot of reading now but need a quicker solution. I would think that M$FT had some kind of tool already that would query a remote nameserver and import those setting for a domain. Would I be correct? If not, M$FT, does anyone know of another tool maybe from a 3rd party developer? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, HunterSent: Wednesday, March 10, 2004 9:47 AMTo: '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] Authoritative Domain Problem Since your DC (rightly) believes it is authoratative for mycompany.net, it won't matter what you have set up for forwarding. Any request coming to your DC for resolving *.mycompany.net is going to get answered by the DC. It will either return the requested information or say that the information doesn't exist. What you'll need to do is manually add in the records for the daily accessed servers. Or, if those servers are joined to your Win2k3 domain and you have dynamic DNS enabled, the servers can register themselves. As a sidenote, take a look at http://support.microsoft.com/default.aspx?scid=kb;en-us;255134. Not sure if this has changed for Win2k3, but definitely worth following up. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 10, 2004 7:00 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Authoritative Domain Problem I have my DC setup as a DHCP Server as well as a DNS Server. I work for a company that has public DNS records (mycompany.net) that are used to reference servers that are accessed daily. I setup the DC to use mycompany.net as the domain name and now I am having troubles resolving DNS for these daily accessed servers. So for example, if I needed to access a server I would normally reference it by calling servername.mycompany.net. I should have used a 3rd level domain for the DC but that is too late to argue about or change now. Since I have Win2K3 as my DC I tried to do a domain rename. As I started reading the documentation, I quickly learned that I could not do this because the client machines already on the DC are running Win2K Professional ( easy fix
