Sign in with
Sign up | Sign in
Your question

2nd DC not authenticating users?

Last response: in Windows 2000/NT
Share
Anonymous
January 15, 2005 4:52:51 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have 3 Win 2K DC's.

Whenever the first one that was set up is being rebooted or maintained there
appears to be very little resolutions on the rest of the network. People
can't login easily and the dead giveaway is that nothing happens when you
click the domain name in net neighborhood.

I'm pretty sure it's to do wth my lack of knowledge of GC's and the like....
Help.

What do I need to do to make my 2nd and 3rd DC act like one for local
network/domain resolutions.....

thanks
Anonymous
January 15, 2005 9:53:52 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

DaShard!

I think that you are probably correct in your thought process that it is a
GC issue.

Is your WIN2000 Active Directory environment in Native Mode or in Mixed
Mode?

Does DC01 hold all of the FSMO Roles ( there are five: two forest-wide and
three domain-wide......Schema Master and Domain Naming Master and then the
PDC Emulator, RID Master and Infrastructure Master )?

Do you have WIN2000 and WINXP Pro clients only or do you also have some
'legacy' clients?

If you have only one Domain / Tree / Forest then it is generally suggested
that all Domain Controllers also be a Global Catalog Server. Now, the first
DC will be a GC. This you know. How do you make the second and third DCs
also Global Catalog Servers? Easy! Open up the Active Directory Sites and
Services MMC. Go to each DC under the SERVERS folder. Each DC should have
a child object NTDS SETTINGS. Simply right click that object and choose
Properties. On the General tab in the lower left corner you will see a
check box labeled Global Catalog Server. For DC02 and DC03 this check box
will not be checked. Check it! It is also probably a good idea to reboot
each DC once you do this, so you might want to do this on the weekend or
after hours!

I might also suggest to you that you install the Support Tools on all of
your Windows 2000 Servers, no matter what role they play ( Domain
Controller, Member Server running Exchange, Member Server running Terminal
Server, etc. etc. etc. ). There are some really neat tools. dcdaig,
netdiag, nltest, repadmin, replmon and netdom are the tools that you would
most likely use most often!

If you can not script then I would suggest that you look at ADModify to help
you when you have bulk changes to do.

I would also suggest that you make use of ExMerge for any Exchange 2000
related things that you might need. It is a great tool.

You might also want to go to Joe's web site at http://www.joeware.net and
get oldcmp and adfind ( at the very least ).

You might also want to get ALTOOLS.exe ( from the MS Web Site ) and make use
of the Account Lockout Tools. They are really nice.

HTH,

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"DaShard" <DaShard@home.com> wrote in message
news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>I have 3 Win 2K DC's.
>
> Whenever the first one that was set up is being rebooted or maintained
> there appears to be very little resolutions on the rest of the network.
> People can't login easily and the dead giveaway is that nothing happens
> when you click the domain name in net neighborhood.
>
> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
> like.... Help.
>
> What do I need to do to make my 2nd and 3rd DC act like one for local
> network/domain resolutions.....
>
> thanks
>
Anonymous
January 15, 2005 10:34:59 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Forgot in my first response:

Is DC01 the only DNS Server in your environment? If it is you might want to
look at making either DC02 or DC03 ( or maybe both ) DNS Servers. Also,
look at making DNS Active Directory Integrated DNS ( aka Dynamic DNS or
DDNS ). DO not forget to update DHCP if you add additional DNS Servers so
that your clients will have the updated information ( assuming that you use
DHCP ).

How many user account objects are in your environment? And how many
computer account objects? And I am assuming ( always a bad thing to do )
that you have one physical location and that you have properly created the
Subnet(s) and associated it/them with the correct Site? You would do this
in the Active Directory Sites and Services MMC.

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"DaShard" <DaShard@home.com> wrote in message
news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>I have 3 Win 2K DC's.
>
> Whenever the first one that was set up is being rebooted or maintained
> there appears to be very little resolutions on the rest of the network.
> People can't login easily and the dead giveaway is that nothing happens
> when you click the domain name in net neighborhood.
>
> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
> like.... Help.
>
> What do I need to do to make my 2nd and 3rd DC act like one for local
> network/domain resolutions.....
>
> thanks
>
Related resources
January 16, 2005 3:30:49 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Cary, thanks. OK I made my DC02 and DC03 GC's as per your grand suggestion.
I have one location/domain/site.
Thanks for the good Idea on the Support Tools - wish I'd had those last
week!
I think I'm in mixed mode as I have 1 NT4.0 Server and 3 W2K Servers. - how
do I check/change?
All my Clients are W2K Pro or XP Pro

Thanks.



"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:%23gfaljv%23EHA.2584@TK2MSFTNGP09.phx.gbl...
> DaShard!
>
> I think that you are probably correct in your thought process that it is a
> GC issue.
>
> Is your WIN2000 Active Directory environment in Native Mode or in Mixed
> Mode?
>
> Does DC01 hold all of the FSMO Roles ( there are five: two forest-wide and
> three domain-wide......Schema Master and Domain Naming Master and then the
> PDC Emulator, RID Master and Infrastructure Master )?
>
> Do you have WIN2000 and WINXP Pro clients only or do you also have some
> 'legacy' clients?
>
> If you have only one Domain / Tree / Forest then it is generally suggested
> that all Domain Controllers also be a Global Catalog Server. Now, the
> first DC will be a GC. This you know. How do you make the second and
> third DCs also Global Catalog Servers? Easy! Open up the Active
> Directory Sites and Services MMC. Go to each DC under the SERVERS folder.
> Each DC should have a child object NTDS SETTINGS. Simply right click that
> object and choose Properties. On the General tab in the lower left corner
> you will see a check box labeled Global Catalog Server. For DC02 and DC03
> this check box will not be checked. Check it! It is also probably a good
> idea to reboot each DC once you do this, so you might want to do this on
> the weekend or after hours!
>
> I might also suggest to you that you install the Support Tools on all of
> your Windows 2000 Servers, no matter what role they play ( Domain
> Controller, Member Server running Exchange, Member Server running Terminal
> Server, etc. etc. etc. ). There are some really neat tools. dcdaig,
> netdiag, nltest, repadmin, replmon and netdom are the tools that you would
> most likely use most often!
>
> If you can not script then I would suggest that you look at ADModify to
> help you when you have bulk changes to do.
>
> I would also suggest that you make use of ExMerge for any Exchange 2000
> related things that you might need. It is a great tool.
>
> You might also want to go to Joe's web site at http://www.joeware.net and
> get oldcmp and adfind ( at the very least ).
>
> You might also want to get ALTOOLS.exe ( from the MS Web Site ) and make
> use of the Account Lockout Tools. They are really nice.
>
> HTH,
>
> --
> Cary W. Shultz
> Roanoke, VA 24014
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "DaShard" <DaShard@home.com> wrote in message
> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>>I have 3 Win 2K DC's.
>>
>> Whenever the first one that was set up is being rebooted or maintained
>> there appears to be very little resolutions on the rest of the network.
>> People can't login easily and the dead giveaway is that nothing happens
>> when you click the domain name in net neighborhood.
>>
>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
>> like.... Help.
>>
>> What do I need to do to make my 2nd and 3rd DC act like one for local
>> network/domain resolutions.....
>>
>> thanks
>>
>
>
January 16, 2005 3:34:24 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
arghhhhhhhhh
35 users and computers + 5 Swervers....

Is it or is it not a good idea to have the secondary or tertiary DNS servers
as the ISP or should the resolvers all be inside and only forwarded out?

I always think that if the DNS server 'breaks' then the client goes straight
out the router for web resolution and never notices the downed server -
maybe!

Thanks...

"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
> Forgot in my first response:
>
> Is DC01 the only DNS Server in your environment? If it is you might want
> to look at making either DC02 or DC03 ( or maybe both ) DNS Servers.
> Also, look at making DNS Active Directory Integrated DNS ( aka Dynamic DNS
> or DDNS ). DO not forget to update DHCP if you add additional DNS Servers
> so that your clients will have the updated information ( assuming that you
> use DHCP ).
>
> How many user account objects are in your environment? And how many
> computer account objects? And I am assuming ( always a bad thing to do )
> that you have one physical location and that you have properly created the
> Subnet(s) and associated it/them with the correct Site? You would do this
> in the Active Directory Sites and Services MMC.
>
> --
> Cary W. Shultz
> Roanoke, VA 24014
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "DaShard" <DaShard@home.com> wrote in message
> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>>I have 3 Win 2K DC's.
>>
>> Whenever the first one that was set up is being rebooted or maintained
>> there appears to be very little resolutions on the rest of the network.
>> People can't login easily and the dead giveaway is that nothing happens
>> when you click the domain name in net neighborhood.
>>
>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
>> like.... Help.
>>
>> What do I need to do to make my 2nd and 3rd DC act like one for local
>> network/domain resolutions.....
>>
>> thanks
>>
>
>
Anonymous
January 16, 2005 9:26:09 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Michael,

Only if that WINNT 4.0 Server is a Backup Domain Controller are we
interested in remaining Mixed Mode. Well, essentially.

Open up the Active Directory Users and Computers MMC and right click
'yourdomain.com' and select Properties. You will see on the General tab
either Mixed Mode or Native Mode in the Domain Operation Mode. If it is in
Mixed Mode you would see a button to change it to Native Mode. If it is in
Native Mode already then there will be no button as the switch from Mixed
Mode to Native Mode is a one-way, one-time thing.

Is that WINNT 4.0 Server a Backup Domain Controller?

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Michael" <DaShard@home.com> wrote in message
news:%23rbOzW6%23EHA.4092@TK2MSFTNGP09.phx.gbl...
> Cary, thanks. OK I made my DC02 and DC03 GC's as per your grand
> suggestion. I have one location/domain/site.
> Thanks for the good Idea on the Support Tools - wish I'd had those last
> week!
> I think I'm in mixed mode as I have 1 NT4.0 Server and 3 W2K Servers. -
> how do I check/change?
> All my Clients are W2K Pro or XP Pro
>
> Thanks.
>
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:%23gfaljv%23EHA.2584@TK2MSFTNGP09.phx.gbl...
>> DaShard!
>>
>> I think that you are probably correct in your thought process that it is
>> a GC issue.
>>
>> Is your WIN2000 Active Directory environment in Native Mode or in Mixed
>> Mode?
>>
>> Does DC01 hold all of the FSMO Roles ( there are five: two forest-wide
>> and three domain-wide......Schema Master and Domain Naming Master and
>> then the PDC Emulator, RID Master and Infrastructure Master )?
>>
>> Do you have WIN2000 and WINXP Pro clients only or do you also have some
>> 'legacy' clients?
>>
>> If you have only one Domain / Tree / Forest then it is generally
>> suggested that all Domain Controllers also be a Global Catalog Server.
>> Now, the first DC will be a GC. This you know. How do you make the
>> second and third DCs also Global Catalog Servers? Easy! Open up the
>> Active Directory Sites and Services MMC. Go to each DC under the SERVERS
>> folder. Each DC should have a child object NTDS SETTINGS. Simply right
>> click that object and choose Properties. On the General tab in the lower
>> left corner you will see a check box labeled Global Catalog Server. For
>> DC02 and DC03 this check box will not be checked. Check it! It is also
>> probably a good idea to reboot each DC once you do this, so you might
>> want to do this on the weekend or after hours!
>>
>> I might also suggest to you that you install the Support Tools on all of
>> your Windows 2000 Servers, no matter what role they play ( Domain
>> Controller, Member Server running Exchange, Member Server running
>> Terminal Server, etc. etc. etc. ). There are some really neat tools.
>> dcdaig, netdiag, nltest, repadmin, replmon and netdom are the tools that
>> you would most likely use most often!
>>
>> If you can not script then I would suggest that you look at ADModify to
>> help you when you have bulk changes to do.
>>
>> I would also suggest that you make use of ExMerge for any Exchange 2000
>> related things that you might need. It is a great tool.
>>
>> You might also want to go to Joe's web site at http://www.joeware.net and
>> get oldcmp and adfind ( at the very least ).
>>
>> You might also want to get ALTOOLS.exe ( from the MS Web Site ) and make
>> use of the Account Lockout Tools. They are really nice.
>>
>> HTH,
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24014
>> Microsoft Active Directory MVP
>>
>> http://www.activedirectory-win2000.com
>> http://www.grouppolicy-win2000.com
>>
>>
>>
>> "DaShard" <DaShard@home.com> wrote in message
>> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>>>I have 3 Win 2K DC's.
>>>
>>> Whenever the first one that was set up is being rebooted or maintained
>>> there appears to be very little resolutions on the rest of the network.
>>> People can't login easily and the dead giveaway is that nothing happens
>>> when you click the domain name in net neighborhood.
>>>
>>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
>>> like.... Help.
>>>
>>> What do I need to do to make my 2nd and 3rd DC act like one for local
>>> network/domain resolutions.....
>>>
>>> thanks
>>>
>>
>>
>
>
Anonymous
January 16, 2005 9:33:55 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Michael,

Only 35 users and three Domain Controllers. This is a bit excessive! It is
always a good idea to have two Domain Controllers. I am not sure that you
need the third one. But if you have it.....

NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER
NEVER NEVER NEVER
use any DNS Server other that your internal DNS Server(s). This is a
horrible idea and will cause all sorts of problems. Sorry, but your
thinking is completely off base here. ;-)

You only want your clients to know about your internal DNS Servers as they
will need then for, among other things, the SRV records. These are all
important records in your DNS' Forward Lookup Zone. You will want to
include at least two of the three DNS Servers in your Options in DHCP ( why
not use all three? ) so that your clients will always have the DNS Servers
information. The only place that your ISP's DNS Server information belongs
is in the Forwarding tab......

Please take a look at the following two MSKB Articles that explain how both
WIN2000 and WINXP Pro systems locate things:

http://support.microsoft.com/?id=247811
http://support.microsoft.com/?id=314861

It is imperative that you do not include your ISP's DNS information in the
Options in DHCP. Your clients will have a lot of problems with a lot of
things ( GPOs for one... ).

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Michael" <DaShard@home.com> wrote in message
news:o QxZ1Y6%23EHA.1296@TK2MSFTNGP10.phx.gbl...
> All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
> arghhhhhhhhh
> 35 users and computers + 5 Swervers....
>
> Is it or is it not a good idea to have the secondary or tertiary DNS
> servers as the ISP or should the resolvers all be inside and only
> forwarded out?
>
> I always think that if the DNS server 'breaks' then the client goes
> straight out the router for web resolution and never notices the downed
> server - maybe!
>
> Thanks...
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
>> Forgot in my first response:
>>
>> Is DC01 the only DNS Server in your environment? If it is you might want
>> to look at making either DC02 or DC03 ( or maybe both ) DNS Servers.
>> Also, look at making DNS Active Directory Integrated DNS ( aka Dynamic
>> DNS or DDNS ). DO not forget to update DHCP if you add additional DNS
>> Servers so that your clients will have the updated information ( assuming
>> that you use DHCP ).
>>
>> How many user account objects are in your environment? And how many
>> computer account objects? And I am assuming ( always a bad thing to do )
>> that you have one physical location and that you have properly created
>> the Subnet(s) and associated it/them with the correct Site? You would do
>> this in the Active Directory Sites and Services MMC.
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24014
>> Microsoft Active Directory MVP
>>
>> http://www.activedirectory-win2000.com
>> http://www.grouppolicy-win2000.com
>>
>>
>>
>> "DaShard" <DaShard@home.com> wrote in message
>> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>>>I have 3 Win 2K DC's.
>>>
>>> Whenever the first one that was set up is being rebooted or maintained
>>> there appears to be very little resolutions on the rest of the network.
>>> People can't login easily and the dead giveaway is that nothing happens
>>> when you click the domain name in net neighborhood.
>>>
>>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
>>> like.... Help.
>>>
>>> What do I need to do to make my 2nd and 3rd DC act like one for local
>>> network/domain resolutions.....
>>>
>>> thanks
>>>
>>
>>
>
>
January 16, 2005 1:16:42 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

My thinking's sometimes a bit off base in other areas too!!!

I knew I could go straight to 'the Top' in this forum...

Thanks for all you Help - I've got it all now.......

"Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:%239QvG97%23EHA.2104@TK2MSFTNGP14.phx.gbl...
> Michael,
>
> Only 35 users and three Domain Controllers. This is a bit excessive! It
> is always a good idea to have two Domain Controllers. I am not sure that
> you need the third one. But if you have it.....
>
> NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER
> NEVER NEVER NEVER
> use any DNS Server other that your internal DNS Server(s). This is a
> horrible idea and will cause all sorts of problems. Sorry, but your
> thinking is completely off base here. ;-)
>
> You only want your clients to know about your internal DNS Servers as they
> will need then for, among other things, the SRV records. These are all
> important records in your DNS' Forward Lookup Zone. You will want to
> include at least two of the three DNS Servers in your Options in DHCP (
> why not use all three? ) so that your clients will always have the DNS
> Servers information. The only place that your ISP's DNS Server
> information belongs is in the Forwarding tab......
>
> Please take a look at the following two MSKB Articles that explain how
> both WIN2000 and WINXP Pro systems locate things:
>
> http://support.microsoft.com/?id=247811
> http://support.microsoft.com/?id=314861
>
> It is imperative that you do not include your ISP's DNS information in the
> Options in DHCP. Your clients will have a lot of problems with a lot of
> things ( GPOs for one... ).
>
> --
> Cary W. Shultz
> Roanoke, VA 24014
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Michael" <DaShard@home.com> wrote in message
> news:o QxZ1Y6%23EHA.1296@TK2MSFTNGP10.phx.gbl...
>> All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
>> arghhhhhhhhh
>> 35 users and computers + 5 Swervers....
>>
>> Is it or is it not a good idea to have the secondary or tertiary DNS
>> servers as the ISP or should the resolvers all be inside and only
>> forwarded out?
>>
>> I always think that if the DNS server 'breaks' then the client goes
>> straight out the router for web resolution and never notices the downed
>> server - maybe!
>>
>> Thanks...
>>
>> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
>> news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
>>> Forgot in my first response:
>>>
>>> Is DC01 the only DNS Server in your environment? If it is you might
>>> want to look at making either DC02 or DC03 ( or maybe both ) DNS
>>> Servers. Also, look at making DNS Active Directory Integrated DNS ( aka
>>> Dynamic DNS or DDNS ). DO not forget to update DHCP if you add
>>> additional DNS Servers so that your clients will have the updated
>>> information ( assuming that you use DHCP ).
>>>
>>> How many user account objects are in your environment? And how many
>>> computer account objects? And I am assuming ( always a bad thing to
>>> do ) that you have one physical location and that you have properly
>>> created the Subnet(s) and associated it/them with the correct Site? You
>>> would do this in the Active Directory Sites and Services MMC.
>>>
>>> --
>>> Cary W. Shultz
>>> Roanoke, VA 24014
>>> Microsoft Active Directory MVP
>>>
>>> http://www.activedirectory-win2000.com
>>> http://www.grouppolicy-win2000.com
>>>
>>>
>>>
>>> "DaShard" <DaShard@home.com> wrote in message
>>> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>>>>I have 3 Win 2K DC's.
>>>>
>>>> Whenever the first one that was set up is being rebooted or maintained
>>>> there appears to be very little resolutions on the rest of the network.
>>>> People can't login easily and the dead giveaway is that nothing happens
>>>> when you click the domain name in net neighborhood.
>>>>
>>>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
>>>> like.... Help.
>>>>
>>>> What do I need to do to make my 2nd and 3rd DC act like one for local
>>>> network/domain resolutions.....
>>>>
>>>> thanks
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
January 16, 2005 9:26:19 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Michael,

All of our thinking is way off base at times. The important thing is that
you ask so that things do not get out of hand.

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Michael" <DaShard@home.com> wrote in message
news:ubKrPe$%23EHA.1264@TK2MSFTNGP12.phx.gbl...
> My thinking's sometimes a bit off base in other areas too!!!
>
> I knew I could go straight to 'the Top' in this forum...
>
> Thanks for all you Help - I've got it all now.......
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:%239QvG97%23EHA.2104@TK2MSFTNGP14.phx.gbl...
>> Michael,
>>
>> Only 35 users and three Domain Controllers. This is a bit excessive! It
>> is always a good idea to have two Domain Controllers. I am not sure that
>> you need the third one. But if you have it.....
>>
>> NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER
>> NEVER NEVER NEVER
>> use any DNS Server other that your internal DNS Server(s). This is a
>> horrible idea and will cause all sorts of problems. Sorry, but your
>> thinking is completely off base here. ;-)
>>
>> You only want your clients to know about your internal DNS Servers as
>> they will need then for, among other things, the SRV records. These are
>> all important records in your DNS' Forward Lookup Zone. You will want to
>> include at least two of the three DNS Servers in your Options in DHCP (
>> why not use all three? ) so that your clients will always have the DNS
>> Servers information. The only place that your ISP's DNS Server
>> information belongs is in the Forwarding tab......
>>
>> Please take a look at the following two MSKB Articles that explain how
>> both WIN2000 and WINXP Pro systems locate things:
>>
>> http://support.microsoft.com/?id=247811
>> http://support.microsoft.com/?id=314861
>>
>> It is imperative that you do not include your ISP's DNS information in
>> the Options in DHCP. Your clients will have a lot of problems with a lot
>> of things ( GPOs for one... ).
>>
>> --
>> Cary W. Shultz
>> Roanoke, VA 24014
>> Microsoft Active Directory MVP
>>
>> http://www.activedirectory-win2000.com
>> http://www.grouppolicy-win2000.com
>>
>>
>>
>> "Michael" <DaShard@home.com> wrote in message
>> news:o QxZ1Y6%23EHA.1296@TK2MSFTNGP10.phx.gbl...
>>> All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
>>> arghhhhhhhhh
>>> 35 users and computers + 5 Swervers....
>>>
>>> Is it or is it not a good idea to have the secondary or tertiary DNS
>>> servers as the ISP or should the resolvers all be inside and only
>>> forwarded out?
>>>
>>> I always think that if the DNS server 'breaks' then the client goes
>>> straight out the router for web resolution and never notices the downed
>>> server - maybe!
>>>
>>> Thanks...
>>>
>>> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
>>> news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
>>>> Forgot in my first response:
>>>>
>>>> Is DC01 the only DNS Server in your environment? If it is you might
>>>> want to look at making either DC02 or DC03 ( or maybe both ) DNS
>>>> Servers. Also, look at making DNS Active Directory Integrated DNS ( aka
>>>> Dynamic DNS or DDNS ). DO not forget to update DHCP if you add
>>>> additional DNS Servers so that your clients will have the updated
>>>> information ( assuming that you use DHCP ).
>>>>
>>>> How many user account objects are in your environment? And how many
>>>> computer account objects? And I am assuming ( always a bad thing to
>>>> do ) that you have one physical location and that you have properly
>>>> created the Subnet(s) and associated it/them with the correct Site?
>>>> You would do this in the Active Directory Sites and Services MMC.
>>>>
>>>> --
>>>> Cary W. Shultz
>>>> Roanoke, VA 24014
>>>> Microsoft Active Directory MVP
>>>>
>>>> http://www.activedirectory-win2000.com
>>>> http://www.grouppolicy-win2000.com
>>>>
>>>>
>>>>
>>>> "DaShard" <DaShard@home.com> wrote in message
>>>> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
>>>>>I have 3 Win 2K DC's.
>>>>>
>>>>> Whenever the first one that was set up is being rebooted or maintained
>>>>> there appears to be very little resolutions on the rest of the
>>>>> network. People can't login easily and the dead giveaway is that
>>>>> nothing happens when you click the domain name in net neighborhood.
>>>>>
>>>>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
>>>>> like.... Help.
>>>>>
>>>>> What do I need to do to make my 2nd and 3rd DC act like one for local
>>>>> network/domain resolutions.....
>>>>>
>>>>> thanks
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
!