2nd DC not authenticating users?

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have 3 Win 2K DC's.

Whenever the first one that was set up is being rebooted or maintained there
appears to be very little resolutions on the rest of the network. People
can't login easily and the dead giveaway is that nothing happens when you
click the domain name in net neighborhood.

I'm pretty sure it's to do wth my lack of knowledge of GC's and the like....
Help.

What do I need to do to make my 2nd and 3rd DC act like one for local
network/domain resolutions.....

thanks
8 answers Last reply
More about authenticating users
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    DaShard!

    I think that you are probably correct in your thought process that it is a
    GC issue.

    Is your WIN2000 Active Directory environment in Native Mode or in Mixed
    Mode?

    Does DC01 hold all of the FSMO Roles ( there are five: two forest-wide and
    three domain-wide......Schema Master and Domain Naming Master and then the
    PDC Emulator, RID Master and Infrastructure Master )?

    Do you have WIN2000 and WINXP Pro clients only or do you also have some
    'legacy' clients?

    If you have only one Domain / Tree / Forest then it is generally suggested
    that all Domain Controllers also be a Global Catalog Server. Now, the first
    DC will be a GC. This you know. How do you make the second and third DCs
    also Global Catalog Servers? Easy! Open up the Active Directory Sites and
    Services MMC. Go to each DC under the SERVERS folder. Each DC should have
    a child object NTDS SETTINGS. Simply right click that object and choose
    Properties. On the General tab in the lower left corner you will see a
    check box labeled Global Catalog Server. For DC02 and DC03 this check box
    will not be checked. Check it! It is also probably a good idea to reboot
    each DC once you do this, so you might want to do this on the weekend or
    after hours!

    I might also suggest to you that you install the Support Tools on all of
    your Windows 2000 Servers, no matter what role they play ( Domain
    Controller, Member Server running Exchange, Member Server running Terminal
    Server, etc. etc. etc. ). There are some really neat tools. dcdaig,
    netdiag, nltest, repadmin, replmon and netdom are the tools that you would
    most likely use most often!

    If you can not script then I would suggest that you look at ADModify to help
    you when you have bulk changes to do.

    I would also suggest that you make use of ExMerge for any Exchange 2000
    related things that you might need. It is a great tool.

    You might also want to go to Joe's web site at http://www.joeware.net and
    get oldcmp and adfind ( at the very least ).

    You might also want to get ALTOOLS.exe ( from the MS Web Site ) and make use
    of the Account Lockout Tools. They are really nice.

    HTH,

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "DaShard" <DaShard@home.com> wrote in message
    news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >I have 3 Win 2K DC's.
    >
    > Whenever the first one that was set up is being rebooted or maintained
    > there appears to be very little resolutions on the rest of the network.
    > People can't login easily and the dead giveaway is that nothing happens
    > when you click the domain name in net neighborhood.
    >
    > I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    > like.... Help.
    >
    > What do I need to do to make my 2nd and 3rd DC act like one for local
    > network/domain resolutions.....
    >
    > thanks
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Forgot in my first response:

    Is DC01 the only DNS Server in your environment? If it is you might want to
    look at making either DC02 or DC03 ( or maybe both ) DNS Servers. Also,
    look at making DNS Active Directory Integrated DNS ( aka Dynamic DNS or
    DDNS ). DO not forget to update DHCP if you add additional DNS Servers so
    that your clients will have the updated information ( assuming that you use
    DHCP ).

    How many user account objects are in your environment? And how many
    computer account objects? And I am assuming ( always a bad thing to do )
    that you have one physical location and that you have properly created the
    Subnet(s) and associated it/them with the correct Site? You would do this
    in the Active Directory Sites and Services MMC.

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "DaShard" <DaShard@home.com> wrote in message
    news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >I have 3 Win 2K DC's.
    >
    > Whenever the first one that was set up is being rebooted or maintained
    > there appears to be very little resolutions on the rest of the network.
    > People can't login easily and the dead giveaway is that nothing happens
    > when you click the domain name in net neighborhood.
    >
    > I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    > like.... Help.
    >
    > What do I need to do to make my 2nd and 3rd DC act like one for local
    > network/domain resolutions.....
    >
    > thanks
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Cary, thanks. OK I made my DC02 and DC03 GC's as per your grand suggestion.
    I have one location/domain/site.
    Thanks for the good Idea on the Support Tools - wish I'd had those last
    week!
    I think I'm in mixed mode as I have 1 NT4.0 Server and 3 W2K Servers. - how
    do I check/change?
    All my Clients are W2K Pro or XP Pro

    Thanks.


    "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    news:%23gfaljv%23EHA.2584@TK2MSFTNGP09.phx.gbl...
    > DaShard!
    >
    > I think that you are probably correct in your thought process that it is a
    > GC issue.
    >
    > Is your WIN2000 Active Directory environment in Native Mode or in Mixed
    > Mode?
    >
    > Does DC01 hold all of the FSMO Roles ( there are five: two forest-wide and
    > three domain-wide......Schema Master and Domain Naming Master and then the
    > PDC Emulator, RID Master and Infrastructure Master )?
    >
    > Do you have WIN2000 and WINXP Pro clients only or do you also have some
    > 'legacy' clients?
    >
    > If you have only one Domain / Tree / Forest then it is generally suggested
    > that all Domain Controllers also be a Global Catalog Server. Now, the
    > first DC will be a GC. This you know. How do you make the second and
    > third DCs also Global Catalog Servers? Easy! Open up the Active
    > Directory Sites and Services MMC. Go to each DC under the SERVERS folder.
    > Each DC should have a child object NTDS SETTINGS. Simply right click that
    > object and choose Properties. On the General tab in the lower left corner
    > you will see a check box labeled Global Catalog Server. For DC02 and DC03
    > this check box will not be checked. Check it! It is also probably a good
    > idea to reboot each DC once you do this, so you might want to do this on
    > the weekend or after hours!
    >
    > I might also suggest to you that you install the Support Tools on all of
    > your Windows 2000 Servers, no matter what role they play ( Domain
    > Controller, Member Server running Exchange, Member Server running Terminal
    > Server, etc. etc. etc. ). There are some really neat tools. dcdaig,
    > netdiag, nltest, repadmin, replmon and netdom are the tools that you would
    > most likely use most often!
    >
    > If you can not script then I would suggest that you look at ADModify to
    > help you when you have bulk changes to do.
    >
    > I would also suggest that you make use of ExMerge for any Exchange 2000
    > related things that you might need. It is a great tool.
    >
    > You might also want to go to Joe's web site at http://www.joeware.net and
    > get oldcmp and adfind ( at the very least ).
    >
    > You might also want to get ALTOOLS.exe ( from the MS Web Site ) and make
    > use of the Account Lockout Tools. They are really nice.
    >
    > HTH,
    >
    > --
    > Cary W. Shultz
    > Roanoke, VA 24014
    > Microsoft Active Directory MVP
    >
    > http://www.activedirectory-win2000.com
    > http://www.grouppolicy-win2000.com
    >
    >
    >
    > "DaShard" <DaShard@home.com> wrote in message
    > news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >>I have 3 Win 2K DC's.
    >>
    >> Whenever the first one that was set up is being rebooted or maintained
    >> there appears to be very little resolutions on the rest of the network.
    >> People can't login easily and the dead giveaway is that nothing happens
    >> when you click the domain name in net neighborhood.
    >>
    >> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    >> like.... Help.
    >>
    >> What do I need to do to make my 2nd and 3rd DC act like one for local
    >> network/domain resolutions.....
    >>
    >> thanks
    >>
    >
    >
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
    arghhhhhhhhh
    35 users and computers + 5 Swervers....

    Is it or is it not a good idea to have the secondary or tertiary DNS servers
    as the ISP or should the resolvers all be inside and only forwarded out?

    I always think that if the DNS server 'breaks' then the client goes straight
    out the router for web resolution and never notices the downed server -
    maybe!

    Thanks...

    "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
    > Forgot in my first response:
    >
    > Is DC01 the only DNS Server in your environment? If it is you might want
    > to look at making either DC02 or DC03 ( or maybe both ) DNS Servers.
    > Also, look at making DNS Active Directory Integrated DNS ( aka Dynamic DNS
    > or DDNS ). DO not forget to update DHCP if you add additional DNS Servers
    > so that your clients will have the updated information ( assuming that you
    > use DHCP ).
    >
    > How many user account objects are in your environment? And how many
    > computer account objects? And I am assuming ( always a bad thing to do )
    > that you have one physical location and that you have properly created the
    > Subnet(s) and associated it/them with the correct Site? You would do this
    > in the Active Directory Sites and Services MMC.
    >
    > --
    > Cary W. Shultz
    > Roanoke, VA 24014
    > Microsoft Active Directory MVP
    >
    > http://www.activedirectory-win2000.com
    > http://www.grouppolicy-win2000.com
    >
    >
    >
    > "DaShard" <DaShard@home.com> wrote in message
    > news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >>I have 3 Win 2K DC's.
    >>
    >> Whenever the first one that was set up is being rebooted or maintained
    >> there appears to be very little resolutions on the rest of the network.
    >> People can't login easily and the dead giveaway is that nothing happens
    >> when you click the domain name in net neighborhood.
    >>
    >> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    >> like.... Help.
    >>
    >> What do I need to do to make my 2nd and 3rd DC act like one for local
    >> network/domain resolutions.....
    >>
    >> thanks
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Michael,

    Only if that WINNT 4.0 Server is a Backup Domain Controller are we
    interested in remaining Mixed Mode. Well, essentially.

    Open up the Active Directory Users and Computers MMC and right click
    'yourdomain.com' and select Properties. You will see on the General tab
    either Mixed Mode or Native Mode in the Domain Operation Mode. If it is in
    Mixed Mode you would see a button to change it to Native Mode. If it is in
    Native Mode already then there will be no button as the switch from Mixed
    Mode to Native Mode is a one-way, one-time thing.

    Is that WINNT 4.0 Server a Backup Domain Controller?

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Michael" <DaShard@home.com> wrote in message
    news:%23rbOzW6%23EHA.4092@TK2MSFTNGP09.phx.gbl...
    > Cary, thanks. OK I made my DC02 and DC03 GC's as per your grand
    > suggestion. I have one location/domain/site.
    > Thanks for the good Idea on the Support Tools - wish I'd had those last
    > week!
    > I think I'm in mixed mode as I have 1 NT4.0 Server and 3 W2K Servers. -
    > how do I check/change?
    > All my Clients are W2K Pro or XP Pro
    >
    > Thanks.
    >
    >
    >
    > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    > news:%23gfaljv%23EHA.2584@TK2MSFTNGP09.phx.gbl...
    >> DaShard!
    >>
    >> I think that you are probably correct in your thought process that it is
    >> a GC issue.
    >>
    >> Is your WIN2000 Active Directory environment in Native Mode or in Mixed
    >> Mode?
    >>
    >> Does DC01 hold all of the FSMO Roles ( there are five: two forest-wide
    >> and three domain-wide......Schema Master and Domain Naming Master and
    >> then the PDC Emulator, RID Master and Infrastructure Master )?
    >>
    >> Do you have WIN2000 and WINXP Pro clients only or do you also have some
    >> 'legacy' clients?
    >>
    >> If you have only one Domain / Tree / Forest then it is generally
    >> suggested that all Domain Controllers also be a Global Catalog Server.
    >> Now, the first DC will be a GC. This you know. How do you make the
    >> second and third DCs also Global Catalog Servers? Easy! Open up the
    >> Active Directory Sites and Services MMC. Go to each DC under the SERVERS
    >> folder. Each DC should have a child object NTDS SETTINGS. Simply right
    >> click that object and choose Properties. On the General tab in the lower
    >> left corner you will see a check box labeled Global Catalog Server. For
    >> DC02 and DC03 this check box will not be checked. Check it! It is also
    >> probably a good idea to reboot each DC once you do this, so you might
    >> want to do this on the weekend or after hours!
    >>
    >> I might also suggest to you that you install the Support Tools on all of
    >> your Windows 2000 Servers, no matter what role they play ( Domain
    >> Controller, Member Server running Exchange, Member Server running
    >> Terminal Server, etc. etc. etc. ). There are some really neat tools.
    >> dcdaig, netdiag, nltest, repadmin, replmon and netdom are the tools that
    >> you would most likely use most often!
    >>
    >> If you can not script then I would suggest that you look at ADModify to
    >> help you when you have bulk changes to do.
    >>
    >> I would also suggest that you make use of ExMerge for any Exchange 2000
    >> related things that you might need. It is a great tool.
    >>
    >> You might also want to go to Joe's web site at http://www.joeware.net and
    >> get oldcmp and adfind ( at the very least ).
    >>
    >> You might also want to get ALTOOLS.exe ( from the MS Web Site ) and make
    >> use of the Account Lockout Tools. They are really nice.
    >>
    >> HTH,
    >>
    >> --
    >> Cary W. Shultz
    >> Roanoke, VA 24014
    >> Microsoft Active Directory MVP
    >>
    >> http://www.activedirectory-win2000.com
    >> http://www.grouppolicy-win2000.com
    >>
    >>
    >>
    >> "DaShard" <DaShard@home.com> wrote in message
    >> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >>>I have 3 Win 2K DC's.
    >>>
    >>> Whenever the first one that was set up is being rebooted or maintained
    >>> there appears to be very little resolutions on the rest of the network.
    >>> People can't login easily and the dead giveaway is that nothing happens
    >>> when you click the domain name in net neighborhood.
    >>>
    >>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    >>> like.... Help.
    >>>
    >>> What do I need to do to make my 2nd and 3rd DC act like one for local
    >>> network/domain resolutions.....
    >>>
    >>> thanks
    >>>
    >>
    >>
    >
    >
  6. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Michael,

    Only 35 users and three Domain Controllers. This is a bit excessive! It is
    always a good idea to have two Domain Controllers. I am not sure that you
    need the third one. But if you have it.....

    NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER
    NEVER NEVER NEVER
    use any DNS Server other that your internal DNS Server(s). This is a
    horrible idea and will cause all sorts of problems. Sorry, but your
    thinking is completely off base here. ;-)

    You only want your clients to know about your internal DNS Servers as they
    will need then for, among other things, the SRV records. These are all
    important records in your DNS' Forward Lookup Zone. You will want to
    include at least two of the three DNS Servers in your Options in DHCP ( why
    not use all three? ) so that your clients will always have the DNS Servers
    information. The only place that your ISP's DNS Server information belongs
    is in the Forwarding tab......

    Please take a look at the following two MSKB Articles that explain how both
    WIN2000 and WINXP Pro systems locate things:

    http://support.microsoft.com/?id=247811
    http://support.microsoft.com/?id=314861

    It is imperative that you do not include your ISP's DNS information in the
    Options in DHCP. Your clients will have a lot of problems with a lot of
    things ( GPOs for one... ).

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Michael" <DaShard@home.com> wrote in message
    news:OQxZ1Y6%23EHA.1296@TK2MSFTNGP10.phx.gbl...
    > All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
    > arghhhhhhhhh
    > 35 users and computers + 5 Swervers....
    >
    > Is it or is it not a good idea to have the secondary or tertiary DNS
    > servers as the ISP or should the resolvers all be inside and only
    > forwarded out?
    >
    > I always think that if the DNS server 'breaks' then the client goes
    > straight out the router for web resolution and never notices the downed
    > server - maybe!
    >
    > Thanks...
    >
    > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    > news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
    >> Forgot in my first response:
    >>
    >> Is DC01 the only DNS Server in your environment? If it is you might want
    >> to look at making either DC02 or DC03 ( or maybe both ) DNS Servers.
    >> Also, look at making DNS Active Directory Integrated DNS ( aka Dynamic
    >> DNS or DDNS ). DO not forget to update DHCP if you add additional DNS
    >> Servers so that your clients will have the updated information ( assuming
    >> that you use DHCP ).
    >>
    >> How many user account objects are in your environment? And how many
    >> computer account objects? And I am assuming ( always a bad thing to do )
    >> that you have one physical location and that you have properly created
    >> the Subnet(s) and associated it/them with the correct Site? You would do
    >> this in the Active Directory Sites and Services MMC.
    >>
    >> --
    >> Cary W. Shultz
    >> Roanoke, VA 24014
    >> Microsoft Active Directory MVP
    >>
    >> http://www.activedirectory-win2000.com
    >> http://www.grouppolicy-win2000.com
    >>
    >>
    >>
    >> "DaShard" <DaShard@home.com> wrote in message
    >> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >>>I have 3 Win 2K DC's.
    >>>
    >>> Whenever the first one that was set up is being rebooted or maintained
    >>> there appears to be very little resolutions on the rest of the network.
    >>> People can't login easily and the dead giveaway is that nothing happens
    >>> when you click the domain name in net neighborhood.
    >>>
    >>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    >>> like.... Help.
    >>>
    >>> What do I need to do to make my 2nd and 3rd DC act like one for local
    >>> network/domain resolutions.....
    >>>
    >>> thanks
    >>>
    >>
    >>
    >
    >
  7. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    My thinking's sometimes a bit off base in other areas too!!!

    I knew I could go straight to 'the Top' in this forum...

    Thanks for all you Help - I've got it all now.......

    "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    news:%239QvG97%23EHA.2104@TK2MSFTNGP14.phx.gbl...
    > Michael,
    >
    > Only 35 users and three Domain Controllers. This is a bit excessive! It
    > is always a good idea to have two Domain Controllers. I am not sure that
    > you need the third one. But if you have it.....
    >
    > NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER
    > NEVER NEVER NEVER
    > use any DNS Server other that your internal DNS Server(s). This is a
    > horrible idea and will cause all sorts of problems. Sorry, but your
    > thinking is completely off base here. ;-)
    >
    > You only want your clients to know about your internal DNS Servers as they
    > will need then for, among other things, the SRV records. These are all
    > important records in your DNS' Forward Lookup Zone. You will want to
    > include at least two of the three DNS Servers in your Options in DHCP (
    > why not use all three? ) so that your clients will always have the DNS
    > Servers information. The only place that your ISP's DNS Server
    > information belongs is in the Forwarding tab......
    >
    > Please take a look at the following two MSKB Articles that explain how
    > both WIN2000 and WINXP Pro systems locate things:
    >
    > http://support.microsoft.com/?id=247811
    > http://support.microsoft.com/?id=314861
    >
    > It is imperative that you do not include your ISP's DNS information in the
    > Options in DHCP. Your clients will have a lot of problems with a lot of
    > things ( GPOs for one... ).
    >
    > --
    > Cary W. Shultz
    > Roanoke, VA 24014
    > Microsoft Active Directory MVP
    >
    > http://www.activedirectory-win2000.com
    > http://www.grouppolicy-win2000.com
    >
    >
    >
    > "Michael" <DaShard@home.com> wrote in message
    > news:OQxZ1Y6%23EHA.1296@TK2MSFTNGP10.phx.gbl...
    >> All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
    >> arghhhhhhhhh
    >> 35 users and computers + 5 Swervers....
    >>
    >> Is it or is it not a good idea to have the secondary or tertiary DNS
    >> servers as the ISP or should the resolvers all be inside and only
    >> forwarded out?
    >>
    >> I always think that if the DNS server 'breaks' then the client goes
    >> straight out the router for web resolution and never notices the downed
    >> server - maybe!
    >>
    >> Thanks...
    >>
    >> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    >> news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
    >>> Forgot in my first response:
    >>>
    >>> Is DC01 the only DNS Server in your environment? If it is you might
    >>> want to look at making either DC02 or DC03 ( or maybe both ) DNS
    >>> Servers. Also, look at making DNS Active Directory Integrated DNS ( aka
    >>> Dynamic DNS or DDNS ). DO not forget to update DHCP if you add
    >>> additional DNS Servers so that your clients will have the updated
    >>> information ( assuming that you use DHCP ).
    >>>
    >>> How many user account objects are in your environment? And how many
    >>> computer account objects? And I am assuming ( always a bad thing to
    >>> do ) that you have one physical location and that you have properly
    >>> created the Subnet(s) and associated it/them with the correct Site? You
    >>> would do this in the Active Directory Sites and Services MMC.
    >>>
    >>> --
    >>> Cary W. Shultz
    >>> Roanoke, VA 24014
    >>> Microsoft Active Directory MVP
    >>>
    >>> http://www.activedirectory-win2000.com
    >>> http://www.grouppolicy-win2000.com
    >>>
    >>>
    >>>
    >>> "DaShard" <DaShard@home.com> wrote in message
    >>> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >>>>I have 3 Win 2K DC's.
    >>>>
    >>>> Whenever the first one that was set up is being rebooted or maintained
    >>>> there appears to be very little resolutions on the rest of the network.
    >>>> People can't login easily and the dead giveaway is that nothing happens
    >>>> when you click the domain name in net neighborhood.
    >>>>
    >>>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    >>>> like.... Help.
    >>>>
    >>>> What do I need to do to make my 2nd and 3rd DC act like one for local
    >>>> network/domain resolutions.....
    >>>>
    >>>> thanks
    >>>>
    >>>
    >>>
    >>
    >>
    >
    >
  8. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Michael,

    All of our thinking is way off base at times. The important thing is that
    you ask so that things do not get out of hand.

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "Michael" <DaShard@home.com> wrote in message
    news:ubKrPe$%23EHA.1264@TK2MSFTNGP12.phx.gbl...
    > My thinking's sometimes a bit off base in other areas too!!!
    >
    > I knew I could go straight to 'the Top' in this forum...
    >
    > Thanks for all you Help - I've got it all now.......
    >
    > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    > news:%239QvG97%23EHA.2104@TK2MSFTNGP14.phx.gbl...
    >> Michael,
    >>
    >> Only 35 users and three Domain Controllers. This is a bit excessive! It
    >> is always a good idea to have two Domain Controllers. I am not sure that
    >> you need the third one. But if you have it.....
    >>
    >> NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER NEVER
    >> NEVER NEVER NEVER
    >> use any DNS Server other that your internal DNS Server(s). This is a
    >> horrible idea and will cause all sorts of problems. Sorry, but your
    >> thinking is completely off base here. ;-)
    >>
    >> You only want your clients to know about your internal DNS Servers as
    >> they will need then for, among other things, the SRV records. These are
    >> all important records in your DNS' Forward Lookup Zone. You will want to
    >> include at least two of the three DNS Servers in your Options in DHCP (
    >> why not use all three? ) so that your clients will always have the DNS
    >> Servers information. The only place that your ISP's DNS Server
    >> information belongs is in the Forwarding tab......
    >>
    >> Please take a look at the following two MSKB Articles that explain how
    >> both WIN2000 and WINXP Pro systems locate things:
    >>
    >> http://support.microsoft.com/?id=247811
    >> http://support.microsoft.com/?id=314861
    >>
    >> It is imperative that you do not include your ISP's DNS information in
    >> the Options in DHCP. Your clients will have a lot of problems with a lot
    >> of things ( GPOs for one... ).
    >>
    >> --
    >> Cary W. Shultz
    >> Roanoke, VA 24014
    >> Microsoft Active Directory MVP
    >>
    >> http://www.activedirectory-win2000.com
    >> http://www.grouppolicy-win2000.com
    >>
    >>
    >>
    >> "Michael" <DaShard@home.com> wrote in message
    >> news:OQxZ1Y6%23EHA.1296@TK2MSFTNGP10.phx.gbl...
    >>> All 3 DC's are DNS Swervers.... yup - you know I forgot about the DHCP!
    >>> arghhhhhhhhh
    >>> 35 users and computers + 5 Swervers....
    >>>
    >>> Is it or is it not a good idea to have the secondary or tertiary DNS
    >>> servers as the ISP or should the resolvers all be inside and only
    >>> forwarded out?
    >>>
    >>> I always think that if the DNS server 'breaks' then the client goes
    >>> straight out the router for web resolution and never notices the downed
    >>> server - maybe!
    >>>
    >>> Thanks...
    >>>
    >>> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
    >>> news:uxylj6v%23EHA.3592@TK2MSFTNGP09.phx.gbl...
    >>>> Forgot in my first response:
    >>>>
    >>>> Is DC01 the only DNS Server in your environment? If it is you might
    >>>> want to look at making either DC02 or DC03 ( or maybe both ) DNS
    >>>> Servers. Also, look at making DNS Active Directory Integrated DNS ( aka
    >>>> Dynamic DNS or DDNS ). DO not forget to update DHCP if you add
    >>>> additional DNS Servers so that your clients will have the updated
    >>>> information ( assuming that you use DHCP ).
    >>>>
    >>>> How many user account objects are in your environment? And how many
    >>>> computer account objects? And I am assuming ( always a bad thing to
    >>>> do ) that you have one physical location and that you have properly
    >>>> created the Subnet(s) and associated it/them with the correct Site?
    >>>> You would do this in the Active Directory Sites and Services MMC.
    >>>>
    >>>> --
    >>>> Cary W. Shultz
    >>>> Roanoke, VA 24014
    >>>> Microsoft Active Directory MVP
    >>>>
    >>>> http://www.activedirectory-win2000.com
    >>>> http://www.grouppolicy-win2000.com
    >>>>
    >>>>
    >>>>
    >>>> "DaShard" <DaShard@home.com> wrote in message
    >>>> news:ejLA6fu%23EHA.2572@tk2msftngp13.phx.gbl...
    >>>>>I have 3 Win 2K DC's.
    >>>>>
    >>>>> Whenever the first one that was set up is being rebooted or maintained
    >>>>> there appears to be very little resolutions on the rest of the
    >>>>> network. People can't login easily and the dead giveaway is that
    >>>>> nothing happens when you click the domain name in net neighborhood.
    >>>>>
    >>>>> I'm pretty sure it's to do wth my lack of knowledge of GC's and the
    >>>>> like.... Help.
    >>>>>
    >>>>> What do I need to do to make my 2nd and 3rd DC act like one for local
    >>>>> network/domain resolutions.....
    >>>>>
    >>>>> thanks
    >>>>>
    >>>>
    >>>>
    >>>
    >>>
    >>
    >>
    >
    >
Ask a new question

Read More

Active Directory Windows