Sign in with
Sign up | Sign in
Your question

Domain Controllers

Last response: in Windows 2000/NT
Share
March 3, 2005 9:23:07 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Can I have two DC controls on the same subnet same LAN but one is for
domainA.com and the other domainB.com? Will there be conflict as far as DNS
or DHCP?

More about : domain controllers

Anonymous
March 3, 2005 12:11:30 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Andre" <Andre@discussions.microsoft.com> wrote in message
news:1923FFBE-D70C-4E22-90DC-10FD73844DDD@microsoft.com...
> Can I have two DC controls on the same subnet same LAN but one is for
> domainA.com and the other domainB.com?

Sure, not an issue.

> Will there be conflict as far as DNS

Not an issue as long as each client is set to
use the DNS server which can resolve the
names it needs (or that server can resolve them
ALL which should usually be the case for
internal setups like this.)

DNS Clients use a internal DNS server which should
be able to resolve (or seek resolution) for ALL
names that client needs. (Remember, "servers" are
DNS clients TOO.)

> or DHCP?

The answer is a little more complicated here since
if two DHCP servers offer a scope to the same subnet
(broadcast domain) then they will be used randomly
by clients (usually the fastest one to answer.)

You cannot expect one DHCP server to give out
settings to the clients of one domain, that are different
from the settings for clients of another Domain* since
DHCP is not "domain" aware -- or even OS aware
so this is true of Macs, Unix, etc.

But as long as all of the clients on one subnet can
accept the same settings then this can work. Notice
the biggest problem here is likely to be DNS, first
the server to use but we can fix that by making all
servers resolve all names (as they should and was
mentioned above.)

Second is giving out DNS names or registering in
DNS for the clients which really want work for
two zones/domains. But the clients can still
register for themselves.

*There are two ways to deal with the issue of
different settings for different sets of computers:

1) Reservations

2) Class IDs

Many people have a limited understanding of
"reservations" assuming that they are ONLY for
giving out fixed IP addresses.

Reservations, however, can also be used when
you wish to give DIFFERENT options settings
to a specific machine. They are tedious to use
when you have a lot of machines that need this
though.

Thus the new (Win2000+) DHCP feature of classIDs.
Class IDs allow every machine of a certain "class"
to be given specific options settings.

There are two kinds of class: Vendor and User.
Vendor basically means "Microsoft supplied"
and User means "admin created" (by you.)

[Vendor classes are pre-existing in DHCP server,
and pre-set on each type of machine, e.g,. XP versus
Win2000 etc.]

The toughest thing about using User classes is that
each machine need to be "set" using

IPConfig /setclassID CLASSNAME

(or some equivalent)

You can walk around to each machine or your
can try to automate it.

While almost anything CAN be set from a GPO,
including this (using a script or registry entry) the
problem is that by the time the GPO is downloaded
and applied AFTER the network initiallizes (and
all DHCP settings are already applied.)

This means that while you can use a GPO to set this
it will NOT work the very first time (of course the
script can do a refresh after the /setclassID, but that
still can leave some unfinished business.)

So will it work? Sure, set a different User classid
for each domain.

(Developers: Consider making the Domain name
a Vendor class?)


--
Herb Martin
March 3, 2005 7:59:21 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb,

I am just about to embark on a domain migration and your answer below sounds
like what I also need to do regarding dns and dhcp. We will have 6 dc's in
2 AD forests, you mention 'having servers to reslove all names'. From what
I have gathered here, from the posts yourself and others that have been
kindly provided, can you run this over for me?

Original Domain:
abc.com - 3 dc's - DNS is AD intergrated, also running WINS and exchange

New Domain:
xyz.local - 3 dc's - DNS will be AD integrated, will be running WINS and
Exchange

xyz.local will soon be built, and users, groups, computers etc will be
migrated there from abc.com.......name resolution.......how could I get the
dc's in zyx.local to provide dhcp/dns/wins for abc.com to ensure a smooth
migration? I would like to have xyz.local's dns and wins absolutley 'spot
on' before any objects are migrated there. Hopefully resolving names for
abc.com and xyz.local so the transition wil be as smotth as possible.

I know it's a long question, but any help much appreciated.

TIA, Andrew

"Herb Martin" <news@LearnQuick.com> wrote in message
news:ewPcNSAIFHA.3628@TK2MSFTNGP15.phx.gbl...
> "Andre" <Andre@discussions.microsoft.com> wrote in message
> news:1923FFBE-D70C-4E22-90DC-10FD73844DDD@microsoft.com...
> > Can I have two DC controls on the same subnet same LAN but one is for
> > domainA.com and the other domainB.com?
>
> Sure, not an issue.
>
> > Will there be conflict as far as DNS
>
> Not an issue as long as each client is set to
> use the DNS server which can resolve the
> names it needs (or that server can resolve them
> ALL which should usually be the case for
> internal setups like this.)
>
> DNS Clients use a internal DNS server which should
> be able to resolve (or seek resolution) for ALL
> names that client needs. (Remember, "servers" are
> DNS clients TOO.)
>
> > or DHCP?
>
> The answer is a little more complicated here since
> if two DHCP servers offer a scope to the same subnet
> (broadcast domain) then they will be used randomly
> by clients (usually the fastest one to answer.)
>
> You cannot expect one DHCP server to give out
> settings to the clients of one domain, that are different
> from the settings for clients of another Domain* since
> DHCP is not "domain" aware -- or even OS aware
> so this is true of Macs, Unix, etc.
>
> But as long as all of the clients on one subnet can
> accept the same settings then this can work. Notice
> the biggest problem here is likely to be DNS, first
> the server to use but we can fix that by making all
> servers resolve all names (as they should and was
> mentioned above.)
>
> Second is giving out DNS names or registering in
> DNS for the clients which really want work for
> two zones/domains. But the clients can still
> register for themselves.
>
> *There are two ways to deal with the issue of
> different settings for different sets of computers:
>
> 1) Reservations
>
> 2) Class IDs
>
> Many people have a limited understanding of
> "reservations" assuming that they are ONLY for
> giving out fixed IP addresses.
>
> Reservations, however, can also be used when
> you wish to give DIFFERENT options settings
> to a specific machine. They are tedious to use
> when you have a lot of machines that need this
> though.
>
> Thus the new (Win2000+) DHCP feature of classIDs.
> Class IDs allow every machine of a certain "class"
> to be given specific options settings.
>
> There are two kinds of class: Vendor and User.
> Vendor basically means "Microsoft supplied"
> and User means "admin created" (by you.)
>
> [Vendor classes are pre-existing in DHCP server,
> and pre-set on each type of machine, e.g,. XP versus
> Win2000 etc.]
>
> The toughest thing about using User classes is that
> each machine need to be "set" using
>
> IPConfig /setclassID CLASSNAME
>
> (or some equivalent)
>
> You can walk around to each machine or your
> can try to automate it.
>
> While almost anything CAN be set from a GPO,
> including this (using a script or registry entry) the
> problem is that by the time the GPO is downloaded
> and applied AFTER the network initiallizes (and
> all DHCP settings are already applied.)
>
> This means that while you can use a GPO to set this
> it will NOT work the very first time (of course the
> script can do a refresh after the /setclassID, but that
> still can leave some unfinished business.)
>
> So will it work? Sure, set a different User classid
> for each domain.
>
> (Developers: Consider making the Domain name
> a Vendor class?)
>
>
> --
> Herb Martin
>
>
>
Related resources
Anonymous
March 3, 2005 9:21:26 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Andrew" <noone@nowhere.com> wrote in message
news:o sF6ZJBIFHA.3336@TK2MSFTNGP10.phx.gbl...
> Herb,
>
> I am just about to embark on a domain migration and your answer below
sounds
> like what I also need to do regarding dns and dhcp. We will have 6 dc's
in
> 2 AD forests, you mention 'having servers to reslove all names'. From
what
> I have gathered here, from the posts yourself and others that have been
> kindly provided, can you run this over for me?

Sure but recognize that although we (humans)
tend to think of a DNS server as being for it's
"own domain", any DNS server can hold zones
for any zone (which you control.)

That's the key to understanding serveral of the
methods.

> Original Domain:
> abc.com - 3 dc's - DNS is AD intergrated, also running WINS and exchange
>
> New Domain:
> xyz.local - 3 dc's - DNS will be AD integrated, will be running WINS and
> Exchange
>
> xyz.local will soon be built, and users, groups, computers etc will be
> migrated there from abc.com.......name resolution.......how could I get
the
> dc's in zyx.local to provide dhcp/dns/wins for abc.com to ensure a smooth
> migration?

Have (all of) the DNS servers hold both zones.
It's that simple unless the zones are huge and you
cannot afford to transfer all of that info.


> I would like to have xyz.local's dns and wins absolutley 'spot
> on' before any objects are migrated there. Hopefully resolving names for
> abc.com and xyz.local so the transition wil be as smotth as possible.
>
> I know it's a long question, but any help much appreciated.

Sorry it's such a short answer but unless you
don't "get the trick" that is all there is too it.

There are other methods if you use Win2003
DNS but they all come down to the same basic
idea: Every DNS can resolve every name (or
find another DNS which can).

1) Common root using root hints (terrible if
you must also resolve the Internet using
root hints or forwarding since this
defeats that strategy -- I can make it work
but it is a lot of hacking around.)

2) "Cross secondaries" described above.

3) "Cross stub" zones -- same idea but without
transferring all of the records (Win2003)

4) Conditional forwarding (Win2003)

#3 is only needed for "huge" zones in most cases,
only works for Win2003, and doesn't fit your
situation since you want to build all of your DNS
before you install your second Domain.

BTW, your desire to get it "all right" beforehand
is a good one but eventually you will likely want
to switch over to using AD Integrated DNS which
usually means the DCs of the SAME domain will
all (or largely) be DNS servers.

In Win2000 using AD Integrated will means the
DCs of Domain1 will be AD-integrated for the
zone supporting Domain1, AND they will be
secondaries for Domain2 (and vice versa.)

This is what I call "cross secondaries" just as
a name so we can talk about it once the principle
is understood.
March 4, 2005 12:56:36 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb - thankyou very much for your time.

I've almost got a couple of test domains ready and will try to accomplish
what you have advised below.

Thanks again, Andrew


"Herb Martin" <news@LearnQuick.com> wrote in message
news:u4zfqDFIFHA.1172@TK2MSFTNGP12.phx.gbl...
> "Andrew" <noone@nowhere.com> wrote in message
> news:o sF6ZJBIFHA.3336@TK2MSFTNGP10.phx.gbl...
> > Herb,
> >
> > I am just about to embark on a domain migration and your answer below
> sounds
> > like what I also need to do regarding dns and dhcp. We will have 6 dc's
> in
> > 2 AD forests, you mention 'having servers to reslove all names'. From
> what
> > I have gathered here, from the posts yourself and others that have been
> > kindly provided, can you run this over for me?
>
> Sure but recognize that although we (humans)
> tend to think of a DNS server as being for it's
> "own domain", any DNS server can hold zones
> for any zone (which you control.)
>
> That's the key to understanding serveral of the
> methods.
>
> > Original Domain:
> > abc.com - 3 dc's - DNS is AD intergrated, also running WINS and exchange
> >
> > New Domain:
> > xyz.local - 3 dc's - DNS will be AD integrated, will be running WINS and
> > Exchange
> >
> > xyz.local will soon be built, and users, groups, computers etc will be
> > migrated there from abc.com.......name resolution.......how could I get
> the
> > dc's in zyx.local to provide dhcp/dns/wins for abc.com to ensure a
smooth
> > migration?
>
> Have (all of) the DNS servers hold both zones.
> It's that simple unless the zones are huge and you
> cannot afford to transfer all of that info.
>
>
> > I would like to have xyz.local's dns and wins absolutley 'spot
> > on' before any objects are migrated there. Hopefully resolving names
for
> > abc.com and xyz.local so the transition wil be as smotth as possible.
> >
> > I know it's a long question, but any help much appreciated.
>
> Sorry it's such a short answer but unless you
> don't "get the trick" that is all there is too it.
>
> There are other methods if you use Win2003
> DNS but they all come down to the same basic
> idea: Every DNS can resolve every name (or
> find another DNS which can).
>
> 1) Common root using root hints (terrible if
> you must also resolve the Internet using
> root hints or forwarding since this
> defeats that strategy -- I can make it work
> but it is a lot of hacking around.)
>
> 2) "Cross secondaries" described above.
>
> 3) "Cross stub" zones -- same idea but without
> transferring all of the records (Win2003)
>
> 4) Conditional forwarding (Win2003)
>
> #3 is only needed for "huge" zones in most cases,
> only works for Win2003, and doesn't fit your
> situation since you want to build all of your DNS
> before you install your second Domain.
>
> BTW, your desire to get it "all right" beforehand
> is a good one but eventually you will likely want
> to switch over to using AD Integrated DNS which
> usually means the DCs of the SAME domain will
> all (or largely) be DNS servers.
>
> In Win2000 using AD Integrated will means the
> DCs of Domain1 will be AD-integrated for the
> zone supporting Domain1, AND they will be
> secondaries for Domain2 (and vice versa.)
>
> This is what I call "cross secondaries" just as
> a name so we can talk about it once the principle
> is understood.
>
>
>
!