Sounding out proposed AD DNS config

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I'd just like to run this by some of you fine people that have been working
with AD *and* DNS. I'd like some feedback on whether anyone can see any
issues with this setup.

We currently have an NT4 domain that we're about to do an in-place upgrade
to Server 2003. All clients are XP clients and reside in this NT4 domain. We
have another AD 2000 domain that hosts 2 DNS servers that all XP clients use
for DNS.

We will upgrade this NT4 domain, install DNS and AD and integrate the DNS
info into AD. We have 2 domain controllers. We will configure the DNS
servers in the 2000 AD domain with secondary zone records for the account
domain the XP workstations live in.

We've tested this setup in a lab, and it seems to work. Can anyone see any
problems with this? Perhaps a problem with dynamic dns updates? A penny for
your thoughts.

Thanks

Rowley

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:epCum5xwEHA.2600@TK2MSFTNGP09.phx.gbl,
news.microsoft.com <r@r.abc> made a post then I commented below
> I'd just like to run this by some of you fine people that have been
> working with AD *and* DNS. I'd like some feedback on whether anyone
> can see any issues with this setup.
>
> We currently have an NT4 domain that we're about to do an in-place
> upgrade to Server 2003. All clients are XP clients and reside in this
> NT4 domain. We have another AD 2000 domain that hosts 2 DNS servers
> that all XP clients use for DNS.
>
> We will upgrade this NT4 domain, install DNS and AD and integrate the
> DNS info into AD. We have 2 domain controllers. We will configure the
> DNS servers in the 2000 AD domain with secondary zone records for the
> account domain the XP workstations live in.
>
> We've tested this setup in a lab, and it seems to work. Can anyone
> see any problems with this? Perhaps a problem with dynamic dns
> updates? A penny for your thoughts.
>
> Thanks
>
> Rowley

The NT4 domain you are upgrading, will it be a child domain or a new tree
under the current AD domain that exists or a completely separate Forest?
That makes a big bearing on your proposal.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

It will be a new tree. The other AD domain will be decommissioned soon after
the upgrade.

R

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23KT9Qv4wEHA.1976@TK2MSFTNGP09.phx.gbl...
> In news:epCum5xwEHA.2600@TK2MSFTNGP09.phx.gbl,
> news.microsoft.com <r@r.abc> made a post then I commented below
> > I'd just like to run this by some of you fine people that have been
> > working with AD *and* DNS. I'd like some feedback on whether anyone
> > can see any issues with this setup.
> >
> > We currently have an NT4 domain that we're about to do an in-place
> > upgrade to Server 2003. All clients are XP clients and reside in this
> > NT4 domain. We have another AD 2000 domain that hosts 2 DNS servers
> > that all XP clients use for DNS.
> >
> > We will upgrade this NT4 domain, install DNS and AD and integrate the
> > DNS info into AD. We have 2 domain controllers. We will configure the
> > DNS servers in the 2000 AD domain with secondary zone records for the
> > account domain the XP workstations live in.
> >
> > We've tested this setup in a lab, and it seems to work. Can anyone
> > see any problems with this? Perhaps a problem with dynamic dns
> > updates? A penny for your thoughts.
> >
> > Thanks
> >
> > Rowley
>
> The NT4 domain you are upgrading, will it be a child domain or a new tree
> under the current AD domain that exists or a completely separate Forest?
> That makes a big bearing on your proposal.
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:u%23jlYh%23wEHA.2196@TK2MSFTNGP14.phx.gbl,
news.microsoft.com <r@r.abc> made a post then I commented below
> It will be a new tree. The other AD domain will be decommissioned
> soon after the upgrade.
>

If it's a new tree in the current (existing) forest, then the new DC that
will be created in the new tree needs to use the existing DNS server in the
existing Forest root domain in order to establish contact and find the
current resources and services. Once you get the new tree up and going,
please be aware the Forest Roles need to be transferred to the new DCs in
the new tree.

Any reason you need a new tree in your existing forest? If you are migrating
the users into it, it may be prudent to establish a new domain in a new tree
in a brand new forest.

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:u%23jlYh%23wEHA.2196@TK2MSFTNGP14.phx.gbl,
news.microsoft.com <r@r.abc> made a post then I commented below
> It will be a new tree. The other AD domain will be decommissioned
> soon after the upgrade.
>
> R

In addition, the GC roles need to be moved over.

How about this, install a pristine new Forest, use the ADMT tool to migrate
your users, computers, groups, and other resources, into the new domain.
Using SID History, ADMT will create the new user accounts keeping the old
SID so they can access the old domain's resources until it's decommissioned.
ADMT will, in conjunction with the SID HIstory, translate security on the
client machines so the new user accounts will be able to use their old
profiles.

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks for your input Ace.

My mistake, still getting used to the lingo - we are installing a new forest
by upgrading our existing NT4 account domain.

Yep, we would've loved a pristine forest, unfortunately our department
hasn't the time or resources to make this happen, hence the upgrade. The
existing forest is there purely because we purchased a product, had it
running in our NT4 environment for a while then discovered it was much
easier to manage with AD, so we created this forest for this purpose only
and established some trusts. It will shortly be decommisioned. Clients that
use the DNS on these servers are not members of any domain in this forest,
they purely use it to resolve local and www dns zones.

We did the upgrade in the early hours of yesterday am. We upgraded our PDC,
installed DNS and AD and then XFER'd the domain as a secondary to our
existing DNS servers which were located in our existing (and temporary) AD
environment. This seems to be working rather well, with no apparent issues,
clients are logging on without issue; we are also getting correct dynamic
registration of client DNS records too which is nice. It appears that
clients only try to register dynamically with the nameservers listed in the
SOA and no others.

So far so good. We can now take our time removing this AD resource domain
and bringing the services into our recently upgraded forest.

Regards

Rowley



"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:OHt76LBxEHA.1300@TK2MSFTNGP14.phx.gbl...
> In news:u%23jlYh%23wEHA.2196@TK2MSFTNGP14.phx.gbl,
> news.microsoft.com <r@r.abc> made a post then I commented below
> > It will be a new tree. The other AD domain will be decommissioned
> > soon after the upgrade.
> >
> > R
>
> In addition, the GC roles need to be moved over.
>
> How about this, install a pristine new Forest, use the ADMT tool to
migrate
> your users, computers, groups, and other resources, into the new domain.
> Using SID History, ADMT will create the new user accounts keeping the old
> SID so they can access the old domain's resources until it's
decommissioned.
> ADMT will, in conjunction with the SID HIstory, translate security on the
> client machines so the new user accounts will be able to use their old
> profiles.
>
> Ace
>
>