Sounding out proposed AD DNS config

Archived from groups: microsoft.public.win2000.dns (More info?)

I'd just like to run this by some of you fine people that have been working
with AD *and* DNS. I'd like some feedback on whether anyone can see any
issues with this setup.

We currently have an NT4 domain that we're about to do an in-place upgrade
to Server 2003. All clients are XP clients and reside in this NT4 domain. We
have another AD 2000 domain that hosts 2 DNS servers that all XP clients use
for DNS.

We will upgrade this NT4 domain, install DNS and AD and integrate the DNS
info into AD. We have 2 domain controllers. We will configure the DNS
servers in the 2000 AD domain with secondary zone records for the account
domain the XP workstations live in.

We've tested this setup in a lab, and it seems to work. Can anyone see any
problems with this? Perhaps a problem with dynamic dns updates? A penny for
your thoughts.

Thanks

Rowley
5 answers Last reply
More about sounding proposed config
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:epCum5xwEHA.2600@TK2MSFTNGP09.phx.gbl,
    news.microsoft.com <r@r.abc> made a post then I commented below
    > I'd just like to run this by some of you fine people that have been
    > working with AD *and* DNS. I'd like some feedback on whether anyone
    > can see any issues with this setup.
    >
    > We currently have an NT4 domain that we're about to do an in-place
    > upgrade to Server 2003. All clients are XP clients and reside in this
    > NT4 domain. We have another AD 2000 domain that hosts 2 DNS servers
    > that all XP clients use for DNS.
    >
    > We will upgrade this NT4 domain, install DNS and AD and integrate the
    > DNS info into AD. We have 2 domain controllers. We will configure the
    > DNS servers in the 2000 AD domain with secondary zone records for the
    > account domain the XP workstations live in.
    >
    > We've tested this setup in a lab, and it seems to work. Can anyone
    > see any problems with this? Perhaps a problem with dynamic dns
    > updates? A penny for your thoughts.
    >
    > Thanks
    >
    > Rowley

    The NT4 domain you are upgrading, will it be a child domain or a new tree
    under the current AD domain that exists or a completely separate Forest?
    That makes a big bearing on your proposal.


    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    It will be a new tree. The other AD domain will be decommissioned soon after
    the upgrade.

    R

    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:%23KT9Qv4wEHA.1976@TK2MSFTNGP09.phx.gbl...
    > In news:epCum5xwEHA.2600@TK2MSFTNGP09.phx.gbl,
    > news.microsoft.com <r@r.abc> made a post then I commented below
    > > I'd just like to run this by some of you fine people that have been
    > > working with AD *and* DNS. I'd like some feedback on whether anyone
    > > can see any issues with this setup.
    > >
    > > We currently have an NT4 domain that we're about to do an in-place
    > > upgrade to Server 2003. All clients are XP clients and reside in this
    > > NT4 domain. We have another AD 2000 domain that hosts 2 DNS servers
    > > that all XP clients use for DNS.
    > >
    > > We will upgrade this NT4 domain, install DNS and AD and integrate the
    > > DNS info into AD. We have 2 domain controllers. We will configure the
    > > DNS servers in the 2000 AD domain with secondary zone records for the
    > > account domain the XP workstations live in.
    > >
    > > We've tested this setup in a lab, and it seems to work. Can anyone
    > > see any problems with this? Perhaps a problem with dynamic dns
    > > updates? A penny for your thoughts.
    > >
    > > Thanks
    > >
    > > Rowley
    >
    > The NT4 domain you are upgrading, will it be a child domain or a new tree
    > under the current AD domain that exists or a completely separate Forest?
    > That makes a big bearing on your proposal.
    >
    >
    > --
    > Regards,
    > Ace
    >
    > Please direct all replies ONLY to the Microsoft public newsgroups
    > so all can benefit.
    >
    > This posting is provided "AS-IS" with no warranties or guarantees
    > and confers no rights.
    >
    > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    > Microsoft Windows MVP - Windows Server - Directory Services
    >
    > Security Is Like An Onion, It Has Layers
    > HAM AND EGGS: A day's work for a chicken;
    > A lifetime commitment for a pig.
    > --
    > =================================
    >
    >
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:u%23jlYh%23wEHA.2196@TK2MSFTNGP14.phx.gbl,
    news.microsoft.com <r@r.abc> made a post then I commented below
    > It will be a new tree. The other AD domain will be decommissioned
    > soon after the upgrade.
    >

    If it's a new tree in the current (existing) forest, then the new DC that
    will be created in the new tree needs to use the existing DNS server in the
    existing Forest root domain in order to establish contact and find the
    current resources and services. Once you get the new tree up and going,
    please be aware the Forest Roles need to be transferred to the new DCs in
    the new tree.

    Any reason you need a new tree in your existing forest? If you are migrating
    the users into it, it may be prudent to establish a new domain in a new tree
    in a brand new forest.

    Ace
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:u%23jlYh%23wEHA.2196@TK2MSFTNGP14.phx.gbl,
    news.microsoft.com <r@r.abc> made a post then I commented below
    > It will be a new tree. The other AD domain will be decommissioned
    > soon after the upgrade.
    >
    > R

    In addition, the GC roles need to be moved over.

    How about this, install a pristine new Forest, use the ADMT tool to migrate
    your users, computers, groups, and other resources, into the new domain.
    Using SID History, ADMT will create the new user accounts keeping the old
    SID so they can access the old domain's resources until it's decommissioned.
    ADMT will, in conjunction with the SID HIstory, translate security on the
    client machines so the new user accounts will be able to use their old
    profiles.

    Ace
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    Thanks for your input Ace.

    My mistake, still getting used to the lingo - we are installing a new forest
    by upgrading our existing NT4 account domain.

    Yep, we would've loved a pristine forest, unfortunately our department
    hasn't the time or resources to make this happen, hence the upgrade. The
    existing forest is there purely because we purchased a product, had it
    running in our NT4 environment for a while then discovered it was much
    easier to manage with AD, so we created this forest for this purpose only
    and established some trusts. It will shortly be decommisioned. Clients that
    use the DNS on these servers are not members of any domain in this forest,
    they purely use it to resolve local and www dns zones.

    We did the upgrade in the early hours of yesterday am. We upgraded our PDC,
    installed DNS and AD and then XFER'd the domain as a secondary to our
    existing DNS servers which were located in our existing (and temporary) AD
    environment. This seems to be working rather well, with no apparent issues,
    clients are logging on without issue; we are also getting correct dynamic
    registration of client DNS records too which is nice. It appears that
    clients only try to register dynamically with the nameservers listed in the
    SOA and no others.

    So far so good. We can now take our time removing this AD resource domain
    and bringing the services into our recently upgraded forest.

    Regards

    Rowley


    "Ace Fekay [MVP]"
    <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
    message news:OHt76LBxEHA.1300@TK2MSFTNGP14.phx.gbl...
    > In news:u%23jlYh%23wEHA.2196@TK2MSFTNGP14.phx.gbl,
    > news.microsoft.com <r@r.abc> made a post then I commented below
    > > It will be a new tree. The other AD domain will be decommissioned
    > > soon after the upgrade.
    > >
    > > R
    >
    > In addition, the GC roles need to be moved over.
    >
    > How about this, install a pristine new Forest, use the ADMT tool to
    migrate
    > your users, computers, groups, and other resources, into the new domain.
    > Using SID History, ADMT will create the new user accounts keeping the old
    > SID so they can access the old domain's resources until it's
    decommissioned.
    > ADMT will, in conjunction with the SID HIstory, translate security on the
    > client machines so the new user accounts will be able to use their old
    > profiles.
    >
    > Ace
    >
    >
Ask a new question

Read More

Windows XP Domain Configuration DNS Servers Windows