Sign in with
Sign up | Sign in
Your question

Setup a new 2003 DNS in a mixed mode of 2000 and NT4

Tags:
  • Windows Server 2003
  • Domain Controller
  • DNS
  • Servers
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
December 8, 2004 9:03:03 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi, I'm setting up a new Domain Controller, the first Windows 2003 Enterprise
server. I want to load DNS on this machine, we believe that their maybe
issues with the current DNS, so we are trying to build it fresh. But won't I
inherit the same issues if I install this new server in the domain as a DC
with AD and DNS and install a secondary zone. If I install 2ndary zone will I
be able to convert it to primary later? Point being what is the best way to
put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
will it mess anything up? Please help. Thanks!!

More about : setup 2003 dns mixed mode 2000 nt4

Anonymous
December 8, 2004 11:22:19 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

FYI: Mixed mode is not a DNS issue.

Also "mixed mode" is a technical term that ONLY refers
to the AD and the Domain Controllers -- it has practically
nothing to do with client machines that run older operating
systems, or even with servers which are not DCs.

Mixed mode means you have NT BDCs in your domain (or
at least still have the option to install such) and native mode
both removes that option and increases the capabilities or
features of AD.

"PBJ" <PBJ@discussions.microsoft.com> wrote in message
news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com...
> Hi, I'm setting up a new Domain Controller, the first Windows 2003
Enterprise
> server. I want to load DNS on this machine, we believe that their maybe
> issues with the current DNS, so we are trying to build it fresh.

?

DNS is not that complicated so unless there is some
other reason, it usually makes more sense to just fix
the configuration errors.

> But won't I
> inherit the same issues if I install this new server in the domain as a DC
> with AD and DNS and install a secondary zone.

Well, you will be copying the zone from another (the other) DNS
so you will be copying the good and the bad from the master.

Secondary DNS servers:
Secondary DNS servers (for a zone) copy the zone (all of the
resource records) from another DNS server that holds that
same zone.

> If I install 2ndary zone will I
> be able to convert it to primary later?

Yes, it's trivial in the GUI.

> Point being what is the best way to
> put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
> will it mess anything up? Please help. Thanks!!

Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
to become the first DC.

It will ask you if you need a DNS server if it cannot find your
existing DNS server. This MUST be a dynamic Zone.


General DNS setup for AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC.

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Anonymous
December 8, 2004 11:29:06 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

> > Point being what is the best way to
> > put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
> > will it mess anything up? Please help. Thanks!!
>
> Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
> to become the first DC.

If I say it is the first DC, what will happen to all my AD users, groups and
group policy stuff?
Related resources
Anonymous
December 8, 2004 12:37:04 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
PBJ <PBJ@discussions.microsoft.com> commented
Then Kevin replied below:
> Hi, I'm setting up a new Domain Controller, the first
> Windows 2003 Enterprise server. I want to load DNS on
> this machine, we believe that their maybe issues with the
> current DNS, so we are trying to build it fresh. But
> won't I inherit the same issues if I install this new
> server in the domain as a DC with AD and DNS and install
> a secondary zone. If I install 2ndary zone will I be able
> to convert it to primary later? Point being what is the
> best way to put up the 1st 2003 Enterprise server with
> DNS in a mixed mode network and will it mess anything up?
> Please help. Thanks!!

What are the issues you are having?
Is it really a DNS issue, or is it an AD domain name issue?

Because you are correct, if the issue is caused by the AD domain name, then
you will still have the issue. It would help if you would say what the
issues are and what you are trying to achieve.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
December 8, 2004 1:59:10 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
are connected to us via T1 but on a different subnet. Here on site we have a
mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
a trust between these 2 domains. They are 2 totally different domains and not
a child domain. We've looked at the firewall settings to make sure all
particular ports that need to be used between the 2 networks are. At one
point we were able to see their domain and we don't know how we all of a
sudden lost it.
Is this DNS related or what else can we look at? Thanks.

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
> PBJ <PBJ@discussions.microsoft.com> commented
> Then Kevin replied below:
> > Hi, I'm setting up a new Domain Controller, the first
> > Windows 2003 Enterprise server. I want to load DNS on
> > this machine, we believe that their maybe issues with the
> > current DNS, so we are trying to build it fresh. But
> > won't I inherit the same issues if I install this new
> > server in the domain as a DC with AD and DNS and install
> > a secondary zone. If I install 2ndary zone will I be able
> > to convert it to primary later? Point being what is the
> > best way to put up the 1st 2003 Enterprise server with
> > DNS in a mixed mode network and will it mess anything up?
> > Please help. Thanks!!
>
> What are the issues you are having?
> Is it really a DNS issue, or is it an AD domain name issue?
>
> Because you are correct, if the issue is caused by the AD domain name, then
> you will still have the issue. It would help if you would say what the
> issues are and what you are trying to achieve.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
Anonymous
December 8, 2004 7:42:36 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:3BA31506-D8C1-4FA4-AE6C-8340C7D36115@microsoft.com,
PBJ <PBJ@discussions.microsoft.com> commented
Then Kevin replied below:
> THanks Kevin, the issue is that we have a Windows 2000
> Domain offsite they are connected to us via T1 but on a
> different subnet. Here on site we have a mixed mode
> domain, we have 2 Win 2000DC's plus NT4 servers. We
> cannot create a trust between these 2 domains. They are 2
> totally different domains and not a child domain. We've
> looked at the firewall settings to make sure all
> particular ports that need to be used between the 2
> networks are. At one point we were able to see their
> domain and we don't know how we all of a sudden lost it.
> Is this DNS related or what else can we look at? Thanks.


When you say "See" do you mean as in Network Places?
Are you using WINS?

Instead of opening ports in the firewall between these Networks configure a
VPN connection between them. This way the only port you need open in the
firewall is the VPN port.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
December 9, 2004 12:36:12 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Wed, 8 Dec 2004 08:29:06 -0800, PBJ <PBJ@discussions.microsoft.com>
wrote:

>
>> > Point being what is the best way to
>> > put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
>> > will it mess anything up? Please help. Thanks!!
>>
>> Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
>> to become the first DC.
>
>If I say it is the first DC, what will happen to all my AD users, groups and
>group policy stuff?

If it's the first DC it can't be in the same domain as the existing
DC's (or PDC on a NT domain). It would be a new domain. That means
it doesn't get any users or groups or anything until you either add
them or migrate them using ADMT.

These aren't DNS issues, these are domain and networking issues, and
something you need to straighten out before you even think about DNS.

Jeff
Anonymous
December 9, 2004 12:41:45 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Wed, 8 Dec 2004 06:03:03 -0800, PBJ <PBJ@discussions.microsoft.com>
wrote:

>Hi, I'm setting up a new Domain Controller, the first Windows 2003 Enterprise
>server. I want to load DNS on this machine, we believe that their maybe
>issues with the current DNS, so we are trying to build it fresh.

Fix your "issues" first, then add a new DC. Unless you're moving to a
brand new domain, you can't "fix" DNS by adding a new DC with AD
integrated DNS.

>But won't I
>inherit the same issues if I install this new server in the domain as a DC
>with AD and DNS and install a secondary zone.

If it's a DC in a new domain, then you inherit nothing. The secondary
zone won't be AD integrated, so it too can't have issues. And if
you're just adding a DC to the domain in AD integrated, why are you
dealing with a secondary?

> If I install 2ndary zone will I
>be able to convert it to primary later?

Always, and even back again.

>Point being what is the best way to
>put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
>will it mess anything up?

Mixed mode isn't a DNS issue. Do you have an Active Directory domain
currently? If not, and you're moving to one, then look at server
migration and upgrades in a server group, and don't worry about DNS at
this point. It sounds like you're very confused and concerned about
your DNS when you are facing bigger issues that you either don't
realize or don't understand.

So, do you currently have a W2K AD domain? If not, is it an NT
domain? And if you don't have AD now, is this your attempt to move to
AD?

Jeff
Anonymous
December 9, 2004 12:41:46 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

I have a Windows 2000 Active directory domain, with some NT 4 servers. Read
my reply to Kevin which tells you the issue I'm having with trust
relationships to another domain, I don't personally believe it is a DNS issue
or and AD issue. I don't know what the issue is with the trusts, my boss
believes it is a DNS issue for some reason or another.

"Jeff Cochran" wrote:

> On Wed, 8 Dec 2004 06:03:03 -0800, PBJ <PBJ@discussions.microsoft.com>
> wrote:
>
> >Hi, I'm setting up a new Domain Controller, the first Windows 2003 Enterprise
> >server. I want to load DNS on this machine, we believe that their maybe
> >issues with the current DNS, so we are trying to build it fresh.
>
> Fix your "issues" first, then add a new DC. Unless you're moving to a
> brand new domain, you can't "fix" DNS by adding a new DC with AD
> integrated DNS.
>
> >But won't I
> >inherit the same issues if I install this new server in the domain as a DC
> >with AD and DNS and install a secondary zone.
>
> If it's a DC in a new domain, then you inherit nothing. The secondary
> zone won't be AD integrated, so it too can't have issues. And if
> you're just adding a DC to the domain in AD integrated, why are you
> dealing with a secondary?
>
> > If I install 2ndary zone will I
> >be able to convert it to primary later?
>
> Always, and even back again.
>
> >Point being what is the best way to
> >put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
> >will it mess anything up?
>
> Mixed mode isn't a DNS issue. Do you have an Active Directory domain
> currently? If not, and you're moving to one, then look at server
> migration and upgrades in a server group, and don't worry about DNS at
> this point. It sounds like you're very confused and concerned about
> your DNS when you are facing bigger issues that you either don't
> realize or don't understand.
>
> So, do you currently have a W2K AD domain? If not, is it an NT
> domain? And if you don't have AD now, is this your attempt to move to
> AD?
>
> Jeff
>
Anonymous
December 9, 2004 6:45:06 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

"PBJ" <PBJ@discussions.microsoft.com> wrote in message
news:3441A131-D760-47A3-832B-084476A1CE9A@microsoft.com...
>
> > > Point being what is the best way to
> > > put up the 1st 2003 Enterprise server with DNS in a mixed mode network
and
> > > will it mess anything up? Please help. Thanks!!
> >
> > Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
> > to become the first DC.
>
> If I say it is the first DC, what will happen to all my AD users, groups
and
> group policy stuff?

If it IS THE FIRST DC, then you don't have any AD users etc.

If you have AD users you already have AD and at least one
DC.

Installing another DC will either make it an additional
(not first) DC in the existing domain, or create a new
domain which will have NO effect on the existing users etc.

It will neither harm nor help those existing users (ignoring
Forest considerations.)


--
Herb Martin
Anonymous
December 9, 2004 2:17:19 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Yes Iam talking about seeing it in network places, I can ping them by IP.
When we try to do a trust it does not see it. It says the domain cannot be
contacted and will be installed as a non-windows trust.
No, we do not have WINS, do we have to?

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> In news:3BA31506-D8C1-4FA4-AE6C-8340C7D36115@microsoft.com,
> PBJ <PBJ@discussions.microsoft.com> commented
> Then Kevin replied below:
> > THanks Kevin, the issue is that we have a Windows 2000
> > Domain offsite they are connected to us via T1 but on a
> > different subnet. Here on site we have a mixed mode
> > domain, we have 2 Win 2000DC's plus NT4 servers. We
> > cannot create a trust between these 2 domains. They are 2
> > totally different domains and not a child domain. We've
> > looked at the firewall settings to make sure all
> > particular ports that need to be used between the 2
> > networks are. At one point we were able to see their
> > domain and we don't know how we all of a sudden lost it.
> > Is this DNS related or what else can we look at? Thanks.
>
>
> When you say "See" do you mean as in Network Places?
> Are you using WINS?
>
> Instead of opening ports in the firewall between these Networks configure a
> VPN connection between them. This way the only port you need open in the
> firewall is the VPN port.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
Anonymous
December 9, 2004 5:22:17 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"PBJ" <PBJ@discussions.microsoft.com> wrote in message
news:4CBF9836-D90B-4DF3-A95D-52595854B3D7@microsoft.com...
> Yes Iam talking about seeing it in network places, I can ping them by IP.
> When we try to do a trust it does not see it. It says the domain cannot be
> contacted and will be installed as a non-windows trust.
> No, we do not have WINS, do we have to?
`

Yes...

If you have Windows on an IP network with more than
one subnet (i.e., with routers).

--
Herb Martin


>
> "Kevin D. Goodknecht Sr. [MVP]" wrote:
>
> > In news:3BA31506-D8C1-4FA4-AE6C-8340C7D36115@microsoft.com,
> > PBJ <PBJ@discussions.microsoft.com> commented
> > Then Kevin replied below:
> > > THanks Kevin, the issue is that we have a Windows 2000
> > > Domain offsite they are connected to us via T1 but on a
> > > different subnet. Here on site we have a mixed mode
> > > domain, we have 2 Win 2000DC's plus NT4 servers. We
> > > cannot create a trust between these 2 domains. They are 2
> > > totally different domains and not a child domain. We've
> > > looked at the firewall settings to make sure all
> > > particular ports that need to be used between the 2
> > > networks are. At one point we were able to see their
> > > domain and we don't know how we all of a sudden lost it.
> > > Is this DNS related or what else can we look at? Thanks.
> >
> >
> > When you say "See" do you mean as in Network Places?
> > Are you using WINS?
> >
> > Instead of opening ports in the firewall between these Networks
configure a
> > VPN connection between them. This way the only port you need open in the
> > firewall is the VPN port.
> >
> >
> > --
> > Best regards,
> > Kevin D4 Dad Goodknecht Sr. [MVP]
> > Hope This Helps
> > ===================================
> > When responding to posts, please "Reply to Group"
> > via your newsreader so that others may learn and
> > benefit from your issue, to respond directly to
> > me remove the nospam. from my email address.
> > ===================================
> > http://www.lonestaramerica.com/
> > ===================================
> > Use Outlook Express?... Get OE_Quotefix:
> > It will strip signature out and more
> > http://home.in.tum.de/~jain/software/oe-quotefix/
> > ===================================
> > Keep a back up of your OE settings and folders
> > with OEBackup:
> > http://www.oehelp.com/OEBackup/Default.aspx
> > ===================================
> >
> >
> >
Anonymous
December 9, 2004 5:24:58 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:4CBF9836-D90B-4DF3-A95D-52595854B3D7@microsoft.com,
PBJ <PBJ@discussions.microsoft.com> commented
Then Kevin replied below:
> Yes Iam talking about seeing it in network places, I can
> ping them by IP. When we try to do a trust it does not
> see it. It says the domain cannot be contacted and will
> be installed as a non-windows trust.
> No, we do not have WINS, do we have to?
WINS is the easiest IMO, WINS is less work than LMHosts. If you LMHosts then
someone is going to have to keep them current. You cannot rely on NetBIOS
Broadcasts because you have multiple subnets and NetBIOS broadcasts don't
cross routers.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
December 9, 2004 9:59:44 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
wrote:

>THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
>are connected to us via T1 but on a different subnet. Here on site we have a
>mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
>a trust between these 2 domains. They are 2 totally different domains and not
>a child domain. We've looked at the firewall settings to make sure all
>particular ports that need to be used between the 2 networks are. At one
>point we were able to see their domain and we don't know how we all of a
>sudden lost it.
>Is this DNS related or what else can we look at? Thanks.

You cannot create a trust because of a technical issue, or you cannot
create a trust because of a company policy?

Do you have valid NetBIOS name resolution for the domain controllers,
either through WINS or a properly configured LMHosts file? And are
NetBIOS ports allowed between the networks through the firewalls?

Jeff

>"Kevin D. Goodknecht Sr. [MVP]" wrote:
>
>> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
>> PBJ <PBJ@discussions.microsoft.com> commented
>> Then Kevin replied below:
>> > Hi, I'm setting up a new Domain Controller, the first
>> > Windows 2003 Enterprise server. I want to load DNS on
>> > this machine, we believe that their maybe issues with the
>> > current DNS, so we are trying to build it fresh. But
>> > won't I inherit the same issues if I install this new
>> > server in the domain as a DC with AD and DNS and install
>> > a secondary zone. If I install 2ndary zone will I be able
>> > to convert it to primary later? Point being what is the
>> > best way to put up the 1st 2003 Enterprise server with
>> > DNS in a mixed mode network and will it mess anything up?
>> > Please help. Thanks!!
>>
>> What are the issues you are having?
>> Is it really a DNS issue, or is it an AD domain name issue?
>>
>> Because you are correct, if the issue is caused by the AD domain name, then
>> you will still have the issue. It would help if you would say what the
>> issues are and what you are trying to achieve.
>>
>>
>> --
>> Best regards,
>> Kevin D4 Dad Goodknecht Sr. [MVP]
>> Hope This Helps
>> ===================================
>> When responding to posts, please "Reply to Group"
>> via your newsreader so that others may learn and
>> benefit from your issue, to respond directly to
>> me remove the nospam. from my email address.
>> ===================================
>> http://www.lonestaramerica.com/
>> ===================================
>> Use Outlook Express?... Get OE_Quotefix:
>> It will strip signature out and more
>> http://home.in.tum.de/~jain/software/oe-quotefix/
>> ===================================
>> Keep a back up of your OE settings and folders
>> with OEBackup:
>> http://www.oehelp.com/OEBackup/Default.aspx
>> ===================================
>>
>>
>>
Anonymous
December 9, 2004 9:59:45 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

We opened all of the ports that were in this TID# 179442
But I noticed from the FW logs that the NetBios broadcasts were not allowed.

"Jeff Cochran" wrote:

> On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
> wrote:
>
> >THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
> >are connected to us via T1 but on a different subnet. Here on site we have a
> >mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
> >a trust between these 2 domains. They are 2 totally different domains and not
> >a child domain. We've looked at the firewall settings to make sure all
> >particular ports that need to be used between the 2 networks are. At one
> >point we were able to see their domain and we don't know how we all of a
> >sudden lost it.
> >Is this DNS related or what else can we look at? Thanks.
>
> You cannot create a trust because of a technical issue, or you cannot
> create a trust because of a company policy?
>
> Do you have valid NetBIOS name resolution for the domain controllers,
> either through WINS or a properly configured LMHosts file? And are
> NetBIOS ports allowed between the networks through the firewalls?
>
> Jeff
>
> >"Kevin D. Goodknecht Sr. [MVP]" wrote:
> >
> >> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
> >> PBJ <PBJ@discussions.microsoft.com> commented
> >> Then Kevin replied below:
> >> > Hi, I'm setting up a new Domain Controller, the first
> >> > Windows 2003 Enterprise server. I want to load DNS on
> >> > this machine, we believe that their maybe issues with the
> >> > current DNS, so we are trying to build it fresh. But
> >> > won't I inherit the same issues if I install this new
> >> > server in the domain as a DC with AD and DNS and install
> >> > a secondary zone. If I install 2ndary zone will I be able
> >> > to convert it to primary later? Point being what is the
> >> > best way to put up the 1st 2003 Enterprise server with
> >> > DNS in a mixed mode network and will it mess anything up?
> >> > Please help. Thanks!!
> >>
> >> What are the issues you are having?
> >> Is it really a DNS issue, or is it an AD domain name issue?
> >>
> >> Because you are correct, if the issue is caused by the AD domain name, then
> >> you will still have the issue. It would help if you would say what the
> >> issues are and what you are trying to achieve.
> >>
> >>
> >> --
> >> Best regards,
> >> Kevin D4 Dad Goodknecht Sr. [MVP]
> >> Hope This Helps
> >> ===================================
> >> When responding to posts, please "Reply to Group"
> >> via your newsreader so that others may learn and
> >> benefit from your issue, to respond directly to
> >> me remove the nospam. from my email address.
> >> ===================================
> >> http://www.lonestaramerica.com/
> >> ===================================
> >> Use Outlook Express?... Get OE_Quotefix:
> >> It will strip signature out and more
> >> http://home.in.tum.de/~jain/software/oe-quotefix/
> >> ===================================
> >> Keep a back up of your OE settings and folders
> >> with OEBackup:
> >> http://www.oehelp.com/OEBackup/Default.aspx
> >> ===================================
> >>
> >>
> >>
>
>
Anonymous
December 11, 2004 5:53:56 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
wrote:

>We opened all of the ports that were in this TID# 179442
>But I noticed from the FW logs that the NetBios broadcasts were not allowed.

Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
ports for communication. NetBIOS brodcasts include broadcast
resolution of names as well as WINS broadcasts, so if you have an issu
involving the name resolution, allowing NetBIOS broadcasts through
your firewall may help. But it also sends traffic across zones that
may be unneeded, as well as containing information about your network.

Jeff

>"Jeff Cochran" wrote:
>
>> On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
>> wrote:
>>
>> >THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
>> >are connected to us via T1 but on a different subnet. Here on site we have a
>> >mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
>> >a trust between these 2 domains. They are 2 totally different domains and not
>> >a child domain. We've looked at the firewall settings to make sure all
>> >particular ports that need to be used between the 2 networks are. At one
>> >point we were able to see their domain and we don't know how we all of a
>> >sudden lost it.
>> >Is this DNS related or what else can we look at? Thanks.
>>
>> You cannot create a trust because of a technical issue, or you cannot
>> create a trust because of a company policy?
>>
>> Do you have valid NetBIOS name resolution for the domain controllers,
>> either through WINS or a properly configured LMHosts file? And are
>> NetBIOS ports allowed between the networks through the firewalls?
>>
>> Jeff
>>
>> >"Kevin D. Goodknecht Sr. [MVP]" wrote:
>> >
>> >> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
>> >> PBJ <PBJ@discussions.microsoft.com> commented
>> >> Then Kevin replied below:
>> >> > Hi, I'm setting up a new Domain Controller, the first
>> >> > Windows 2003 Enterprise server. I want to load DNS on
>> >> > this machine, we believe that their maybe issues with the
>> >> > current DNS, so we are trying to build it fresh. But
>> >> > won't I inherit the same issues if I install this new
>> >> > server in the domain as a DC with AD and DNS and install
>> >> > a secondary zone. If I install 2ndary zone will I be able
>> >> > to convert it to primary later? Point being what is the
>> >> > best way to put up the 1st 2003 Enterprise server with
>> >> > DNS in a mixed mode network and will it mess anything up?
>> >> > Please help. Thanks!!
>> >>
>> >> What are the issues you are having?
>> >> Is it really a DNS issue, or is it an AD domain name issue?
>> >>
>> >> Because you are correct, if the issue is caused by the AD domain name, then
>> >> you will still have the issue. It would help if you would say what the
>> >> issues are and what you are trying to achieve.
>> >>
>> >>
>> >> --
>> >> Best regards,
>> >> Kevin D4 Dad Goodknecht Sr. [MVP]
>> >> Hope This Helps
>> >> ===================================
>> >> When responding to posts, please "Reply to Group"
>> >> via your newsreader so that others may learn and
>> >> benefit from your issue, to respond directly to
>> >> me remove the nospam. from my email address.
>> >> ===================================
>> >> http://www.lonestaramerica.com/
>> >> ===================================
>> >> Use Outlook Express?... Get OE_Quotefix:
>> >> It will strip signature out and more
>> >> http://home.in.tum.de/~jain/software/oe-quotefix/
>> >> ===================================
>> >> Keep a back up of your OE settings and folders
>> >> with OEBackup:
>> >> http://www.oehelp.com/OEBackup/Default.aspx
>> >> ===================================
>> >>
>> >>
>> >>
>>
>>
Anonymous
December 11, 2004 5:53:57 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41c20990.1118947912@msnews.microsoft.com...
> On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
> wrote:
>
> >We opened all of the ports that were in this TID# 179442
> >But I noticed from the FW logs that the NetBios broadcasts were not
allowed.
>
> Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
> ports for communication. NetBIOS brodcasts include broadcast
> resolution of names as well as WINS broadcasts, so if you have an issu
> involving the name resolution, allowing NetBIOS broadcasts through
> your firewall may help. But it also sends traffic across zones that
> may be unneeded, as well as containing information about your network.

Almost no firewalls will pass NetBIOS broadcasts since
most firewalls are implemented on some type of ROUTER
and routers pass NO broadcasts by default.

So this is true, even of non-firewall routers within an network.

--
Herb Martin


>
> Jeff
>
> >"Jeff Cochran" wrote:
> >
> >> On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
> >> wrote:
> >>
> >> >THanks Kevin, the issue is that we have a Windows 2000 Domain offsite
they
> >> >are connected to us via T1 but on a different subnet. Here on site we
have a
> >> >mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot
create
> >> >a trust between these 2 domains. They are 2 totally different domains
and not
> >> >a child domain. We've looked at the firewall settings to make sure all
> >> >particular ports that need to be used between the 2 networks are. At
one
> >> >point we were able to see their domain and we don't know how we all of
a
> >> >sudden lost it.
> >> >Is this DNS related or what else can we look at? Thanks.
> >>
> >> You cannot create a trust because of a technical issue, or you cannot
> >> create a trust because of a company policy?
> >>
> >> Do you have valid NetBIOS name resolution for the domain controllers,
> >> either through WINS or a properly configured LMHosts file? And are
> >> NetBIOS ports allowed between the networks through the firewalls?
> >>
> >> Jeff
> >>
> >> >"Kevin D. Goodknecht Sr. [MVP]" wrote:
> >> >
> >> >> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
> >> >> PBJ <PBJ@discussions.microsoft.com> commented
> >> >> Then Kevin replied below:
> >> >> > Hi, I'm setting up a new Domain Controller, the first
> >> >> > Windows 2003 Enterprise server. I want to load DNS on
> >> >> > this machine, we believe that their maybe issues with the
> >> >> > current DNS, so we are trying to build it fresh. But
> >> >> > won't I inherit the same issues if I install this new
> >> >> > server in the domain as a DC with AD and DNS and install
> >> >> > a secondary zone. If I install 2ndary zone will I be able
> >> >> > to convert it to primary later? Point being what is the
> >> >> > best way to put up the 1st 2003 Enterprise server with
> >> >> > DNS in a mixed mode network and will it mess anything up?
> >> >> > Please help. Thanks!!
> >> >>
> >> >> What are the issues you are having?
> >> >> Is it really a DNS issue, or is it an AD domain name issue?
> >> >>
> >> >> Because you are correct, if the issue is caused by the AD domain
name, then
> >> >> you will still have the issue. It would help if you would say what
the
> >> >> issues are and what you are trying to achieve.
> >> >>
> >> >>
> >> >> --
> >> >> Best regards,
> >> >> Kevin D4 Dad Goodknecht Sr. [MVP]
> >> >> Hope This Helps
> >> >> ===================================
> >> >> When responding to posts, please "Reply to Group"
> >> >> via your newsreader so that others may learn and
> >> >> benefit from your issue, to respond directly to
> >> >> me remove the nospam. from my email address.
> >> >> ===================================
> >> >> http://www.lonestaramerica.com/
> >> >> ===================================
> >> >> Use Outlook Express?... Get OE_Quotefix:
> >> >> It will strip signature out and more
> >> >> http://home.in.tum.de/~jain/software/oe-quotefix/
> >> >> ===================================
> >> >> Keep a back up of your OE settings and folders
> >> >> with OEBackup:
> >> >> http://www.oehelp.com/OEBackup/Default.aspx
> >> >> ===================================
> >> >>
> >> >>
> >> >>
> >>
> >>
>
Anonymous
December 13, 2004 2:54:37 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Sat, 11 Dec 2004 09:56:51 -0600, "Herb Martin"
<news@LearnQuick.com> wrote:

>"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
>news:41c20990.1118947912@msnews.microsoft.com...
>> On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
>> wrote:
>>
>> >We opened all of the ports that were in this TID# 179442
>> >But I noticed from the FW logs that the NetBios broadcasts were not
>allowed.
>>
>> Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
>> ports for communication. NetBIOS brodcasts include broadcast
>> resolution of names as well as WINS broadcasts, so if you have an issu
>> involving the name resolution, allowing NetBIOS broadcasts through
>> your firewall may help. But it also sends traffic across zones that
>> may be unneeded, as well as containing information about your network.
>
>Almost no firewalls will pass NetBIOS broadcasts since
>most firewalls are implemented on some type of ROUTER
>and routers pass NO broadcasts by default.
>
>So this is true, even of non-firewall routers within an network.

Most enterprise-level firewalls allow some sort of NetBIOS broadcast
transfer. NetBIOS doesn't route, but that doesn't mean it can't be
passed by a device that routes. :) 

Jeff
Anonymous
December 13, 2004 2:54:38 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Most enterprise-level firewalls allow some sort of NetBIOS broadcast
> transfer. NetBIOS doesn't route, but that doesn't mean it can't be
> passed by a device that routes. :) 

True of many serious routers but the above is of
course why I qualified just about all of this
discussion with "by default."

Also note, that if you do this, you essentally
turn you network into a single "subnet" for
NetBIOS purposes -- technically it is a single
broadcast domain, and you will only have one
Master Browser so it will be functionally
equivalent to one net and remove the requirement
for the WINS servers.

It is also a poor (not terrible) practice to do open
such broadcasts.

--
Herb Martin


"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:41bd82a3.1281001512@msnews.microsoft.com...
> On Sat, 11 Dec 2004 09:56:51 -0600, "Herb Martin"
> <news@LearnQuick.com> wrote:
>
> >"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
> >news:41c20990.1118947912@msnews.microsoft.com...
> >> On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
> >> wrote:
> >>
> >> >We opened all of the ports that were in this TID# 179442
> >> >But I noticed from the FW logs that the NetBios broadcasts were not
> >allowed.
> >>
> >> Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
> >> ports for communication. NetBIOS brodcasts include broadcast
> >> resolution of names as well as WINS broadcasts, so if you have an issu
> >> involving the name resolution, allowing NetBIOS broadcasts through
> >> your firewall may help. But it also sends traffic across zones that
> >> may be unneeded, as well as containing information about your network.
> >
> >Almost no firewalls will pass NetBIOS broadcasts since
> >most firewalls are implemented on some type of ROUTER
> >and routers pass NO broadcasts by default.
> >
> >So this is true, even of non-firewall routers within an network.
>
> Most enterprise-level firewalls allow some sort of NetBIOS broadcast
> transfer. NetBIOS doesn't route, but that doesn't mean it can't be
> passed by a device that routes. :) 
>
> Jeff
!