Setup a new 2003 DNS in a mixed mode of 2000 and NT4

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi, I'm setting up a new Domain Controller, the first Windows 2003 Enterprise
server. I want to load DNS on this machine, we believe that their maybe
issues with the current DNS, so we are trying to build it fresh. But won't I
inherit the same issues if I install this new server in the domain as a DC
with AD and DNS and install a secondary zone. If I install 2ndary zone will I
be able to convert it to primary later? Point being what is the best way to
put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
will it mess anything up? Please help. Thanks!!
18 answers Last reply
More about setup 2003 mixed mode 2000
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    FYI: Mixed mode is not a DNS issue.

    Also "mixed mode" is a technical term that ONLY refers
    to the AD and the Domain Controllers -- it has practically
    nothing to do with client machines that run older operating
    systems, or even with servers which are not DCs.

    Mixed mode means you have NT BDCs in your domain (or
    at least still have the option to install such) and native mode
    both removes that option and increases the capabilities or
    features of AD.

    "PBJ" <PBJ@discussions.microsoft.com> wrote in message
    news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com...
    > Hi, I'm setting up a new Domain Controller, the first Windows 2003
    Enterprise
    > server. I want to load DNS on this machine, we believe that their maybe
    > issues with the current DNS, so we are trying to build it fresh.

    ?

    DNS is not that complicated so unless there is some
    other reason, it usually makes more sense to just fix
    the configuration errors.

    > But won't I
    > inherit the same issues if I install this new server in the domain as a DC
    > with AD and DNS and install a secondary zone.

    Well, you will be copying the zone from another (the other) DNS
    so you will be copying the good and the bad from the master.

    Secondary DNS servers:
    Secondary DNS servers (for a zone) copy the zone (all of the
    resource records) from another DNS server that holds that
    same zone.

    > If I install 2ndary zone will I
    > be able to convert it to primary later?

    Yes, it's trivial in the GUI.

    > Point being what is the best way to
    > put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
    > will it mess anything up? Please help. Thanks!!

    Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
    to become the first DC.

    It will ask you if you need a DNS server if it cannot find your
    existing DNS server. This MUST be a dynamic Zone.


    General DNS setup for AD:

    1) Dynamic for the zone supporting AD
    2) All internal DNS clients NIC\IP properties must specify SOLELY
    that internal, dynamic DNS server (set.)
    3) DCs and even DNS servers are DNS clients too -- see #2

    Restart NetLogon on any DC if you change any of the above that
    affects a DC.

    Ensure that DNS zones/domains are fully replicated to all DNS
    servers for that (internal) zone/domain.
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    > > Point being what is the best way to
    > > put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
    > > will it mess anything up? Please help. Thanks!!
    >
    > Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
    > to become the first DC.

    If I say it is the first DC, what will happen to all my AD users, groups and
    group policy stuff?
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
    PBJ <PBJ@discussions.microsoft.com> commented
    Then Kevin replied below:
    > Hi, I'm setting up a new Domain Controller, the first
    > Windows 2003 Enterprise server. I want to load DNS on
    > this machine, we believe that their maybe issues with the
    > current DNS, so we are trying to build it fresh. But
    > won't I inherit the same issues if I install this new
    > server in the domain as a DC with AD and DNS and install
    > a secondary zone. If I install 2ndary zone will I be able
    > to convert it to primary later? Point being what is the
    > best way to put up the 1st 2003 Enterprise server with
    > DNS in a mixed mode network and will it mess anything up?
    > Please help. Thanks!!

    What are the issues you are having?
    Is it really a DNS issue, or is it an AD domain name issue?

    Because you are correct, if the issue is caused by the AD domain name, then
    you will still have the issue. It would help if you would say what the
    issues are and what you are trying to achieve.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
    are connected to us via T1 but on a different subnet. Here on site we have a
    mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
    a trust between these 2 domains. They are 2 totally different domains and not
    a child domain. We've looked at the firewall settings to make sure all
    particular ports that need to be used between the 2 networks are. At one
    point we were able to see their domain and we don't know how we all of a
    sudden lost it.
    Is this DNS related or what else can we look at? Thanks.

    "Kevin D. Goodknecht Sr. [MVP]" wrote:

    > In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
    > PBJ <PBJ@discussions.microsoft.com> commented
    > Then Kevin replied below:
    > > Hi, I'm setting up a new Domain Controller, the first
    > > Windows 2003 Enterprise server. I want to load DNS on
    > > this machine, we believe that their maybe issues with the
    > > current DNS, so we are trying to build it fresh. But
    > > won't I inherit the same issues if I install this new
    > > server in the domain as a DC with AD and DNS and install
    > > a secondary zone. If I install 2ndary zone will I be able
    > > to convert it to primary later? Point being what is the
    > > best way to put up the 1st 2003 Enterprise server with
    > > DNS in a mixed mode network and will it mess anything up?
    > > Please help. Thanks!!
    >
    > What are the issues you are having?
    > Is it really a DNS issue, or is it an AD domain name issue?
    >
    > Because you are correct, if the issue is caused by the AD domain name, then
    > you will still have the issue. It would help if you would say what the
    > issues are and what you are trying to achieve.
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
    >
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:3BA31506-D8C1-4FA4-AE6C-8340C7D36115@microsoft.com,
    PBJ <PBJ@discussions.microsoft.com> commented
    Then Kevin replied below:
    > THanks Kevin, the issue is that we have a Windows 2000
    > Domain offsite they are connected to us via T1 but on a
    > different subnet. Here on site we have a mixed mode
    > domain, we have 2 Win 2000DC's plus NT4 servers. We
    > cannot create a trust between these 2 domains. They are 2
    > totally different domains and not a child domain. We've
    > looked at the firewall settings to make sure all
    > particular ports that need to be used between the 2
    > networks are. At one point we were able to see their
    > domain and we don't know how we all of a sudden lost it.
    > Is this DNS related or what else can we look at? Thanks.


    When you say "See" do you mean as in Network Places?
    Are you using WINS?

    Instead of opening ports in the firewall between these Networks configure a
    VPN connection between them. This way the only port you need open in the
    firewall is the VPN port.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  6. Archived from groups: microsoft.public.win2000.dns (More info?)

    On Wed, 8 Dec 2004 08:29:06 -0800, PBJ <PBJ@discussions.microsoft.com>
    wrote:

    >
    >> > Point being what is the best way to
    >> > put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
    >> > will it mess anything up? Please help. Thanks!!
    >>
    >> Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
    >> to become the first DC.
    >
    >If I say it is the first DC, what will happen to all my AD users, groups and
    >group policy stuff?

    If it's the first DC it can't be in the same domain as the existing
    DC's (or PDC on a NT domain). It would be a new domain. That means
    it doesn't get any users or groups or anything until you either add
    them or migrate them using ADMT.

    These aren't DNS issues, these are domain and networking issues, and
    something you need to straighten out before you even think about DNS.

    Jeff
  7. Archived from groups: microsoft.public.win2000.dns (More info?)

    On Wed, 8 Dec 2004 06:03:03 -0800, PBJ <PBJ@discussions.microsoft.com>
    wrote:

    >Hi, I'm setting up a new Domain Controller, the first Windows 2003 Enterprise
    >server. I want to load DNS on this machine, we believe that their maybe
    >issues with the current DNS, so we are trying to build it fresh.

    Fix your "issues" first, then add a new DC. Unless you're moving to a
    brand new domain, you can't "fix" DNS by adding a new DC with AD
    integrated DNS.

    >But won't I
    >inherit the same issues if I install this new server in the domain as a DC
    >with AD and DNS and install a secondary zone.

    If it's a DC in a new domain, then you inherit nothing. The secondary
    zone won't be AD integrated, so it too can't have issues. And if
    you're just adding a DC to the domain in AD integrated, why are you
    dealing with a secondary?

    > If I install 2ndary zone will I
    >be able to convert it to primary later?

    Always, and even back again.

    >Point being what is the best way to
    >put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
    >will it mess anything up?

    Mixed mode isn't a DNS issue. Do you have an Active Directory domain
    currently? If not, and you're moving to one, then look at server
    migration and upgrades in a server group, and don't worry about DNS at
    this point. It sounds like you're very confused and concerned about
    your DNS when you are facing bigger issues that you either don't
    realize or don't understand.

    So, do you currently have a W2K AD domain? If not, is it an NT
    domain? And if you don't have AD now, is this your attempt to move to
    AD?

    Jeff
  8. Archived from groups: microsoft.public.win2000.dns (More info?)

    I have a Windows 2000 Active directory domain, with some NT 4 servers. Read
    my reply to Kevin which tells you the issue I'm having with trust
    relationships to another domain, I don't personally believe it is a DNS issue
    or and AD issue. I don't know what the issue is with the trusts, my boss
    believes it is a DNS issue for some reason or another.

    "Jeff Cochran" wrote:

    > On Wed, 8 Dec 2004 06:03:03 -0800, PBJ <PBJ@discussions.microsoft.com>
    > wrote:
    >
    > >Hi, I'm setting up a new Domain Controller, the first Windows 2003 Enterprise
    > >server. I want to load DNS on this machine, we believe that their maybe
    > >issues with the current DNS, so we are trying to build it fresh.
    >
    > Fix your "issues" first, then add a new DC. Unless you're moving to a
    > brand new domain, you can't "fix" DNS by adding a new DC with AD
    > integrated DNS.
    >
    > >But won't I
    > >inherit the same issues if I install this new server in the domain as a DC
    > >with AD and DNS and install a secondary zone.
    >
    > If it's a DC in a new domain, then you inherit nothing. The secondary
    > zone won't be AD integrated, so it too can't have issues. And if
    > you're just adding a DC to the domain in AD integrated, why are you
    > dealing with a secondary?
    >
    > > If I install 2ndary zone will I
    > >be able to convert it to primary later?
    >
    > Always, and even back again.
    >
    > >Point being what is the best way to
    > >put up the 1st 2003 Enterprise server with DNS in a mixed mode network and
    > >will it mess anything up?
    >
    > Mixed mode isn't a DNS issue. Do you have an Active Directory domain
    > currently? If not, and you're moving to one, then look at server
    > migration and upgrades in a server group, and don't worry about DNS at
    > this point. It sounds like you're very confused and concerned about
    > your DNS when you are facing bigger issues that you either don't
    > realize or don't understand.
    >
    > So, do you currently have a W2K AD domain? If not, is it an NT
    > domain? And if you don't have AD now, is this your attempt to move to
    > AD?
    >
    > Jeff
    >
  9. Archived from groups: microsoft.public.win2000.dns (More info?)

    "PBJ" <PBJ@discussions.microsoft.com> wrote in message
    news:3441A131-D760-47A3-832B-084476A1CE9A@microsoft.com...
    >
    > > > Point being what is the best way to
    > > > put up the 1st 2003 Enterprise server with DNS in a mixed mode network
    and
    > > > will it mess anything up? Please help. Thanks!!
    > >
    > > Install Win2003 on a Server, DCPromo (.exe or dialog box) the machine
    > > to become the first DC.
    >
    > If I say it is the first DC, what will happen to all my AD users, groups
    and
    > group policy stuff?

    If it IS THE FIRST DC, then you don't have any AD users etc.

    If you have AD users you already have AD and at least one
    DC.

    Installing another DC will either make it an additional
    (not first) DC in the existing domain, or create a new
    domain which will have NO effect on the existing users etc.

    It will neither harm nor help those existing users (ignoring
    Forest considerations.)


    --
    Herb Martin
  10. Archived from groups: microsoft.public.win2000.dns (More info?)

    Yes Iam talking about seeing it in network places, I can ping them by IP.
    When we try to do a trust it does not see it. It says the domain cannot be
    contacted and will be installed as a non-windows trust.
    No, we do not have WINS, do we have to?

    "Kevin D. Goodknecht Sr. [MVP]" wrote:

    > In news:3BA31506-D8C1-4FA4-AE6C-8340C7D36115@microsoft.com,
    > PBJ <PBJ@discussions.microsoft.com> commented
    > Then Kevin replied below:
    > > THanks Kevin, the issue is that we have a Windows 2000
    > > Domain offsite they are connected to us via T1 but on a
    > > different subnet. Here on site we have a mixed mode
    > > domain, we have 2 Win 2000DC's plus NT4 servers. We
    > > cannot create a trust between these 2 domains. They are 2
    > > totally different domains and not a child domain. We've
    > > looked at the firewall settings to make sure all
    > > particular ports that need to be used between the 2
    > > networks are. At one point we were able to see their
    > > domain and we don't know how we all of a sudden lost it.
    > > Is this DNS related or what else can we look at? Thanks.
    >
    >
    > When you say "See" do you mean as in Network Places?
    > Are you using WINS?
    >
    > Instead of opening ports in the firewall between these Networks configure a
    > VPN connection between them. This way the only port you need open in the
    > firewall is the VPN port.
    >
    >
    > --
    > Best regards,
    > Kevin D4 Dad Goodknecht Sr. [MVP]
    > Hope This Helps
    > ===================================
    > When responding to posts, please "Reply to Group"
    > via your newsreader so that others may learn and
    > benefit from your issue, to respond directly to
    > me remove the nospam. from my email address.
    > ===================================
    > http://www.lonestaramerica.com/
    > ===================================
    > Use Outlook Express?... Get OE_Quotefix:
    > It will strip signature out and more
    > http://home.in.tum.de/~jain/software/oe-quotefix/
    > ===================================
    > Keep a back up of your OE settings and folders
    > with OEBackup:
    > http://www.oehelp.com/OEBackup/Default.aspx
    > ===================================
    >
    >
    >
  11. Archived from groups: microsoft.public.win2000.dns (More info?)

    "PBJ" <PBJ@discussions.microsoft.com> wrote in message
    news:4CBF9836-D90B-4DF3-A95D-52595854B3D7@microsoft.com...
    > Yes Iam talking about seeing it in network places, I can ping them by IP.
    > When we try to do a trust it does not see it. It says the domain cannot be
    > contacted and will be installed as a non-windows trust.
    > No, we do not have WINS, do we have to?
    `

    Yes...

    If you have Windows on an IP network with more than
    one subnet (i.e., with routers).

    --
    Herb Martin


    >
    > "Kevin D. Goodknecht Sr. [MVP]" wrote:
    >
    > > In news:3BA31506-D8C1-4FA4-AE6C-8340C7D36115@microsoft.com,
    > > PBJ <PBJ@discussions.microsoft.com> commented
    > > Then Kevin replied below:
    > > > THanks Kevin, the issue is that we have a Windows 2000
    > > > Domain offsite they are connected to us via T1 but on a
    > > > different subnet. Here on site we have a mixed mode
    > > > domain, we have 2 Win 2000DC's plus NT4 servers. We
    > > > cannot create a trust between these 2 domains. They are 2
    > > > totally different domains and not a child domain. We've
    > > > looked at the firewall settings to make sure all
    > > > particular ports that need to be used between the 2
    > > > networks are. At one point we were able to see their
    > > > domain and we don't know how we all of a sudden lost it.
    > > > Is this DNS related or what else can we look at? Thanks.
    > >
    > >
    > > When you say "See" do you mean as in Network Places?
    > > Are you using WINS?
    > >
    > > Instead of opening ports in the firewall between these Networks
    configure a
    > > VPN connection between them. This way the only port you need open in the
    > > firewall is the VPN port.
    > >
    > >
    > > --
    > > Best regards,
    > > Kevin D4 Dad Goodknecht Sr. [MVP]
    > > Hope This Helps
    > > ===================================
    > > When responding to posts, please "Reply to Group"
    > > via your newsreader so that others may learn and
    > > benefit from your issue, to respond directly to
    > > me remove the nospam. from my email address.
    > > ===================================
    > > http://www.lonestaramerica.com/
    > > ===================================
    > > Use Outlook Express?... Get OE_Quotefix:
    > > It will strip signature out and more
    > > http://home.in.tum.de/~jain/software/oe-quotefix/
    > > ===================================
    > > Keep a back up of your OE settings and folders
    > > with OEBackup:
    > > http://www.oehelp.com/OEBackup/Default.aspx
    > > ===================================
    > >
    > >
    > >
  12. Archived from groups: microsoft.public.win2000.dns (More info?)

    In news:4CBF9836-D90B-4DF3-A95D-52595854B3D7@microsoft.com,
    PBJ <PBJ@discussions.microsoft.com> commented
    Then Kevin replied below:
    > Yes Iam talking about seeing it in network places, I can
    > ping them by IP. When we try to do a trust it does not
    > see it. It says the domain cannot be contacted and will
    > be installed as a non-windows trust.
    > No, we do not have WINS, do we have to?
    WINS is the easiest IMO, WINS is less work than LMHosts. If you LMHosts then
    someone is going to have to keep them current. You cannot rely on NetBIOS
    Broadcasts because you have multiple subnets and NetBIOS broadcasts don't
    cross routers.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
  13. Archived from groups: microsoft.public.win2000.dns (More info?)

    On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
    wrote:

    >THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
    >are connected to us via T1 but on a different subnet. Here on site we have a
    >mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
    >a trust between these 2 domains. They are 2 totally different domains and not
    >a child domain. We've looked at the firewall settings to make sure all
    >particular ports that need to be used between the 2 networks are. At one
    >point we were able to see their domain and we don't know how we all of a
    >sudden lost it.
    >Is this DNS related or what else can we look at? Thanks.

    You cannot create a trust because of a technical issue, or you cannot
    create a trust because of a company policy?

    Do you have valid NetBIOS name resolution for the domain controllers,
    either through WINS or a properly configured LMHosts file? And are
    NetBIOS ports allowed between the networks through the firewalls?

    Jeff

    >"Kevin D. Goodknecht Sr. [MVP]" wrote:
    >
    >> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
    >> PBJ <PBJ@discussions.microsoft.com> commented
    >> Then Kevin replied below:
    >> > Hi, I'm setting up a new Domain Controller, the first
    >> > Windows 2003 Enterprise server. I want to load DNS on
    >> > this machine, we believe that their maybe issues with the
    >> > current DNS, so we are trying to build it fresh. But
    >> > won't I inherit the same issues if I install this new
    >> > server in the domain as a DC with AD and DNS and install
    >> > a secondary zone. If I install 2ndary zone will I be able
    >> > to convert it to primary later? Point being what is the
    >> > best way to put up the 1st 2003 Enterprise server with
    >> > DNS in a mixed mode network and will it mess anything up?
    >> > Please help. Thanks!!
    >>
    >> What are the issues you are having?
    >> Is it really a DNS issue, or is it an AD domain name issue?
    >>
    >> Because you are correct, if the issue is caused by the AD domain name, then
    >> you will still have the issue. It would help if you would say what the
    >> issues are and what you are trying to achieve.
    >>
    >>
    >> --
    >> Best regards,
    >> Kevin D4 Dad Goodknecht Sr. [MVP]
    >> Hope This Helps
    >> ===================================
    >> When responding to posts, please "Reply to Group"
    >> via your newsreader so that others may learn and
    >> benefit from your issue, to respond directly to
    >> me remove the nospam. from my email address.
    >> ===================================
    >> http://www.lonestaramerica.com/
    >> ===================================
    >> Use Outlook Express?... Get OE_Quotefix:
    >> It will strip signature out and more
    >> http://home.in.tum.de/~jain/software/oe-quotefix/
    >> ===================================
    >> Keep a back up of your OE settings and folders
    >> with OEBackup:
    >> http://www.oehelp.com/OEBackup/Default.aspx
    >> ===================================
    >>
    >>
    >>
  14. Archived from groups: microsoft.public.win2000.dns (More info?)

    We opened all of the ports that were in this TID# 179442
    But I noticed from the FW logs that the NetBios broadcasts were not allowed.

    "Jeff Cochran" wrote:

    > On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
    > wrote:
    >
    > >THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
    > >are connected to us via T1 but on a different subnet. Here on site we have a
    > >mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
    > >a trust between these 2 domains. They are 2 totally different domains and not
    > >a child domain. We've looked at the firewall settings to make sure all
    > >particular ports that need to be used between the 2 networks are. At one
    > >point we were able to see their domain and we don't know how we all of a
    > >sudden lost it.
    > >Is this DNS related or what else can we look at? Thanks.
    >
    > You cannot create a trust because of a technical issue, or you cannot
    > create a trust because of a company policy?
    >
    > Do you have valid NetBIOS name resolution for the domain controllers,
    > either through WINS or a properly configured LMHosts file? And are
    > NetBIOS ports allowed between the networks through the firewalls?
    >
    > Jeff
    >
    > >"Kevin D. Goodknecht Sr. [MVP]" wrote:
    > >
    > >> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
    > >> PBJ <PBJ@discussions.microsoft.com> commented
    > >> Then Kevin replied below:
    > >> > Hi, I'm setting up a new Domain Controller, the first
    > >> > Windows 2003 Enterprise server. I want to load DNS on
    > >> > this machine, we believe that their maybe issues with the
    > >> > current DNS, so we are trying to build it fresh. But
    > >> > won't I inherit the same issues if I install this new
    > >> > server in the domain as a DC with AD and DNS and install
    > >> > a secondary zone. If I install 2ndary zone will I be able
    > >> > to convert it to primary later? Point being what is the
    > >> > best way to put up the 1st 2003 Enterprise server with
    > >> > DNS in a mixed mode network and will it mess anything up?
    > >> > Please help. Thanks!!
    > >>
    > >> What are the issues you are having?
    > >> Is it really a DNS issue, or is it an AD domain name issue?
    > >>
    > >> Because you are correct, if the issue is caused by the AD domain name, then
    > >> you will still have the issue. It would help if you would say what the
    > >> issues are and what you are trying to achieve.
    > >>
    > >>
    > >> --
    > >> Best regards,
    > >> Kevin D4 Dad Goodknecht Sr. [MVP]
    > >> Hope This Helps
    > >> ===================================
    > >> When responding to posts, please "Reply to Group"
    > >> via your newsreader so that others may learn and
    > >> benefit from your issue, to respond directly to
    > >> me remove the nospam. from my email address.
    > >> ===================================
    > >> http://www.lonestaramerica.com/
    > >> ===================================
    > >> Use Outlook Express?... Get OE_Quotefix:
    > >> It will strip signature out and more
    > >> http://home.in.tum.de/~jain/software/oe-quotefix/
    > >> ===================================
    > >> Keep a back up of your OE settings and folders
    > >> with OEBackup:
    > >> http://www.oehelp.com/OEBackup/Default.aspx
    > >> ===================================
    > >>
    > >>
    > >>
    >
    >
  15. Archived from groups: microsoft.public.win2000.dns (More info?)

    On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
    wrote:

    >We opened all of the ports that were in this TID# 179442
    >But I noticed from the FW logs that the NetBios broadcasts were not allowed.

    Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
    ports for communication. NetBIOS brodcasts include broadcast
    resolution of names as well as WINS broadcasts, so if you have an issu
    involving the name resolution, allowing NetBIOS broadcasts through
    your firewall may help. But it also sends traffic across zones that
    may be unneeded, as well as containing information about your network.

    Jeff

    >"Jeff Cochran" wrote:
    >
    >> On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
    >> wrote:
    >>
    >> >THanks Kevin, the issue is that we have a Windows 2000 Domain offsite they
    >> >are connected to us via T1 but on a different subnet. Here on site we have a
    >> >mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot create
    >> >a trust between these 2 domains. They are 2 totally different domains and not
    >> >a child domain. We've looked at the firewall settings to make sure all
    >> >particular ports that need to be used between the 2 networks are. At one
    >> >point we were able to see their domain and we don't know how we all of a
    >> >sudden lost it.
    >> >Is this DNS related or what else can we look at? Thanks.
    >>
    >> You cannot create a trust because of a technical issue, or you cannot
    >> create a trust because of a company policy?
    >>
    >> Do you have valid NetBIOS name resolution for the domain controllers,
    >> either through WINS or a properly configured LMHosts file? And are
    >> NetBIOS ports allowed between the networks through the firewalls?
    >>
    >> Jeff
    >>
    >> >"Kevin D. Goodknecht Sr. [MVP]" wrote:
    >> >
    >> >> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
    >> >> PBJ <PBJ@discussions.microsoft.com> commented
    >> >> Then Kevin replied below:
    >> >> > Hi, I'm setting up a new Domain Controller, the first
    >> >> > Windows 2003 Enterprise server. I want to load DNS on
    >> >> > this machine, we believe that their maybe issues with the
    >> >> > current DNS, so we are trying to build it fresh. But
    >> >> > won't I inherit the same issues if I install this new
    >> >> > server in the domain as a DC with AD and DNS and install
    >> >> > a secondary zone. If I install 2ndary zone will I be able
    >> >> > to convert it to primary later? Point being what is the
    >> >> > best way to put up the 1st 2003 Enterprise server with
    >> >> > DNS in a mixed mode network and will it mess anything up?
    >> >> > Please help. Thanks!!
    >> >>
    >> >> What are the issues you are having?
    >> >> Is it really a DNS issue, or is it an AD domain name issue?
    >> >>
    >> >> Because you are correct, if the issue is caused by the AD domain name, then
    >> >> you will still have the issue. It would help if you would say what the
    >> >> issues are and what you are trying to achieve.
    >> >>
    >> >>
    >> >> --
    >> >> Best regards,
    >> >> Kevin D4 Dad Goodknecht Sr. [MVP]
    >> >> Hope This Helps
    >> >> ===================================
    >> >> When responding to posts, please "Reply to Group"
    >> >> via your newsreader so that others may learn and
    >> >> benefit from your issue, to respond directly to
    >> >> me remove the nospam. from my email address.
    >> >> ===================================
    >> >> http://www.lonestaramerica.com/
    >> >> ===================================
    >> >> Use Outlook Express?... Get OE_Quotefix:
    >> >> It will strip signature out and more
    >> >> http://home.in.tum.de/~jain/software/oe-quotefix/
    >> >> ===================================
    >> >> Keep a back up of your OE settings and folders
    >> >> with OEBackup:
    >> >> http://www.oehelp.com/OEBackup/Default.aspx
    >> >> ===================================
    >> >>
    >> >>
    >> >>
    >>
    >>
  16. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Jeff Cochran" <jeff.nospam@zina.com> wrote in message
    news:41c20990.1118947912@msnews.microsoft.com...
    > On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
    > wrote:
    >
    > >We opened all of the ports that were in this TID# 179442
    > >But I noticed from the FW logs that the NetBios broadcasts were not
    allowed.
    >
    > Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
    > ports for communication. NetBIOS brodcasts include broadcast
    > resolution of names as well as WINS broadcasts, so if you have an issu
    > involving the name resolution, allowing NetBIOS broadcasts through
    > your firewall may help. But it also sends traffic across zones that
    > may be unneeded, as well as containing information about your network.

    Almost no firewalls will pass NetBIOS broadcasts since
    most firewalls are implemented on some type of ROUTER
    and routers pass NO broadcasts by default.

    So this is true, even of non-firewall routers within an network.

    --
    Herb Martin


    >
    > Jeff
    >
    > >"Jeff Cochran" wrote:
    > >
    > >> On Wed, 8 Dec 2004 10:59:10 -0800, PBJ <PBJ@discussions.microsoft.com>
    > >> wrote:
    > >>
    > >> >THanks Kevin, the issue is that we have a Windows 2000 Domain offsite
    they
    > >> >are connected to us via T1 but on a different subnet. Here on site we
    have a
    > >> >mixed mode domain, we have 2 Win 2000DC's plus NT4 servers. We cannot
    create
    > >> >a trust between these 2 domains. They are 2 totally different domains
    and not
    > >> >a child domain. We've looked at the firewall settings to make sure all
    > >> >particular ports that need to be used between the 2 networks are. At
    one
    > >> >point we were able to see their domain and we don't know how we all of
    a
    > >> >sudden lost it.
    > >> >Is this DNS related or what else can we look at? Thanks.
    > >>
    > >> You cannot create a trust because of a technical issue, or you cannot
    > >> create a trust because of a company policy?
    > >>
    > >> Do you have valid NetBIOS name resolution for the domain controllers,
    > >> either through WINS or a properly configured LMHosts file? And are
    > >> NetBIOS ports allowed between the networks through the firewalls?
    > >>
    > >> Jeff
    > >>
    > >> >"Kevin D. Goodknecht Sr. [MVP]" wrote:
    > >> >
    > >> >> In news:BEBF28E3-D557-43C4-8AB7-8AE9B42EE8E4@microsoft.com,
    > >> >> PBJ <PBJ@discussions.microsoft.com> commented
    > >> >> Then Kevin replied below:
    > >> >> > Hi, I'm setting up a new Domain Controller, the first
    > >> >> > Windows 2003 Enterprise server. I want to load DNS on
    > >> >> > this machine, we believe that their maybe issues with the
    > >> >> > current DNS, so we are trying to build it fresh. But
    > >> >> > won't I inherit the same issues if I install this new
    > >> >> > server in the domain as a DC with AD and DNS and install
    > >> >> > a secondary zone. If I install 2ndary zone will I be able
    > >> >> > to convert it to primary later? Point being what is the
    > >> >> > best way to put up the 1st 2003 Enterprise server with
    > >> >> > DNS in a mixed mode network and will it mess anything up?
    > >> >> > Please help. Thanks!!
    > >> >>
    > >> >> What are the issues you are having?
    > >> >> Is it really a DNS issue, or is it an AD domain name issue?
    > >> >>
    > >> >> Because you are correct, if the issue is caused by the AD domain
    name, then
    > >> >> you will still have the issue. It would help if you would say what
    the
    > >> >> issues are and what you are trying to achieve.
    > >> >>
    > >> >>
    > >> >> --
    > >> >> Best regards,
    > >> >> Kevin D4 Dad Goodknecht Sr. [MVP]
    > >> >> Hope This Helps
    > >> >> ===================================
    > >> >> When responding to posts, please "Reply to Group"
    > >> >> via your newsreader so that others may learn and
    > >> >> benefit from your issue, to respond directly to
    > >> >> me remove the nospam. from my email address.
    > >> >> ===================================
    > >> >> http://www.lonestaramerica.com/
    > >> >> ===================================
    > >> >> Use Outlook Express?... Get OE_Quotefix:
    > >> >> It will strip signature out and more
    > >> >> http://home.in.tum.de/~jain/software/oe-quotefix/
    > >> >> ===================================
    > >> >> Keep a back up of your OE settings and folders
    > >> >> with OEBackup:
    > >> >> http://www.oehelp.com/OEBackup/Default.aspx
    > >> >> ===================================
    > >> >>
    > >> >>
    > >> >>
    > >>
    > >>
    >
  17. Archived from groups: microsoft.public.win2000.dns (More info?)

    On Sat, 11 Dec 2004 09:56:51 -0600, "Herb Martin"
    <news@LearnQuick.com> wrote:

    >"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
    >news:41c20990.1118947912@msnews.microsoft.com...
    >> On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
    >> wrote:
    >>
    >> >We opened all of the ports that were in this TID# 179442
    >> >But I noticed from the FW logs that the NetBios broadcasts were not
    >allowed.
    >>
    >> Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
    >> ports for communication. NetBIOS brodcasts include broadcast
    >> resolution of names as well as WINS broadcasts, so if you have an issu
    >> involving the name resolution, allowing NetBIOS broadcasts through
    >> your firewall may help. But it also sends traffic across zones that
    >> may be unneeded, as well as containing information about your network.
    >
    >Almost no firewalls will pass NetBIOS broadcasts since
    >most firewalls are implemented on some type of ROUTER
    >and routers pass NO broadcasts by default.
    >
    >So this is true, even of non-firewall routers within an network.

    Most enterprise-level firewalls allow some sort of NetBIOS broadcast
    transfer. NetBIOS doesn't route, but that doesn't mean it can't be
    passed by a device that routes. :)

    Jeff
  18. Archived from groups: microsoft.public.win2000.dns (More info?)

    > Most enterprise-level firewalls allow some sort of NetBIOS broadcast
    > transfer. NetBIOS doesn't route, but that doesn't mean it can't be
    > passed by a device that routes. :)

    True of many serious routers but the above is of
    course why I qualified just about all of this
    discussion with "by default."

    Also note, that if you do this, you essentally
    turn you network into a single "subnet" for
    NetBIOS purposes -- technically it is a single
    broadcast domain, and you will only have one
    Master Browser so it will be functionally
    equivalent to one net and remove the requirement
    for the WINS servers.

    It is also a poor (not terrible) practice to do open
    such broadcasts.

    --
    Herb Martin


    "Jeff Cochran" <jeff.nospam@zina.com> wrote in message
    news:41bd82a3.1281001512@msnews.microsoft.com...
    > On Sat, 11 Dec 2004 09:56:51 -0600, "Herb Martin"
    > <news@LearnQuick.com> wrote:
    >
    > >"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
    > >news:41c20990.1118947912@msnews.microsoft.com...
    > >> On Thu, 9 Dec 2004 13:23:06 -0800, PBJ <PBJ@discussions.microsoft.com>
    > >> wrote:
    > >>
    > >> >We opened all of the ports that were in this TID# 179442
    > >> >But I noticed from the FW logs that the NetBios broadcasts were not
    > >allowed.
    > >>
    > >> Many firewalls won't pass NetBIOS brodcasts even if you open NetBIOS
    > >> ports for communication. NetBIOS brodcasts include broadcast
    > >> resolution of names as well as WINS broadcasts, so if you have an issu
    > >> involving the name resolution, allowing NetBIOS broadcasts through
    > >> your firewall may help. But it also sends traffic across zones that
    > >> may be unneeded, as well as containing information about your network.
    > >
    > >Almost no firewalls will pass NetBIOS broadcasts since
    > >most firewalls are implemented on some type of ROUTER
    > >and routers pass NO broadcasts by default.
    > >
    > >So this is true, even of non-firewall routers within an network.
    >
    > Most enterprise-level firewalls allow some sort of NetBIOS broadcast
    > transfer. NetBIOS doesn't route, but that doesn't mean it can't be
    > passed by a device that routes. :)
    >
    > Jeff
Ask a new question

Read More

Windows Server 2003 Domain Controller DNS Servers Windows