-----Original Message-----
Thanks for your help. Forgive my ignorance on this as I am
just a Jr. High math teacher.
No problem -- [I hope however that you are far more than
"just" a "Jr. High Math" teacher. This is probably the most
important level for teaching mathematics to the next generation,
as it is freqently at this level that students make the decision
whether "I am good at math" or "I am bad at math." This
decision usually lasts the rest of their lives and is the primar
influence on actual mathematic ability. ]
If I create a new Win2000
domain, would that prevent the clients from getting out to
the Internet?
No, not at all (and note that in most cases you would want
to "upgrade", not "create", a domain.)
For legacy clients (Win9x, WinNT) you can largely ignore
the upgrade differences; the database just moves to another
format and has more capabilities that older clients may even
ignore.
You can add the "DSClient" (aka "Active Directory Client
Upgrade") to the older clients but even that is misnamed
and doesn't put them "under the control" of AD's Group
Policy Objects (GPO) but merely make the clients site
and multimaster aware.
You will have to implement DNS internally and this DOES
sometimes cause people to lose client Internet connectivity
due to only making some of the needed changes.
Clients switch their DNS server "setting" to the new internal
DNS but the admin neglects to forward non-local name
resolution to the Internet -- this is perceived as a client failure
but is really a MISCONFIGURATION of the "new" DNS
server.
Solution: Internal DNS Server should generally (almost always
if you have no specific reason to do otherwise) "Forward" to
another DNS server which can lookup Internet names.
Two standard method:
1) Internal DNS server forwards to the DNS server or relay on
the inside of the WAN (ICS, NAT, Proxy, Firewall etc)
2) Internal DNS server forwards to the ISP (or in a distrubuted
school district perhaps to the "next higher authority", e.g., the
school district relays to the Internet.)
We would have to know your precise current DNS architecture
to you help you understand the choice and pick a "best" solution
for your situation but we can say this...
Clients use the Internal DNS server which then either performs
the actual recursive lookup from the root down of the Internet
OR the Internal DNS server "forward" to another DNS server
which services the request, known as the "forwarder."
Ultimately, one of the DNS servers must perform the actual
recusion from the root down through the Internet namespace.
.