Active Directory on W2k server within Nt4 environment

  • Thread starter Thread starter Ken
  • Start date Start date
K

Ken

I am setting up a computer lab for my school. We have
purchased new computers with XP pro. We have a w2k server
that will service this lab and an old lab with stations
running w98. Active Directory Service is not being used
anywere, since our other server is running nt4. I would
like to setup Active Directory Service on the W2K server.
We will not be upgrading the main(NT4)server. So the W2k
server would be a PDC within a NT4 environment. Any
problems with that? How would I name the PDC?
Thanks
 
Herb,
Thanks for your help. Forgive my ignorance on this as I am
just a Jr. High math teacher. If I create a new Win2000
domain, would that prevent the clients from getting out to
the Internet?
 
Thanks for your help. Forgive my ignorance on this as I am
just a Jr. High math teacher.

No problem -- [I hope however that you are far more than
"just" a "Jr. High Math" teacher. This is probably the most
important level for teaching mathematics to the next generation,
as it is freqently at this level that students make the decision
whether "I am good at math" or "I am bad at math." This
decision usually lasts the rest of their lives and is the primar
influence on actual mathematic ability. ]
If I create a new Win2000
domain, would that prevent the clients from getting out to
the Internet?

No, not at all (and note that in most cases you would want
to "upgrade", not "create", a domain.)

For legacy clients (Win9x, WinNT) you can largely ignore
the upgrade differences; the database just moves to another
format and has more capabilities that older clients may even
ignore.

You can add the "DSClient" (aka "Active Directory Client
Upgrade") to the older clients but even that is misnamed
and doesn't put them "under the control" of AD's Group
Policy Objects (GPO) but merely make the clients site
and multimaster aware.

You will have to implement DNS internally and this DOES
sometimes cause people to lose client Internet connectivity
due to only making some of the needed changes.

Clients switch their DNS server "setting" to the new internal
DNS but the admin neglects to forward non-local name
resolution to the Internet -- this is perceived as a client failure
but is really a MISCONFIGURATION of the "new" DNS
server.

Solution: Internal DNS Server should generally (almost always
if you have no specific reason to do otherwise) "Forward" to
another DNS server which can lookup Internet names.

Two standard method:
1) Internal DNS server forwards to the DNS server or relay on
the inside of the WAN (ICS, NAT, Proxy, Firewall etc)

2) Internal DNS server forwards to the ISP (or in a distrubuted
school district perhaps to the "next higher authority", e.g., the
school district relays to the Internet.)

We would have to know your precise current DNS architecture
to you help you understand the choice and pick a "best" solution
for your situation but we can say this...

Clients use the Internal DNS server which then either performs
the actual recursive lookup from the root down of the Internet
OR the Internal DNS server "forward" to another DNS server
which services the request, known as the "forwarder."

Ultimately, one of the DNS servers must perform the actual
recusion from the root down through the Internet namespace.
 
Herb,
Thanks for your help with this (and for the reminder about
being a math teacher). I seem to be getting in a bit over
my head. For now I'm going to set up the lab without
active directory. I'll also set up an experimental network
with a few computers so I can make sure I understand how
things work before I implement them!
Ken
-----Original Message-----
Thanks for your help. Forgive my ignorance on this as I am
just a Jr. High math teacher.

No problem -- [I hope however that you are far more than
"just" a "Jr. High Math" teacher. This is probably the most
important level for teaching mathematics to the next generation,
as it is freqently at this level that students make the decision
whether "I am good at math" or "I am bad at math." This
decision usually lasts the rest of their lives and is the primar
influence on actual mathematic ability. ]
If I create a new Win2000
domain, would that prevent the clients from getting out to
the Internet?

No, not at all (and note that in most cases you would want
to "upgrade", not "create", a domain.)

For legacy clients (Win9x, WinNT) you can largely ignore
the upgrade differences; the database just moves to another
format and has more capabilities that older clients may even
ignore.

You can add the "DSClient" (aka "Active Directory Client
Upgrade") to the older clients but even that is misnamed
and doesn't put them "under the control" of AD's Group
Policy Objects (GPO) but merely make the clients site
and multimaster aware.

You will have to implement DNS internally and this DOES
sometimes cause people to lose client Internet connectivity
due to only making some of the needed changes.

Clients switch their DNS server "setting" to the new internal
DNS but the admin neglects to forward non-local name
resolution to the Internet -- this is perceived as a client failure
but is really a MISCONFIGURATION of the "new" DNS
server.

Solution: Internal DNS Server should generally (almost always
if you have no specific reason to do otherwise) "Forward" to
another DNS server which can lookup Internet names.

Two standard method:
1) Internal DNS server forwards to the DNS server or relay on
the inside of the WAN (ICS, NAT, Proxy, Firewall etc)

2) Internal DNS server forwards to the ISP (or in a distrubuted
school district perhaps to the "next higher authority", e.g., the
school district relays to the Internet.)

We would have to know your precise current DNS architecture
to you help you understand the choice and pick a "best" solution
for your situation but we can say this...

Clients use the Internal DNS server which then either performs
the actual recursive lookup from the root down of the Internet
OR the Internal DNS server "forward" to another DNS server
which services the request, known as the "forwarder."

Ultimately, one of the DNS servers must perform the actual
recusion from the root down through the Internet namespace.




.
 
Back
Top