DNS - Active Directory - domain - starting over.

  • Thread starter Thread starter Leo
  • Start date Start date
L

Leo

Help? or words to that effect.

It's beginning to look like we need to scrap everything and start over
with our domain, active directory, and DNS. Can anybody help with the
mess we've got ourselves into please?

We have a small domain called (for the sake of example)
"example.co.uk". This is the internet domain for the company, which
we shall call "Example Ltd."

When we set up the PDC for the domain we called it "Server1". Then
somehow when we set up the domain itself it became called
"example.townname" instead of "example.co.uk", so the server is called
"server1.example.townname".

Since then active directory, DNS, printing services, and a host of
other things just don't work properly.


My question is basically what to do next.

We want to rename the domain on the PDC so that DNS lookups can work
properly.

Does the domain have to be called example.co.uk in order for active
directory to work?

Do we have to set up a new PDC in a new domain, then set up trust
between the two domains, then copy the (masses of) network files
across from one domain to the other, or is it possible to achieve the
same effect by just "resetting" the domain on the current pdc?
 
Leo said:
Help? or words to that effect.

It's beginning to look like we need to scrap everything and start over
with our domain, active directory, and DNS. Can anybody help with the
mess we've got ourselves into please?
Click to expand...

We'll try but if you have more than a few days invested
then this is practically never the best answer.

Even if you start over, unless you understand how to set
it up correctly you will likely reach a similar situation
quickly, and since if you can set it up correctly you can
almost always fix the current setup.
We have a small domain called (for the sake of example)
"example.co.uk". This is the internet domain for the company, which
we shall call "Example Ltd."
Click to expand...

If this is ONLY the "Internet" (presence) DNS name then
that is ACTUALLY A VERY GOOD THING.

While you CAN use the same name externally as you
do for the internal AD domain it is not generally the
best idea for most people.
When we set up the PDC for the domain we called it "Server1". Then
somehow when we set up the domain itself it became called
"example.townname" instead of "example.co.uk", so the server is called
"server1.example.townname".
Click to expand...

Actually your choice, however unintended is not that bad.

Unless you have some (older machines) which have trouble
with the LENGTH of the final tag (townname) it's pretty good
as long as the name makes SENSE to you and your users.
Since then active directory, DNS, printing services, and a host of
other things just don't work properly.
Click to expand...

Not due to that choice of name.
My question is basically what to do next.
Click to expand...

Fix the DNS SETUP (configure it correctly on both the
DNS Servers and the DNS clients -- DCs are also DNS
clients) -- replication and authentication issues are almost
always DNS based when using AD.
We want to rename the domain on the PDC so that DNS lookups can work
properly.
Click to expand...

Your problem is almost certainly unrelated to the DNS
name (except in that it may be confusing you or your
other admins.)
Does the domain have to be called example.co.uk in order for active
directory to work?
Click to expand...

Absolutely not. It needs to be consistent on all of the
internal machines; all of the internal servers -- especially
DCS -- must be DNS clients of those (internal) DNS servers
which can resolve this name.
Do we have to set up a new PDC in a new domain, then set up trust
between the two domains, then copy the (masses of) network files
across from one domain to the other, or is it possible to achieve the
same effect by just "resetting" the domain on the current pdc?
Click to expand...

No. Don't go there.

If you really had a domain that needed to be renamed we could
(possibly) help you with that but you almost certainly have a
more basic problem.

The most common such problem is configuring DNS clients
(including DCs are DNS clients, remember !!!) STRICTLY
with the internal DNS server (set) on their NIC->IP properties.

Do NOT try to mix an external and internal DNS server there;
people do this in the mistaken idea that both will be used.

Internal DNS servers usually FORWARD to external servers
(at the firewall or ISP) for resolving the Internet. Internal
DNS servers must be able to resovle EVERY name the internal
clients will need.


Herb are DNS for AD general recommendations:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
 
Herb Martin said:
Fix the DNS SETUP (configure it correctly on both the
DNS Servers and the DNS clients -- DCs are also DNS
clients) -- replication and authentication issues are almost
always DNS based when using AD.
Click to expand...

Thank you very much. That's cleared things up substantially.


Right. I'm off to do some reading....

Expect some tooth grinding, and clumps of hair on the floor in the
near future....

I'll be back!
 
Right. I'm off to do some reading....
Expect some tooth grinding, and clumps of hair on the floor in the
near future....
Click to expand...

Keep it simple and logical. DNS is actually VERY LOGICALLY
and fairly easy ONCE you understand the basics.

BUT it is also trivial to mess up if you don't understand something.

Fortunately it's easy to find and fix errors if you approach it
systematically and EXPECT TO UNDERSTAND the problem
and to be able to find the problem with simple tools.

(Ping, nslookup, DCDiag, NetDiag, ipconfig, etc.)
 
Back
Top