DNS and DNS Zone problems.

[Guest]

I upgraded a Domian controller from NT 4.0 to Win 2K...

During the upgrading process, I created a new domain tree and a new forest
of the domain tree.. The Domain was named Joker.school.org, then configured
the DNS with Permissions compatiable with Pre-Windows 2000 servers...

Upon completing the Active Directory configuration wizard, I edit the AD and
assigned the GPO permissions..

This DC name is "Wild" so the DNS is wild.joker.school.org
Is this name too deep or long?

Wild DC is Trusted by DC, "Red".. Though, users can log on to
Joker.school.org doman, they can only see resources on that domain, which is
what we want. Yet, they can not access resources on that domain..

I tried to create an integrated Active directory DNS zone and it would be
created.. I was able to create a Primary DNS zone and still the users can not
access the resources on the joker.school.org domain...

I changed the primary DNS IP address 192.00.00.8 of the Trust Red domain to
point to Joker domain 192.00.00.3 and still can not see access the resources
though the user can see them. I could only add the Joker domain to the
network was to enter the Red IP, because this is the Trust domain.. Now I
need to point to the Joker DNS and I changed the IP from the primary Red DNS
to the Joker DNS and have problems,...

AM I missing something here?

Am I missing something here?

 

[Ace Fekay [MVP]]

In

I upgraded a Domian controller from NT 4.0 to Win 2K...

During the upgrading process, I created a new domain tree and a new
forest of the domain tree.. The Domain was named Joker.school.org,
then configured the DNS with Permissions compatiable with Pre-Windows
2000 servers...

Upon completing the Active Directory configuration wizard, I edit the
AD and assigned the GPO permissions..

This DC name is "Wild" so the DNS is wild.joker.school.org
Is this name too deep or long?

Wild DC is Trusted by DC, "Red".. Though, users can log on to
Joker.school.org doman, they can only see resources on that domain,
which is what we want. Yet, they can not access resources on that
domain..

I tried to create an integrated Active directory DNS zone and it
would be created.. I was able to create a Primary DNS zone and still
the users can not access the resources on the joker.school.org
domain...

I changed the primary DNS IP address 192.00.00.8 of the Trust Red
domain to point to Joker domain 192.00.00.3 and still can not see
access the resources though the user can see them. I could only add
the Joker domain to the network was to enter the Red IP, because this
is the Trust domain.. Now I need to point to the Joker DNS and I
changed the IP from the primary Red DNS to the Joker DNS and have
problems,...

AM I missing something here?

Am I missing something here?

The name is not too long or deep. It's ok.

AD Integrated zones are the preferred recommendation to protect and secure
the zone data for DNS.

So you have two domains? Is the Red domain NT4 or 2000?

In any AD environment, ALWAYS ONLY use the DNS server that is hosting the AD
zone. If the zone callled "joker.school.org" is hosted on 192.00.00.3, then
ALL machines in the Joker domain MUST ONLY USE THAT DNS.

An external trust (NT4 style trust, which Win2000 is only aware of), uses
NTLM, which is NetBIOS based and has nothing to do with DNS.

If the trust was created properly, then I would suggest to take the group
accounts from Joker and add them to Red's resources in their ACLs. DNS has
nothing to do with this part.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

 

[Kurt]

We need a little more info here. Are both domains W2K? If so, each DC should
host it's own domain as AD Integrated (it's the easiest to set up anyway).
You could create standard secondary zones on each DC, each as slaves to the
zones in the other domain. That would enable name resolution in both domains
from either domain. That should enable users with accounts in both domains
to log on to either one.

....kurt

 

[Kevin D. Goodknecht Sr. [MVP]]

I upgraded a Domian controller from NT 4.0 to Win 2K...

During the upgrading process, I created a new domain tree and a new
forest of the domain tree.. The Domain was named Joker.school.org,
then configured the DNS with Permissions compatiable with Pre-Windows
2000 servers...

Upon completing the Active Directory configuration wizard, I edit the
AD and assigned the GPO permissions..

This DC name is "Wild" so the DNS is wild.joker.school.org
Is this name too deep or long?

Wild DC is Trusted by DC, "Red".. Though, users can log on to
Joker.school.org doman, they can only see resources on that domain,
which is what we want. Yet, they can not access resources on that
domain..

I tried to create an integrated Active directory DNS zone and it
would be created.. I was able to create a Primary DNS zone and still
the users can not access the resources on the joker.school.org
domain...

I changed the primary DNS IP address 192.00.00.8 of the Trust Red
domain to point to Joker domain 192.00.00.3 and still can not see
access the resources though the user can see them. I could only add
the Joker domain to the network was to enter the Red IP, because this
is the Trust domain.. Now I need to point to the Joker DNS and I
changed the IP from the primary Red DNS to the Joker DNS and have
problems,...

AM I missing something here?

Am I missing something here?

This sounds like a permissions issue, if the trust is working you will still
need to add the users to the ACL on the shared resources and in the NTFS
permissions.

 

[Ace Fekay [MVP]]

In

This sounds like a permissions issue, if the trust is working you
will still need to add the users to the ACL on the shared resources
and in the NTFS permissions.

Sounds familiar...

Cheers!

 

[Kevin D. Goodknecht Sr. [MVP]]

Ace Fekay [MVP]

In

Sounds familiar...

Cheers!

OE is having one of those hiccups again, I didn't see your post till after
mine was posted. I hope my post re-enforces yours.

 

[Ace Fekay [MVP]]

In

OE is having one of those hiccups again, I didn't see your post till
after mine was posted. I hope my post re-enforces yours.

That is definitely one of the shortcomings of OE, which I experience often
too.