A
Ashley Heaton
Thanks in advance to anyone who reads this and has an
opinion.
Here is the situation.
We currently have a domain with Multiple DC's which are
physical location based. They are connected by high speed
WAN connections and it could probably be considered a LAN
speed wise as we are a telecommunications company as well
and can afford the high speed connections. The domain was
unfortunately named incorrectly as a real world .com
address and is causing DNS issues for VPN users and
others as well since we don't own the external domain
name.
Anyway, we have decided that we are going to move to
another domain name since we are replacing the majority
of our servers this year. We will also be moving to
Windows Server 2003 on the new servers. The current plan
of action is going to be to bring up a new server in a
new forest and domain and move things over as we can to
the new domain. The new domain of course will need to
have a trust relationship with the old domain between the
two forests. Here is where the problems seem to be
cropping up in our testing.
We have setup a small network which we are trying to test
the steps of this process on. The two problems we are
having are as follows.
1. I can't find anywhere that will tell me how DNS
needs to be setup in order for proper name resolution
between the two domains. Obviously each domain will have
it's own AD integrated DNS server (or not?), but how do
you configure them to make sure they can resolve across
the domains/forests. Can I just set the two servers to
forward to each other or will that cause a loop? Will
they just find each other and be happy? I have tried it
both ways on the test network but can't get the FQDN to
appear when I ping machine names in the other domain. If
I specifically type the FQDN it will still ping the
correct address however. This is the first thing I need
to know how to do correctly and may fix the second issue.
2. When I create the trust relationship between the
two domains I can't get groups and accounts from one
domain to show up in the other. It creates the trusts and
says that they verify ok but the domains won't show up
for each other. I suspect this may be because I don't
know how to setup the DNS between the two domains but I'm
not 100% on that. I'm also wondering if this is something
between Windows 2000 Server and Windows 2003 Server.
Anyway, this is where I'm stuck at and can't seem to get
by it. Any help anyone can offer would be greatly
appreciated. Please post any replies to the forums here
or you may email me at (e-mail address removed)
Thanks,
Ashley Heaton
opinion.
Here is the situation.
We currently have a domain with Multiple DC's which are
physical location based. They are connected by high speed
WAN connections and it could probably be considered a LAN
speed wise as we are a telecommunications company as well
and can afford the high speed connections. The domain was
unfortunately named incorrectly as a real world .com
address and is causing DNS issues for VPN users and
others as well since we don't own the external domain
name.
Anyway, we have decided that we are going to move to
another domain name since we are replacing the majority
of our servers this year. We will also be moving to
Windows Server 2003 on the new servers. The current plan
of action is going to be to bring up a new server in a
new forest and domain and move things over as we can to
the new domain. The new domain of course will need to
have a trust relationship with the old domain between the
two forests. Here is where the problems seem to be
cropping up in our testing.
We have setup a small network which we are trying to test
the steps of this process on. The two problems we are
having are as follows.
1. I can't find anywhere that will tell me how DNS
needs to be setup in order for proper name resolution
between the two domains. Obviously each domain will have
it's own AD integrated DNS server (or not?), but how do
you configure them to make sure they can resolve across
the domains/forests. Can I just set the two servers to
forward to each other or will that cause a loop? Will
they just find each other and be happy? I have tried it
both ways on the test network but can't get the FQDN to
appear when I ping machine names in the other domain. If
I specifically type the FQDN it will still ping the
correct address however. This is the first thing I need
to know how to do correctly and may fix the second issue.
2. When I create the trust relationship between the
two domains I can't get groups and accounts from one
domain to show up in the other. It creates the trusts and
says that they verify ok but the domains won't show up
for each other. I suspect this may be because I don't
know how to setup the DNS between the two domains but I'm
not 100% on that. I'm also wondering if this is something
between Windows 2000 Server and Windows 2003 Server.
Anyway, this is where I'm stuck at and can't seem to get
by it. Any help anyone can offer would be greatly
appreciated. Please post any replies to the forums here
or you may email me at (e-mail address removed)
Thanks,
Ashley Heaton