DNS between Forests

[Glen]

Hi,

We just aquired another company and now have a VPN
between the sites. I want to create a trust between the
2 forests so users in both sites can see file servers
etc. Before I can do that I need have the dns servers in
each site reconize each other(both use private IP's).
What is the best way to do this? Thanks in advance!

Glen

 

[Steve Duff [MVP]]

With Win2K Server different AD domains cannot AD-replicate
DNS with each other. (Win2K3 DNS makes this much easier.)

With two unrelated domain namespaces, you should
use standard DNS secondaries, and host copies of each
other's zones.

Create a secondary in A for the domain on B, and vice-versa.
Authorize the DNS servers, disable dynamic updates on
the secondaries, set a reasonably frequent zone transfer
schedule and you should be good.

You may want to set up WINS and WINS replication as
well. In general, name resolution tends to work more
smoothly when that service is available globally.

Steve Duff, MCSE
Ergodic Systems, Inc.

 

[Michael Johnston [MSFT]]

If you are using Windows 2000 or NT4 DNS, create secondaries of each others zones in DNS. If you have Windows 2003
running DNS, create a conditional forwarder that points to the other domain. Either of these will give you full qualified name
resolution to the other domain. If you need host name resolution between these two domains, you will need to add a DNS suffix
search list that includes each domain. This will allow clients to simply use the host name of the resource they need to access.
This would require that machine names be unique between the two domains though.

You mention you want clients to "see" resoureces at the other location. If by "see" you mean browse, you will need WINS to get
this functionality. Install WINS at each site. Configure the WINS servers to replicate and create a trust between the two domains.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.

 

[Glen]

Hi Guys,

Thanks a lot for the responses. The site we aquired only
has 1 server running AD. Is there a way instead to just
make that server a part of our AD domain? It would
involve removing the only server in their forest and
adding it to our forest. Thanks again! -Glen

-----Original Message-----
With Win2K Server different AD domains cannot AD- replicate
DNS with each other. (Win2K3 DNS makes this much easier.)

With two unrelated domain namespaces, you should
use standard DNS secondaries, and host copies of each
other's zones.

Create a secondary in A for the domain on B, and vice- versa.
Authorize the DNS servers, disable dynamic updates on
the secondaries, set a reasonably frequent zone transfer
schedule and you should be good.

You may want to set up WINS and WINS replication as
well. In general, name resolution tends to work more
smoothly when that service is available globally.

Steve Duff, MCSE
Ergodic Systems, Inc.


"Glen" <[email protected]> wrote in

message news:[email protected]...