DNS not installing properly

[Guest]

I have a DC that is Trust with the primary DC.. My DC is an isolated network
with a Trust relationship the agencies primary DNS... All the users that
logon to my DC can only see my DC.. I can see my Trusted DC and the Trust
DC...

I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the Active
directory.. Applied the GPO security policies, but can not load either
Integrated DNS or Standard DNS Zones...
I know you can not completely work with Active Directory without the DNS
Zone.. Though I tried to load the zones it never takes with the active
directory..

What should I do next?

 

[Herb Martin]

I have a DC that is Trust with the primary DC.. My DC is an isolated
network
with a Trust relationship the agencies primary DNS... All the users that
logon to my DC can only see my DC.. I can see my Trusted DC and the Trust
DC...

"See"? Do you mean browse? Browsing is a NetBIOS application
and as such is not releated to trusts or DNS directly.

Also note that a "DC" cannot trust another DC nor DNS. Trusts are
between domains (except in one new Win2003 exception case for
forests.)

You indicate an "isolated" network -- if this implies routers (or
router switches) then your problem is likely a lack of (common)
WINS servers.

NetBIOS resolution has a practical requirement for a common
WINS database.

I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the Active
directory.. Applied the GPO security policies, but can not load either
Integrated DNS or Standard DNS Zones...

What? IF you have a DC then you can run DNS on it. If you run
DNS on the DC it CAN be integrated.

I know you can not completely work with Active Directory without the DNS
Zone.. Though I tried to load the zones it never takes with the active
directory..

What do you mean by "never takes"?

What should I do next?

Be very explicit about exactly what happens, avoid generic
phrases and describe your exact actions, results, and error
messages.

 

[Guest]

Thanks Herb for your kind reply..

I am very new with working at the server level. I have a strong workstation
level experience. Trying to get more familiar with servers and domain
controllers.. Let me give you the details that you need to help me...

Orginally, this primary domain controller (PDC) was a Windows NT 4.0 with a
Trust relationship with our organization's primary domain (Red). I built a
Windows NT 4.0 backup primary domain controller (BDC) on new Compaq Proliant
box and replicated the SAM accounts from the PDC. Then, I promoted the newly
built BDC to PDC. After this was done, I upgraded the new PDC to a Windows
2000 domain controllers. The Active Directory was created and all the
policies were modified.

The IPs are configured on the new DC as static for our organization's
primary DNS server. This was the only way to add this new DC to the network
for the existing domain. Also, it is the same domain name as the old Windows
NT 4.0 after the upgrade to Windows 2000.

All went well, until after the new Windows 2000 domain controller was added
to the organization's Trust relationship. The users are able logon to the new
domain contoller's domain (Blue) which I created in the Active directory.
But, when browsing "My Network Places" to look at the entire contents of the
(Blue) domain, it come back with error;

"Blue is not accessable. Logon Failue: user account Restriction.

After researching this, reading the event viewer and consulting with several
persons.. I was told that I did not have a DNS Zone.. I went ahead and
attempt to install the DNS manager and DNS Zone.. While attempting to install
the DNS "Active Directory Integrated" Zone, the message appears as;

"Zone can not be created. The Active Directory service is not available."

I went ahead and installed the "Standard Zone" I received the same message;

"Zone can not be created. The Active Directory service is not available."
When attempting to install the "Reverse: Active Directory-integrated
Primary Zone"

I hope I have explain this the best I could with little experience that I
have at the server level..

Thanks AllforLax

I have a DC that is Trust with the primary DC.. My DC is an isolated
network
with a Trust relationship the agencies primary DNS... All the users that
logon to my DC can only see my DC.. I can see my Trusted DC and the Trust
DC...

"See"? Do you mean browse? Browsing is a NetBIOS application
and as such is not releated to trusts or DNS directly.

Also note that a "DC" cannot trust another DC nor DNS. Trusts are
between domains (except in one new Win2003 exception case for
forests.)

You indicate an "isolated" network -- if this implies routers (or
router switches) then your problem is likely a lack of (common)
WINS servers.

NetBIOS resolution has a practical requirement for a common
WINS database.

I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the Active
directory.. Applied the GPO security policies, but can not load either
Integrated DNS or Standard DNS Zones...

What? IF you have a DC then you can run DNS on it. If you run
DNS on the DC it CAN be integrated.

I know you can not completely work with Active Directory without the DNS
Zone.. Though I tried to load the zones it never takes with the active
directory..

What do you mean by "never takes"?

What should I do next?

Be very explicit about exactly what happens, avoid generic
phrases and describe your exact actions, results, and error
messages.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

Thanks Herb for your kind reply..

Sorry for the delay in replying - this thread wasn't marked and I
had trouble re-finding it when you replied.

I am very new with working at the server level. I have a strong
workstation
level experience. Trying to get more familiar with servers and domain
controllers.. Let me give you the details that you need to help me...

Orginally, this primary domain controller (PDC) was a Windows NT 4.0 with
a
Trust relationship with our organization's primary domain (Red). I built a
Windows NT 4.0 backup primary domain controller (BDC) on new Compaq
Proliant
box and replicated the SAM accounts from the PDC. Then, I promoted the
newly
built BDC to PDC. After this was done, I upgraded the new PDC to a Windows
2000 domain controllers. The Active Directory was created and all the
policies were modified.

Standard procedure for upgrading NT when the (old) PDC is not a good
candidate.

Since: ONLY the PDC can upgrade the domain.

The IPs are configured on the new DC as static for our organization's
primary DNS server. This was the only way to add this new DC to the
network
for the existing domain. Also, it is the same domain name as the old
Windows
NT 4.0 after the upgrade to Windows 2000.

You cannot expect to use MANUAL records for AD -- your DCs
really need to register themselves so DNS must practically be
Dynamic.

While technically it is POSSIBLE to do this manually it is impractical
to the point that it is unworkable for real world domains.

All went well, until after the new Windows 2000 domain controller was
added
to the organization's Trust relationship. The users are able logon to the
new
domain contoller's domain (Blue) which I created in the Active directory.
But, when browsing "My Network Places" to look at the entire contents of
the
(Blue) domain, it come back with error;

"Blue is not accessable. Logon Failue: user account Restriction.

Trusts outside of a single forest AND browsing are both dependent
on NetBIOS (as I mentioned previously.)

After researching this, reading the event viewer and consulting with
several
persons.. I was told that I did not have a DNS Zone.. I went ahead and
attempt to install the DNS manager and DNS Zone.. While attempting to
install
the DNS "Active Directory Integrated" Zone, the message appears as;

"Zone can not be created. The Active Directory service is not available."

I went ahead and installed the "Standard Zone" I received the same
message;

"Zone can not be created. The Active Directory service is not available."
When attempting to install the "Reverse: Active Directory-integrated
Primary Zone"

You don't really need a reverse zone. You need a forward zone (which
might have been created automatically for you) but I though you already
had DNS setup?

Your DC must point to the DNS server it will use on it's NIC->IP properties.

I hope I have explain this the best I could with little experience that I
have at the server level..

You have two problems. DNS (fixing the zones) and NetBIOS (likely
WINS server needed if you have more than one Subnet) to fix browsing
and to enable trusts OUTSIDE of the forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks AllforLax

I have a DC that is Trust with the primary DC.. My DC is an isolated
network
with a Trust relationship the agencies primary DNS... All the users
that
logon to my DC can only see my DC.. I can see my Trusted DC and the
Trust
DC...

"See"? Do you mean browse? Browsing is a NetBIOS application
and as such is not releated to trusts or DNS directly.

Also note that a "DC" cannot trust another DC nor DNS. Trusts are
between domains (except in one new Win2003 exception case for
forests.)

You indicate an "isolated" network -- if this implies routers (or
router switches) then your problem is likely a lack of (common)
WINS servers.

NetBIOS resolution has a practical requirement for a common
WINS database.

I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the
Active
directory.. Applied the GPO security policies, but can not load either
Integrated DNS or Standard DNS Zones...

What? IF you have a DC then you can run DNS on it. If you run
DNS on the DC it CAN be integrated.

I know you can not completely work with Active Directory without the
DNS
Zone.. Though I tried to load the zones it never takes with the active
directory..

What do you mean by "never takes"?

What should I do next?

Be very explicit about exactly what happens, avoid generic
phrases and describe your exact actions, results, and error
messages.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

Hello,

Been a while.. Sorry.. Ben frustrating in working on tis problem alone..

I added the WINS IP address and able to see the resources in the "Blue"
domain.. However, still unable to shared out the resources on the "Blue"
domain..

I enter the WINS IP address for the organization's "Red" Trust Domain in the
primary "Blue's" DNS zone property. I was still not able to create an
Integrated Active Directory Zone... I even changed the primary DNS setting in
the NIC> Propteries for the "Blue" Domain and still user can not access the
resources.. Still getting error, "Blue is not accessable. Logon Failue: user
account Restriction".

Thanks Herb for your kind reply..

Sorry for the delay in replying - this thread wasn't marked and I
had trouble re-finding it when you replied.

I am very new with working at the server level. I have a strong
workstation
level experience. Trying to get more familiar with servers and domain
controllers.. Let me give you the details that you need to help me...

Orginally, this primary domain controller (PDC) was a Windows NT 4.0 with
a
Trust relationship with our organization's primary domain (Red). I built a
Windows NT 4.0 backup primary domain controller (BDC) on new Compaq
Proliant
box and replicated the SAM accounts from the PDC. Then, I promoted the
newly
built BDC to PDC. After this was done, I upgraded the new PDC to a Windows
2000 domain controllers. The Active Directory was created and all the
policies were modified.

Standard procedure for upgrading NT when the (old) PDC is not a good
candidate.

Since: ONLY the PDC can upgrade the domain.

The IPs are configured on the new DC as static for our organization's
primary DNS server. This was the only way to add this new DC to the
network
for the existing domain. Also, it is the same domain name as the old
Windows
NT 4.0 after the upgrade to Windows 2000.

You cannot expect to use MANUAL records for AD -- your DCs
really need to register themselves so DNS must practically be
Dynamic.

While technically it is POSSIBLE to do this manually it is impractical
to the point that it is unworkable for real world domains.

All went well, until after the new Windows 2000 domain controller was
added
to the organization's Trust relationship. The users are able logon to the
new
domain contoller's domain (Blue) which I created in the Active directory.
But, when browsing "My Network Places" to look at the entire contents of
the
(Blue) domain, it come back with error;

"Blue is not accessable. Logon Failue: user account Restriction.

Trusts outside of a single forest AND browsing are both dependent
on NetBIOS (as I mentioned previously.)

After researching this, reading the event viewer and consulting with
several
persons.. I was told that I did not have a DNS Zone.. I went ahead and
attempt to install the DNS manager and DNS Zone.. While attempting to
install
the DNS "Active Directory Integrated" Zone, the message appears as;

"Zone can not be created. The Active Directory service is not available."

I went ahead and installed the "Standard Zone" I received the same
message;

"Zone can not be created. The Active Directory service is not available."
When attempting to install the "Reverse: Active Directory-integrated
Primary Zone"

You don't really need a reverse zone. You need a forward zone (which
might have been created automatically for you) but I though you already
had DNS setup?

Your DC must point to the DNS server it will use on it's NIC->IP properties.

I hope I have explain this the best I could with little experience that I
have at the server level..

You have two problems. DNS (fixing the zones) and NetBIOS (likely
WINS server needed if you have more than one Subnet) to fix browsing
and to enable trusts OUTSIDE of the forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks AllforLax

I have a DC that is Trust with the primary DC.. My DC is an isolated
network
with a Trust relationship the agencies primary DNS... All the users
that
logon to my DC can only see my DC.. I can see my Trusted DC and the
Trust
DC...

"See"? Do you mean browse? Browsing is a NetBIOS application
and as such is not releated to trusts or DNS directly.

Also note that a "DC" cannot trust another DC nor DNS. Trusts are
between domains (except in one new Win2003 exception case for
forests.)

You indicate an "isolated" network -- if this implies routers (or
router switches) then your problem is likely a lack of (common)
WINS servers.

NetBIOS resolution has a practical requirement for a common
WINS database.

I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the
Active
directory.. Applied the GPO security policies, but can not load either
Integrated DNS or Standard DNS Zones...

What? IF you have a DC then you can run DNS on it. If you run
DNS on the DC it CAN be integrated.

I know you can not completely work with Active Directory without the
DNS
Zone.. Though I tried to load the zones it never takes with the active
directory..

What do you mean by "never takes"?

What should I do next?

Be very explicit about exactly what happens, avoid generic
phrases and describe your exact actions, results, and error
messages.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Herb Martin]

I added the WINS IP address and able to see the resources in the "Blue"

domain.. However, still unable to shared out the resources on the "Blue"
domain..

I enter the WINS IP address for the organization's "Red" Trust Domain in
the
primary "Blue's" DNS zone property. I was still not able to create an
Integrated Active Directory Zone... I even changed the primary DNS setting
in
the NIC> Propteries for the "Blue" Domain and still user can not access
the
resources.. Still getting error, "Blue is not accessable. Logon Failue:
user
account Restriction".

[This time I was out of town with limited Internet access.]

You must use STRICTLY the LOCAL DNS (the one with all of the correct
answers) on each machines NIC (DC or not) and you must arrange for that
DNS server (set) to resolve the other tree (easiest is Win2003 Conditional
Forwarding but Win2000 can use "cross secondaries" for each Domain tree
to resolve the other.)

NetBIOS using WINS requires that ALL Servers, especially ALL DCs for
external trusts be registered in the SAME WINS DATABASE.

This means they (the DCs and the other machiens) must all be WINS Clients
and you must replicate WINS if you use more than one.

You can only make an AD Integrated Zone when using DNS on a DC.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Hello,

Been a while.. Sorry.. Ben frustrating in working on tis problem alone..

I added the WINS IP address and able to see the resources in the "Blue"
domain.. However, still unable to shared out the resources on the "Blue"
domain..

I enter the WINS IP address for the organization's "Red" Trust Domain in
the
primary "Blue's" DNS zone property. I was still not able to create an
Integrated Active Directory Zone... I even changed the primary DNS setting
in
the NIC> Propteries for the "Blue" Domain and still user can not access
the
resources.. Still getting error, "Blue is not accessable. Logon Failue:
user
account Restriction".

Thanks Herb for your kind reply..

Sorry for the delay in replying - this thread wasn't marked and I
had trouble re-finding it when you replied.

I am very new with working at the server level. I have a strong
workstation
level experience. Trying to get more familiar with servers and domain
controllers.. Let me give you the details that you need to help me...

Orginally, this primary domain controller (PDC) was a Windows NT 4.0
with
a
Trust relationship with our organization's primary domain (Red). I
built a
Windows NT 4.0 backup primary domain controller (BDC) on new Compaq
Proliant
box and replicated the SAM accounts from the PDC. Then, I promoted the
newly
built BDC to PDC. After this was done, I upgraded the new PDC to a
Windows
2000 domain controllers. The Active Directory was created and all the
policies were modified.

Standard procedure for upgrading NT when the (old) PDC is not a good
candidate.

Since: ONLY the PDC can upgrade the domain.

The IPs are configured on the new DC as static for our organization's
primary DNS server. This was the only way to add this new DC to the
network
for the existing domain. Also, it is the same domain name as the old
Windows
NT 4.0 after the upgrade to Windows 2000.

You cannot expect to use MANUAL records for AD -- your DCs
really need to register themselves so DNS must practically be
Dynamic.

While technically it is POSSIBLE to do this manually it is impractical
to the point that it is unworkable for real world domains.

All went well, until after the new Windows 2000 domain controller was
added
to the organization's Trust relationship. The users are able logon to
the
new
domain contoller's domain (Blue) which I created in the Active
directory.
But, when browsing "My Network Places" to look at the entire contents
of
the
(Blue) domain, it come back with error;

"Blue is not accessable. Logon Failue: user account Restriction.

Trusts outside of a single forest AND browsing are both dependent
on NetBIOS (as I mentioned previously.)

After researching this, reading the event viewer and consulting with
several
persons.. I was told that I did not have a DNS Zone.. I went ahead and
attempt to install the DNS manager and DNS Zone.. While attempting to
install
the DNS "Active Directory Integrated" Zone, the message appears as;

"Zone can not be created. The Active Directory service is not
available."

I went ahead and installed the "Standard Zone" I received the same
message;

"Zone can not be created. The Active Directory service is not
available."
When attempting to install the "Reverse: Active Directory-integrated
Primary Zone"

You don't really need a reverse zone. You need a forward zone (which
might have been created automatically for you) but I though you already
had DNS setup?

Your DC must point to the DNS server it will use on it's NIC->IP
properties.

I hope I have explain this the best I could with little experience that
I
have at the server level..

You have two problems. DNS (fixing the zones) and NetBIOS (likely
WINS server needed if you have more than one Subnet) to fix browsing
and to enable trusts OUTSIDE of the forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Thanks AllforLax


:

I have a DC that is Trust with the primary DC.. My DC is an isolated
network
with a Trust relationship the agencies primary DNS... All the users
that
logon to my DC can only see my DC.. I can see my Trusted DC and the
Trust
DC...

"See"? Do you mean browse? Browsing is a NetBIOS application
and as such is not releated to trusts or DNS directly.

Also note that a "DC" cannot trust another DC nor DNS. Trusts are
between domains (except in one new Win2003 exception case for
forests.)

You indicate an "isolated" network -- if this implies routers (or
router switches) then your problem is likely a lack of (common)
WINS servers.

NetBIOS resolution has a practical requirement for a common
WINS database.

I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the
Active
directory.. Applied the GPO security policies, but can not load
either
Integrated DNS or Standard DNS Zones...

What? IF you have a DC then you can run DNS on it. If you run
DNS on the DC it CAN be integrated.

I know you can not completely work with Active Directory without the
DNS
Zone.. Though I tried to load the zones it never takes with the
active
directory..

What do you mean by "never takes"?

What should I do next?

Be very explicit about exactly what happens, avoid generic
phrases and describe your exact actions, results, and error
messages.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

 

[Guest]

Thanks!!! I will give this a try and see how it comes out...

I added the WINS IP address and able to see the resources in the "Blue"
domain.. However, still unable to shared out the resources on the "Blue"
domain..

I enter the WINS IP address for the organization's "Red" Trust Domain in
the
primary "Blue's" DNS zone property. I was still not able to create an
Integrated Active Directory Zone... I even changed the primary DNS setting
in
the NIC> Propteries for the "Blue" Domain and still user can not access
the
resources.. Still getting error, "Blue is not accessable. Logon Failue:
user
account Restriction".

[This time I was out of town with limited Internet access.]

You must use STRICTLY the LOCAL DNS (the one with all of the correct
answers) on each machines NIC (DC or not) and you must arrange for that
DNS server (set) to resolve the other tree (easiest is Win2003 Conditional
Forwarding but Win2000 can use "cross secondaries" for each Domain tree
to resolve the other.)

NetBIOS using WINS requires that ALL Servers, especially ALL DCs for
external trusts be registered in the SAME WINS DATABASE.

This means they (the DCs and the other machiens) must all be WINS Clients
and you must replicate WINS if you use more than one.

You can only make an AD Integrated Zone when using DNS on a DC.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Hello,

Been a while.. Sorry.. Ben frustrating in working on tis problem alone..

I added the WINS IP address and able to see the resources in the "Blue"
domain.. However, still unable to shared out the resources on the "Blue"
domain..

I enter the WINS IP address for the organization's "Red" Trust Domain in
the
primary "Blue's" DNS zone property. I was still not able to create an
Integrated Active Directory Zone... I even changed the primary DNS setting
in
the NIC> Propteries for the "Blue" Domain and still user can not access
the
resources.. Still getting error, "Blue is not accessable. Logon Failue:
user
account Restriction".

Thanks Herb for your kind reply..

Sorry for the delay in replying - this thread wasn't marked and I
had trouble re-finding it when you replied.

I am very new with working at the server level. I have a strong
workstation
level experience. Trying to get more familiar with servers and domain
controllers.. Let me give you the details that you need to help me...

Orginally, this primary domain controller (PDC) was a Windows NT 4.0
with
a
Trust relationship with our organization's primary domain (Red). I
built a
Windows NT 4.0 backup primary domain controller (BDC) on new Compaq
Proliant
box and replicated the SAM accounts from the PDC. Then, I promoted the
newly
built BDC to PDC. After this was done, I upgraded the new PDC to a
Windows
2000 domain controllers. The Active Directory was created and all the
policies were modified.

Standard procedure for upgrading NT when the (old) PDC is not a good
candidate.

Since: ONLY the PDC can upgrade the domain.

The IPs are configured on the new DC as static for our organization's
primary DNS server. This was the only way to add this new DC to the
network
for the existing domain. Also, it is the same domain name as the old
Windows
NT 4.0 after the upgrade to Windows 2000.

You cannot expect to use MANUAL records for AD -- your DCs
really need to register themselves so DNS must practically be
Dynamic.

While technically it is POSSIBLE to do this manually it is impractical
to the point that it is unworkable for real world domains.

All went well, until after the new Windows 2000 domain controller was
added
to the organization's Trust relationship. The users are able logon to
the
new
domain contoller's domain (Blue) which I created in the Active
directory.
But, when browsing "My Network Places" to look at the entire contents
of
the
(Blue) domain, it come back with error;

"Blue is not accessable. Logon Failue: user account Restriction.

Trusts outside of a single forest AND browsing are both dependent
on NetBIOS (as I mentioned previously.)

After researching this, reading the event viewer and consulting with
several
persons.. I was told that I did not have a DNS Zone.. I went ahead and
attempt to install the DNS manager and DNS Zone.. While attempting to
install
the DNS "Active Directory Integrated" Zone, the message appears as;

"Zone can not be created. The Active Directory service is not
available."

I went ahead and installed the "Standard Zone" I received the same
message;

"Zone can not be created. The Active Directory service is not
available."
When attempting to install the "Reverse: Active Directory-integrated
Primary Zone"

You don't really need a reverse zone. You need a forward zone (which
might have been created automatically for you) but I though you already
had DNS setup?

Your DC must point to the DNS server it will use on it's NIC->IP
properties.

I hope I have explain this the best I could with little experience that
I
have at the server level..

You have two problems. DNS (fixing the zones) and NetBIOS (likely
WINS server needed if you have more than one Subnet) to fix browsing
and to enable trusts OUTSIDE of the forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


Thanks AllforLax


:

I have a DC that is Trust with the primary DC.. My DC is an isolated
network
with a Trust relationship the agencies primary DNS... All the users
that
logon to my DC can only see my DC.. I can see my Trusted DC and the
Trust
DC...

"See"? Do you mean browse? Browsing is a NetBIOS application
and as such is not releated to trusts or DNS directly.

Also note that a "DC" cannot trust another DC nor DNS. Trusts are
between domains (except in one new Win2003 exception case for
forests.)

You indicate an "isolated" network -- if this implies routers (or
router switches) then your problem is likely a lack of (common)
WINS servers.

NetBIOS resolution has a practical requirement for a common
WINS database.

I upgraded my DC from Windows Nt 4.0 to Windows 2000 and bulted the
Active
directory.. Applied the GPO security policies, but can not load
either
Integrated DNS or Standard DNS Zones...

What? IF you have a DC then you can run DNS on it. If you run
DNS on the DC it CAN be integrated.

I know you can not completely work with Active Directory without the
DNS
Zone.. Though I tried to load the zones it never takes with the
active
directory..

What do you mean by "never takes"?

What should I do next?

Be very explicit about exactly what happens, avoid generic
phrases and describe your exact actions, results, and error
messages.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]