dns with domain trusts

[Colin Bondi]

We are merging two companies and so are working to integrate our Windows
2000 active directory domains. The parent company is in NY and the smaller
company being acquired is in OR. What we decided to do was to create a new
domain in OR and make it a child domain of NYs existing root domain. Then we
would migrate resources from the old OR domain to the new OR child domain.
Since the old OR domain was small this isn't too big of a problem. Since we
can't migrate everything all at once we created a two way trust relationship
between the new OR domain and the old OR domain so that users can access
resources in both domains as things are being migrated. My question is in
regards to DNS setup. The new OR child domain controller has its primary DNS
set to the parent NY domains DNS and it is also running DNS itself. As we
add clients to the new OR domain how should we setup DNS so that clients can
resolve names across both domains, new and old? I added one machine to the
new domain and set its DNS to the new OR domain controller and I can browse
both domains under network places but if I try to access a resource in the
old domain I get the message that the resource is unavailable, no logon
servers available to service the request. Now I understand this because this
client is not pointing to the DNS servers for the old domain but the
question is how do I configure DNS on these cleints so that they can resolve
AD and names in their own domain as well as names in the old domain. Is
there a way to link the DNS servers from the two domains together.
Any feedback would be appreciated.
thanks
Colin Bondi

 

[Herb Martin]

We are merging two companies and so are working to integrate our Windows

2000 active directory domains. The parent company is in NY and the smaller
company being acquired is in OR. What we decided to do was to create a new
domain in OR and make it a child domain of NYs existing root domain. Then we
would migrate resources from the old OR domain to the new OR child domain.
Since the old OR domain was small this isn't too big of a problem. Since

we

Ok, but consider that since you only have two domains, the
two way external trusts might have worked for you.

Doesn't matter, you already overcame most of this obstacle.

can't migrate everything all at once we created a two way trust relationship
between the new OR domain and the old OR domain so that users can access
resources in both domains as things are being migrated. My question is in
regards to DNS setup.

The new OR child domain controller has its primary DNS
set to the parent NY domains DNS and it is also running DNS itself.

That doesn't sound right but maybe you have a reason.
Generally, a DNS server should point to itself -- or at
least one of the DNS servers for it's own domain so
that registration is easy in a dynamic environment among
other things.

As we
add clients to the new OR domain how should we setup DNS so that clients can
resolve names across both domains, new and old?

If the Internet is not involved in this (I bet it is though)
you can point all member machines (include DNS and DCs)
to the OR DNS servers.

You delegate OR DNS from NY DNS (since OR is a child
domain it is also a child zone -- it looks awkward but this
is what you chose: OR.NY.com

(I would have created a common parent, e.g., Company.com,
add both OR and NY to it as peer children, i.e.,
OR.company.com and NY.company.com but this is mostly
style.)

Ok, so NY delegates to the child zone OR. The child zone
OR servers need a root to point to so they can recurse down;
create a "." zone in NY (same server is usually ok but there is
an issue with that) and point OR DNS "root hints" to that root.

I added one machine to the
new domain and set its DNS to the new OR domain controller and I can browse
both domains under network places but if I try to access a resource in the
old domain I get the message that the resource is unavailable, no logon

Browsing is WINS/NetBIOS based so you can't trust those results
and notice that LOGON is failing which implies DNS is a problem.

servers available to service the request. Now I understand this because this
client is not pointing to the DNS servers for the old domain but the
question is how do I configure DNS on these cleints so that they can resolve
AD and names in their own domain as well as names in the old domain. Is
there a way to link the DNS servers from the two domains together.
Any feedback would be appreciated.

Let's start over -- normal case is that DNS server for ANY zone
point to themselves as clients and have root hints to the TOP OF
the Namespace in which they live.

If this is the Internet namespace they can also access those name
(and thus resources.)

Problem occurs when you cannot delegate the internal servers
from the Internet based DNS parents (for whatever reason.)

It is somewhat difficult to get a DNS server to check TWO
separate (disjoint) namespace -- i.e., two namespace without
a common root parent.

 

[Ivan Sheng]

Deji's reponse is correct.
-Ivan

 

[Colin Bondi]

Ace, thanks for your help.
Your suggestions did the trick, we had one domain in native mode and another
in mixed. When that was changed it all worked. WINS also is doing the job as
a temporary solution.
again thanks, much appreciated.
Colin Bondi

 

[Ace Fekay [MVP]]

In

Ace, thanks for your help.
Your suggestions did the trick, we had one domain in native mode and
another in mixed. When that was changed it all worked. WINS also is
doing the job as a temporary solution.
again thanks, much appreciated.
Colin Bondi

No problem and glad it helped.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory