Domain Controllers

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Can I have two DC controls on the same subnet same LAN but one is for
domainA.com and the other domainB.com? Will there be conflict as far as DNS
or DHCP?
 
Andre said:
Can I have two DC controls on the same subnet same LAN but one is for
domainA.com and the other domainB.com?
Click to expand...

Sure, not an issue.
Will there be conflict as far as DNS
Click to expand...

Not an issue as long as each client is set to
use the DNS server which can resolve the
names it needs (or that server can resolve them
ALL which should usually be the case for
internal setups like this.)

DNS Clients use a internal DNS server which should
be able to resolve (or seek resolution) for ALL
names that client needs. (Remember, "servers" are
DNS clients TOO.)
or DHCP?
Click to expand...

The answer is a little more complicated here since
if two DHCP servers offer a scope to the same subnet
(broadcast domain) then they will be used randomly
by clients (usually the fastest one to answer.)

You cannot expect one DHCP server to give out
settings to the clients of one domain, that are different
from the settings for clients of another Domain* since
DHCP is not "domain" aware -- or even OS aware
so this is true of Macs, Unix, etc.

But as long as all of the clients on one subnet can
accept the same settings then this can work. Notice
the biggest problem here is likely to be DNS, first
the server to use but we can fix that by making all
servers resolve all names (as they should and was
mentioned above.)

Second is giving out DNS names or registering in
DNS for the clients which really want work for
two zones/domains. But the clients can still
register for themselves.

*There are two ways to deal with the issue of
different settings for different sets of computers:

1) Reservations

2) Class IDs

Many people have a limited understanding of
"reservations" assuming that they are ONLY for
giving out fixed IP addresses.

Reservations, however, can also be used when
you wish to give DIFFERENT options settings
to a specific machine. They are tedious to use
when you have a lot of machines that need this
though.

Thus the new (Win2000+) DHCP feature of classIDs.
Class IDs allow every machine of a certain "class"
to be given specific options settings.

There are two kinds of class: Vendor and User.
Vendor basically means "Microsoft supplied"
and User means "admin created" (by you.)

[Vendor classes are pre-existing in DHCP server,
and pre-set on each type of machine, e.g,. XP versus
Win2000 etc.]

The toughest thing about using User classes is that
each machine need to be "set" using

IPConfig /setclassID CLASSNAME

(or some equivalent)

You can walk around to each machine or your
can try to automate it.

While almost anything CAN be set from a GPO,
including this (using a script or registry entry) the
problem is that by the time the GPO is downloaded
and applied AFTER the network initiallizes (and
all DHCP settings are already applied.)

This means that while you can use a GPO to set this
it will NOT work the very first time (of course the
script can do a refresh after the /setclassID, but that
still can leave some unfinished business.)

So will it work? Sure, set a different User classid
for each domain.

(Developers: Consider making the Domain name
a Vendor class?)
 
Herb,

I am just about to embark on a domain migration and your answer below sounds
like what I also need to do regarding dns and dhcp. We will have 6 dc's in
2 AD forests, you mention 'having servers to reslove all names'. From what
I have gathered here, from the posts yourself and others that have been
kindly provided, can you run this over for me?

Original Domain:
abc.com - 3 dc's - DNS is AD intergrated, also running WINS and exchange

New Domain:
xyz.local - 3 dc's - DNS will be AD integrated, will be running WINS and
Exchange

xyz.local will soon be built, and users, groups, computers etc will be
migrated there from abc.com.......name resolution.......how could I get the
dc's in zyx.local to provide dhcp/dns/wins for abc.com to ensure a smooth
migration? I would like to have xyz.local's dns and wins absolutley 'spot
on' before any objects are migrated there. Hopefully resolving names for
abc.com and xyz.local so the transition wil be as smotth as possible.

I know it's a long question, but any help much appreciated.

TIA, Andrew

Herb Martin said:
Andre said:
Can I have two DC controls on the same subnet same LAN but one is for
domainA.com and the other domainB.com?
Click to expand...

Sure, not an issue.
Will there be conflict as far as DNS
Click to expand...

Not an issue as long as each client is set to
use the DNS server which can resolve the
names it needs (or that server can resolve them
ALL which should usually be the case for
internal setups like this.)

DNS Clients use a internal DNS server which should
be able to resolve (or seek resolution) for ALL
names that client needs. (Remember, "servers" are
DNS clients TOO.)
or DHCP?
Click to expand...

The answer is a little more complicated here since
if two DHCP servers offer a scope to the same subnet
(broadcast domain) then they will be used randomly
by clients (usually the fastest one to answer.)

You cannot expect one DHCP server to give out
settings to the clients of one domain, that are different
from the settings for clients of another Domain* since
DHCP is not "domain" aware -- or even OS aware
so this is true of Macs, Unix, etc.

But as long as all of the clients on one subnet can
accept the same settings then this can work. Notice
the biggest problem here is likely to be DNS, first
the server to use but we can fix that by making all
servers resolve all names (as they should and was
mentioned above.)

Second is giving out DNS names or registering in
DNS for the clients which really want work for
two zones/domains. But the clients can still
register for themselves.

*There are two ways to deal with the issue of
different settings for different sets of computers:

1) Reservations

2) Class IDs

Many people have a limited understanding of
"reservations" assuming that they are ONLY for
giving out fixed IP addresses.

Reservations, however, can also be used when
you wish to give DIFFERENT options settings
to a specific machine. They are tedious to use
when you have a lot of machines that need this
though.

Thus the new (Win2000+) DHCP feature of classIDs.
Class IDs allow every machine of a certain "class"
to be given specific options settings.

There are two kinds of class: Vendor and User.
Vendor basically means "Microsoft supplied"
and User means "admin created" (by you.)

[Vendor classes are pre-existing in DHCP server,
and pre-set on each type of machine, e.g,. XP versus
Win2000 etc.]

The toughest thing about using User classes is that
each machine need to be "set" using

IPConfig /setclassID CLASSNAME

(or some equivalent)

You can walk around to each machine or your
can try to automate it.

While almost anything CAN be set from a GPO,
including this (using a script or registry entry) the
problem is that by the time the GPO is downloaded
and applied AFTER the network initiallizes (and
all DHCP settings are already applied.)

This means that while you can use a GPO to set this
it will NOT work the very first time (of course the
script can do a refresh after the /setclassID, but that
still can leave some unfinished business.)

So will it work? Sure, set a different User classid
for each domain.

(Developers: Consider making the Domain name
a Vendor class?)
Click to expand...
 
Andrew said:
Herb,

I am just about to embark on a domain migration and your answer below sounds
like what I also need to do regarding dns and dhcp. We will have 6 dc's in
2 AD forests, you mention 'having servers to reslove all names'. From what
I have gathered here, from the posts yourself and others that have been
kindly provided, can you run this over for me?
Click to expand...

Sure but recognize that although we (humans)
tend to think of a DNS server as being for it's
"own domain", any DNS server can hold zones
for any zone (which you control.)

That's the key to understanding serveral of the
methods.
Original Domain:
abc.com - 3 dc's - DNS is AD intergrated, also running WINS and exchange

New Domain:
xyz.local - 3 dc's - DNS will be AD integrated, will be running WINS and
Exchange

xyz.local will soon be built, and users, groups, computers etc will be
migrated there from abc.com.......name resolution.......how could I get the
dc's in zyx.local to provide dhcp/dns/wins for abc.com to ensure a smooth
migration?
Click to expand...

Have (all of) the DNS servers hold both zones.
It's that simple unless the zones are huge and you
cannot afford to transfer all of that info.

I would like to have xyz.local's dns and wins absolutley 'spot
on' before any objects are migrated there. Hopefully resolving names for
abc.com and xyz.local so the transition wil be as smotth as possible.

I know it's a long question, but any help much appreciated.
Click to expand...

Sorry it's such a short answer but unless you
don't "get the trick" that is all there is too it.

There are other methods if you use Win2003
DNS but they all come down to the same basic
idea: Every DNS can resolve every name (or
find another DNS which can).

1) Common root using root hints (terrible if
you must also resolve the Internet using
root hints or forwarding since this
defeats that strategy -- I can make it work
but it is a lot of hacking around.)

2) "Cross secondaries" described above.

3) "Cross stub" zones -- same idea but without
transferring all of the records (Win2003)

4) Conditional forwarding (Win2003)

#3 is only needed for "huge" zones in most cases,
only works for Win2003, and doesn't fit your
situation since you want to build all of your DNS
before you install your second Domain.

BTW, your desire to get it "all right" beforehand
is a good one but eventually you will likely want
to switch over to using AD Integrated DNS which
usually means the DCs of the SAME domain will
all (or largely) be DNS servers.

In Win2000 using AD Integrated will means the
DCs of Domain1 will be AD-integrated for the
zone supporting Domain1, AND they will be
secondaries for Domain2 (and vice versa.)

This is what I call "cross secondaries" just as
a name so we can talk about it once the principle
is understood.
 
Herb - thankyou very much for your time.

I've almost got a couple of test domains ready and will try to accomplish
what you have advised below.

Thanks again, Andrew
 
Back
Top