Multiple Forests in an Isolated test network

[Guest]

I have to set up a test network on an isolated ethernet segment. We need two forests (perhaps more forests later). They will trust each other

I spent the last couple of days on the first pass, but I couldn't get the two name servers to work together. Rather than type all the things that didn't work, can someone give me some idea of how a DNS for one forest can be configured to exchange data with a DNS for another forest? The DNS will be active directory integrated

We have been looking for white papers or technical articles that describe this situation, but we haven't found any yet. MS has something about multiple forests, but it is only about theory, not practice. The practical info is promised, but not published yet. At least I can't find it

One last thing. The basic design (multiple forests) is settled. If you think it is a bad idea, well I don't argue, but good, bad, or indifferent, I have to implement it. So please have some sympathy with my situation before you slam me for a design I didn't write

hhHank

 

[Kevin D. Goodknecht [MVP]]

In

I have to set up a test network on an isolated ethernet segment. We
need two forests (perhaps more forests later). They will trust each
other.

I spent the last couple of days on the first pass, but I couldn't get
the two name servers to work together. Rather than type all the
things that didn't work, can someone give me some idea of how a DNS
for one forest can be configured to exchange data with a DNS for
another forest? The DNS will be active directory integrated.

We have been looking for white papers or technical articles that
describe this situation, but we haven't found any yet. MS has
something about multiple forests, but it is only about theory, not
practice. The practical info is promised, but not published yet. At
least I can't find it.

One last thing. The basic design (multiple forests) is settled. If
you think it is a bad idea, well I don't argue, but good, bad, or
indifferent, I have to implement it. So please have some sympathy
with my situation before you slam me for a design I didn't write.

hhHank

Depends on if they are Win2k or Win2k3.
Win2k3 DNS supports conditional forwarders, so you would just set a
conditional forwarder for the domain names of the other forests.

Win2k would need secondary zones from the other forests.

 

[the confused]

1. Assuming you don't belong to an existing name space,
and you are creating this name space.

create the root zone and zone1 for forest1 on dnsA.
delegate zone1 and zone2 in the root domain to dnsA
(forest1) and dnsB (forest2). create zone2 and use root
hints on dnsB. the root hints file provide the info of
dnsA (name and ip).

2. if being part of existing name space, delegate the two
zones in the parent domain and use root hints for
existing root servers on both dnsA and B.

-----Original Message-----
I have to set up a test network on an isolated ethernet

segment. We need two forests (perhaps more forests
later). They will trust each other.

I spent the last couple of days on the first pass, but I

couldn't get the two name servers to work together.
Rather than type all the things that didn't work, can
someone give me some idea of how a DNS for one forest can
be configured to exchange data with a DNS for another
forest? The DNS will be active directory integrated.

We have been looking for white papers or technical

articles that describe this situation, but we haven't
found any yet. MS has something about multiple forests,
but it is only about theory, not practice. The practical
info is promised, but not published yet. At least I
can't find it.

One last thing. The basic design (multiple forests) is

settled. If you think it is a bad idea, well I don't
argue, but good, bad, or indifferent, I have to implement
it. So please have some sympathy with my situation
before you slam me for a design I didn't write.