Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows Server 2003 / DNS / June 2007

Tip: Looking for answers? Try searching our database.

best dns config for new tree in forest

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Eric Darby - 26 Jun 2007 22:26 GMT
i am in the process of flattening my domain and have created a new domain
tree to migrate all of my child domains into.

On the new Domain what is the best way to configure the AD Integrated DNS?
I need to see the forest root and child domains of the old tree while making
the transition.

Should I have replication to All DNS servers in the AD forest?

The forest root domain is going to remain and it is currently set to
replicate to All DNS servers in the AD forest.
Reply to this Message
Herb Martin - 27 Jun 2007 02:42 GMT
>i am in the process of flattening my domain and have created a new domain
>tree to migrate all of my child domains into.

Why not just migrated into ONE of the existing domains?

> On the new Domain what is the best way to configure the AD Integrated DNS?

On the new domain?  Is it in a new forest?  (IF NOT you cannot get
rid of all the old domains anyway.)

If it is in a new forest there is only ONE way to setup AD Integrated DNS
that really makes much sense with 2003, and literally only one choice if
you have 2000 DNS-DCs.

Use either All DNS-DCs in the Domain, or use ALL DCs (if you have
2000 DCs).

If you have more than one Domain in that forest (or it's in the current
forest with the other domains) then you could theoretically use All DNS-DCs
in Forest.

This is not the key design problem.

> I need to see the forest root and child domains of the old tree while
> making the transition.

The key problem is having a way for the new domain to find (all of) the
old domains, and a way for the old domains to find the new one which
being in a new tree implies they cannot use the same rooted hierarchy
and you will either have to hold "cross secondaries" or "cross stubs"
for the OTHER Trees -- or you can use Conditional Forwarding on
each side.

> Should I have replication to All DNS servers in the AD forest?

That works if the new domain is in the same forest -- but then you
will always have at least one of the current domains (cannot remove
it) plus the new domain.

> The forest root domain is going to remain and it is currently set to
> replicate to All DNS servers in the AD forest.

If you do it this way you have more efficient replication in most cases.

If your domains are small it will practically always be a good choice.

Signature

Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

Reply to this Message
Eric Darby - 27 Jun 2007 13:39 GMT
because all of the other domains are child domains of the forest root.  I
want to start a new tree to make sure the policies and permissions are all
clean.

>>i am in the process of flattening my domain and have created a new domain
>>tree to migrate all of my child domains into.
[quoted text clipped - 43 lines]
>
> If your domains are small it will practically always be a good choice.
Reply to this Message
Herb Martin - 27 Jun 2007 20:20 GMT
> because all of the other domains are child domains of the forest root.  I
> want to start a new tree to make sure the policies and permissions are all
> clean.

Policies can be reset with DCGPOfix.exe

Having to manage all the permissions and owership on existing
resources will be much uglier than just reseting permissions.

Signature

Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

>>>i am in the process of flattening my domain and have created a new domain
>>>tree to migrate all of my child domains into.
[quoted text clipped - 43 lines]
>>
>> If your domains are small it will practically always be a good choice.
Reply to this Message
Eric Darby - 28 Jun 2007 14:26 GMT
thats true.  I also have 1 other gripe.  the previous admin named the forest
[company].ent.

I would like to name it [company].com and have a forest root container.

I figure if i make a new tree then I can have my .com domain and still have
the root.

>> because all of the other domains are child domains of the forest root.  I
>> want to start a new tree to make sure the policies and permissions are
[quoted text clipped - 53 lines]
>>>
>>> If your domains are small it will practically always be a good choice.
Reply to this Message
Herb Martin - 28 Jun 2007 15:01 GMT
> thats true.  I also have 1 other gripe.  the previous admin named the
> forest [company].ent.
>
> I would like to name it [company].com and have a forest root container.

Company.ent is likely a better name than using your public .com name
but if you are in Windows 2003 Forest Functional Level (every Domain
in Win2003 Server Native mode which means all DCs running 2003)
you can rename a domain.

> I figure if i make a new tree then I can have my .com domain and still
> have the root.

Yes, you can do that -- it sounds like a terrible reason for adding a domain
and going through a migration -- it actually will probably be WORSE than
what you have now.

Signature

Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

>>> because all of the other domains are child domains of the forest root.
>>> I want to start a new tree to make sure the policies and permissions are
[quoted text clipped - 55 lines]
>>>>
>>>> If your domains are small it will practically always be a good choice.
Reply to this Message
Eric Darby - 28 Jun 2007 21:01 GMT
i am in native 2003 mode and that is a thought.  I've just got a very dirty
DNS and AD Policy structure.  Starting fresh seems like it would eliminate a
ton of headaches.

>> thats true.  I also have 1 other gripe.  the previous admin named the
>> forest [company].ent.
[quoted text clipped - 75 lines]
>>>>>
>>>>> If your domains are small it will practically always be a good choice.
Reply to this Message
Herb Martin - 29 Jun 2007 04:08 GMT
>i am in native 2003 mode and that is a thought.  I've just got a very dirty
>DNS and AD Policy structure.  Starting fresh seems like it would eliminate
>a ton of headaches.

Seriously:  People who cannot (or will not) clean up their current
domain won't be able to keep the new one maintained either --
just clean it up, it's easier than than migrating and THEN cleaning
it up.

Signature

Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

>>> thats true.  I also have 1 other gripe.  the previous admin named the
>>> forest [company].ent.
[quoted text clipped - 76 lines]
>>>>>> If your domains are small it will practically always be a good
>>>>>> choice.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.