Problem:

I am part of a name space xyz.edu and have no control of the
DNS/Domain namespace. I mean I can have hosts added and deleted with
an email but that's it. I need to set up Active Directory that is
totally separate from xyz.edu. We access many hosts in the xyz.edu.

Obviously I can not use split-brain because of all the hosts that we
access from here.

Question: Since this is not really a internal/external firewall type
set up, can I still use a totally different domain name for my AD
Domain? This would mean that every host would have 2 names. One that
xyz.edu knows in its DNS and the other xyz.local that my DNS knows
about. I don't want to set this all up and get hit with a gotcha that
I missed. This seems a little different then the ones I have seen in
the group.

TIA

In news:(E-Mail Removed),
Bill Stewart <(E-Mail Removed)> posted a question
Then Kevin replied below:
> Problem:
>
> I am part of a name space xyz.edu and have no control of the
> DNS/Domain namespace. I mean I can have hosts added and deleted with
> an email but that's it. I need to set up Active Directory that is
> totally separate from xyz.edu. We access many hosts in the xyz.edu.
>
> Obviously I can not use split-brain because of all the hosts that we
> access from here.
>
> Question: Since this is not really a internal/external firewall type
> set up, can I still use a totally different domain name for my AD
> Domain? This would mean that every host would have 2 names. One that
> xyz.edu knows in its DNS and the other xyz.local that my DNS knows
> about. I don't want to set this all up and get hit with a gotcha that
> I missed. This seems a little different then the ones I have seen in
> the group.
>
> TIA

Can you get a delegation added?
The best way to set this up is to give your AD domain a child name, such as
"child.xyz.edu" then have the name "child" delegated to the Domain
Controller from the "xyz.edu" zone.
That way no matter which DNS server its members are using it can find the
DCs SRV records, and also allows the DC to automatically register its
records in DNS.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

Kevin offered you the standard answer -- I too would
pursue having the parent zone (xyz.edu) delegate to your
zone, e.g., yourADdomain.xyz.edu.

Then you can enable "parent suffix" searching and clients
can type things like WWW and if no xxx.yourAddomain.xyz.edu
is found, it will try www.xyz.edu etc.

--
Herb Martin
"Bill Stewart" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Problem:
>
> I am part of a name space xyz.edu and have no control of the
> DNS/Domain namespace. I mean I can have hosts added and deleted with
> an email but that's it. I need to set up Active Directory that is
> totally separate from xyz.edu. We access many hosts in the xyz.edu.
>
> Obviously I can not use split-brain because of all the hosts that we
> access from here.
>
> Question: Since this is not really a internal/external firewall type
> set up, can I still use a totally different domain name for my AD
> Domain? This would mean that every host would have 2 names. One that
> xyz.edu knows in its DNS and the other xyz.local that my DNS knows
> about. I don't want to set this all up and get hit with a gotcha that
> I missed. This seems a little different then the ones I have seen in
> the group.
>
> TIA

I was thinking that too but I have 2 constraints and I am not sure if
it would create problems:

The network here is large (and we are a small unit within it) and it
is one flat class B address. It is bridged and filtered. There are no
sub domains and they will not create one for me. Changing the DNS
structure of the network I am on is not an option.



Can I still have my AD domain name be a sub domain anyway? Like
yourADdomain.xyz.edu. Even though it is not that way in the global DNS
naming system. I realized that my Windows hosts will be resolving
with a AD DNS and to them it won't matter but not all machines are
Windows. I do not control the Unix boxes so they will be resolving
and named as they always have been.

I think I can use the "fake" sub domain approach but I am afraid that
once I get going, I will run into some naming snag. I would like to
avoid that.




"Herb Martin" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> Kevin offered you the standard answer -- I too would
> pursue having the parent zone (xyz.edu) delegate to your
> zone, e.g., yourADdomain.xyz.edu.
>
> Then you can enable "parent suffix" searching and clients
> can type things like WWW and if no xxx.yourAddomain.xyz.edu
> is found, it will try www.xyz.edu etc.
>
> --
> Herb Martin
> "Bill Stewart" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Problem:
> >
> > I am part of a name space xyz.edu and have no control of the
> > DNS/Domain namespace. I mean I can have hosts added and deleted with
> > an email but that's it. I need to set up Active Directory that is
> > totally separate from xyz.edu. We access many hosts in the xyz.edu.
> >
> > Obviously I can not use split-brain because of all the hosts that we
> > access from here.
> >
> > Question: Since this is not really a internal/external firewall type
> > set up, can I still use a totally different domain name for my AD
> > Domain? This would mean that every host would have 2 names. One that
> > xyz.edu knows in its DNS and the other xyz.local that my DNS knows
> > about. I don't want to set this all up and get hit with a gotcha that
> > I missed. This seems a little different then the ones I have seen in
> > the group.
> >
> > TIA

> > Kevin offered you the standard answer -- I too would
> > pursue having the parent zone (xyz.edu) delegate to your
> > zone, e.g., yourADdomain.xyz.edu.

"Bill Stewart" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The network here is large (and we are a small unit within it) and it
> is one flat class B address. It is bridged and filtered.

None of the above is likely relevant.

> There are no
> sub domains and they will not create one for me. Changing the DNS
> structure of the network I am on is not an option.

Then they are going to NEED to make their DNS zone dynamic which
is going to be VERY unpleasant and unpalatable to them (me too.)

Then you are going to create a private zone that is NOT within their
tree.

Assuming you AD deployment is "approved" you have a POLITICAL
problem that might need to be resolved by "your management" talking
to "their management".

If you deployment is approved they are likely being "unreasonable",
perhaps even "obstructionist" in refusing to DELEGATE to your
zone.

> Can I still have my AD domain name be a sub domain anyway? Like

You can, but it won't really be part of their "tree" or findable from "their
namespace".

If you mean seemlessly, then "No, you cannot."

> yourADdomain.xyz.edu. Even though it is not that way in the global DNS
> naming system. I realized that my Windows hosts will be resolving
> with a AD DNS and to them it won't matter but not all machines are
> Windows. I do not control the Unix boxes so they will be resolving
> and named as they always have been.

This is NOT an issue IF the parent zone will delegate.

Delegation is the RIGHT way.

> I think I can use the "fake" sub domain approach but I am afraid that
> once I get going, I will run into some naming snag. I would like to
> avoid that.

It can be made to work, the same as a private zone/domain, can also
resolve the Internet -- they are just making it hard on your for no apparent
reason.

--
Herb Martin
>
>
>
>
> "Herb Martin" <(E-Mail Removed)> wrote in message
news:<(E-Mail Removed)>...
> > Kevin offered you the standard answer -- I too would
> > pursue having the parent zone (xyz.edu) delegate to your
> > zone, e.g., yourADdomain.xyz.edu.
> >
> > Then you can enable "parent suffix" searching and clients
> > can type things like WWW and if no xxx.yourAddomain.xyz.edu
> > is found, it will try www.xyz.edu etc.
> >
> > --
> > Herb Martin
> > "Bill Stewart" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > > Problem:
> > >
> > > I am part of a name space xyz.edu and have no control of the
> > > DNS/Domain namespace. I mean I can have hosts added and deleted with
> > > an email but that's it. I need to set up Active Directory that is
> > > totally separate from xyz.edu. We access many hosts in the xyz.edu.
> > >
> > > Obviously I can not use split-brain because of all the hosts that we
> > > access from here.
> > >
> > > Question: Since this is not really a internal/external firewall type
> > > set up, can I still use a totally different domain name for my AD
> > > Domain? This would mean that every host would have 2 names. One that
> > > xyz.edu knows in its DNS and the other xyz.local that my DNS knows
> > > about. I don't want to set this all up and get hit with a gotcha that
> > > I missed. This seems a little different then the ones I have seen in
> > > the group.
> > >
> > > TIA