On Windows 2000 DC, FQDN is different than AD Domain - DDNS doesn'

G

Guest

I am consulting for a small company to attempt to resolve a problem.

Someone has done an in-place upgrade of an NT 4.0 DC to a W2K AD DC. The
Domain used in the Computer's Properties (Computer Name FQDN) was set to an
ISP's domain and was not changed before the upgrade (this computer is
multi-homed) was performed. Now this W2K DC has an inoperable DDNS since the
FQDN of this Computer is different that the AD Domain. Clients cannot locate
the DDMS Server to Register and the DC itself is not able to register SRV
Records (or even A Records).

This computer also hosts Exchange 5.5 (and the only reason Exchange seems to
work is that the Service Accounts, while AD Accounts, are still Local).

So given this situation, is there any method to now change the FQDN in the
System Properties of this W2K AD DC or must AD be removed first ????

Thanks for any advice,
 
R

Ryan Hanisco

Hi CarlC,

Forget everything else -- you need to concentrate on your DNS. You need to
have your DCs to host AD integrated DNS and reference only itself. From
there, have your clients point at the server. Finally stop and restart the
netlogon service to re-register the SRV records.

Bottom line, focus on the DNS of the server first and work to the edges
using NSLOOKUP to verify connectivity.

From there, use DCDIAG and NETDIAG to look fro replication problems.
 
J

Joe Richards [MVP]

What are they using for DNS? Is the DC itself a DNS Server?

The setup with the DNS name being different from the AD domain name is one of
the disjoint namespace configurations and is fully supported. I ran a fortune 5
company like that for almost 5 years with no issues with DNS when I left.

The main thing is that the DNS Host name is resolvable. The DDNS records for the
DC should be registering whereever you are pointing assuming the AD Domain Name
Zone Exists and is configured for dynamic updates.

Now if you simply want to get to a more "common" configuration, it is possible
to change the FQDN of a DC through a registry modification. However it may have
an impact on Exchange (I always hated Exchange on DCs) and you should probably
test this very well before doing it.

The registry value to change is called NV Domain and is located in the key

hklm\system\currentcontrolset\services\tcpip\parameters

You will want to reboot the DC after the change and verify that the SPNs and DNS
Hostname for the DC are changed on the DC's computer account in the directory.

I have done this multiple times in production however, the DCs were not running
any applications other than the DC functionality and WINS.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top