Records not created for Forward zone

[Ace Fekay [MVP]]

In

Looks like single lable to me. What do you think Ace?

Sure is!

Recommendations are to rename/rebuild domain, but ease of this proc would
depend on what mode the domain is in.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Guest]

Hi Ace

My domain is in mix mode.

 

[Kevin D. Goodknecht [MVP]]

In

Hi Ace,

My domain is in mix mode.

If the domain is in mixed mode, and you have or can build an NT4 BDC in this
domain.
1. Disconnect the NT4 BDC from the network, but still plugged into a hub or
switch.
2. Promote the NT4 BDC to a PDC
3. Upgrade the PDC to Win2k
4. DcPROMO the upgraded PDC to a Win2k domain using a Fully Qualified Domain
name such as Wind.gate, wind-gate.net, Wind-gate.local, or Wind-gate.LAN
5. Rejoin all members to the new domain Demote the badly named DC and
Promote it as a replica DC in the new domain. Then you can Demote the
upgraded NT4 DC if you want.

 

[Kevin D. Goodknecht [MVP]]

In

Hi Kevin,

All our DC are W2k, so promoting a NT4 to PDC will not work.
However, I am trying at this moment the fix for the single label name
in the article you directed me towards. I am to set the DWord value
to 0x1, but how do I do that, the best I can get is 0x000001, which
to me is not the same thing. Thanks.

That's just the way it shows in the registry.
It is correct.

 

[Ace Fekay [MVP]]

In

Hi Kevin,

All our DC are W2k, so promoting a NT4 to PDC will not work.
However, I am trying at this moment the fix for the single label name
in the article you directed me towards. I am to set the DWord value
to 0x1, but how do I do that, the best I can get is 0x000001, which
to me is not the same thing. Thanks.

The idea is to not promote an NT4 to a PDC at first, but to rather install
it into your current domain as a BDC. Then retire your two W2k domain
controllers by demoting them. SInce you are having problems they may not
demote and would have to force them to demote. Then once they are out of the
picture (off the network), then we promote the BDC to a PDC. Then once
that's done, we then install another NT4 as a BDC. Then once that's done,
upgrade the PDC to W2k but this time when dcpromo runs, choose the correct
AD DNS non-single label domain name.

This method will insure that you do NOT lose your current users and groups
nor do you lose your computer accounts. It will however, fix your single
label domain name instead of hacking ever machine's registry to bandaid this
problem, as it appears you're trying to do. Beleive me, you'll be happier in
the long run doing what Kevin and I described to fix this issue.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In

Hi Everyone,

I have tried the fix in the microsoft article and it worked. I have
not tried the one as yet to fix the group policy issue. The scenario
described in the previous post is an interesting one worth looking
into because we currently have 9 servers and 80 pcs applying this
registry entry to all is a bit tedious. You guys wouldn't happen to
know a batch file or something I could run to automate this?

In regedit select the value and export it to a registry file. You can put it
on a floppy and double click it on each machine.

I have another proposition, and tell me if this might work. What if
I setup another machine on an independent network but give it the
same IP settings as the now DC/operations master/dns/dhcp server, but
during the installation of active directory name it domain.com
instead of domain. Export all the objects in the real active
directory and save it to some media then import it into the new
server with the multi-label AD & DNS name. Then simply replace the
old DC/operations master/dns/dhcp server with the new and improved
one.

That is another option, build a new domain, use ADMT to migrate all user and
computer accounts accounts to the new domain.
When you do this even the user profiles are migrated with the users.

It should work because it would have the same IP address and AD
objects, and assume the same roles as the single label DC.
Now that there is a way for my FLZ to function again I would like to
take this opportunity to thank all persons involved for helping me
with the problem and responding so quickly to my posts. You guys
really know your stuff.

I would give it the same IP address, because when you migrate the accounts
these two machines are going to have to see each other.
If the only reason you want to give it the same IP is for the DNS address,
it is easy enough to change DHCP to assign the new address.

 

[Guest]

Hi Kevin

I will use this weekend to gather all my information on migration, and possibly from Monday I will start to build the new server. At this stage of the process is it at all possible for me to change the domain name completely, Instead of changing it from Wind-Gate to Wind-Gate.com, can I change it FORTRESS.COM, or must it still maintain some semblance of wind-gate. Thanks

 

[Kevin D. Goodknecht [MVP]]

In

Hi Kevin,

I will use this weekend to gather all my information on migration,
and possibly from Monday I will start to build the new server. At
this stage of the process is it at all possible for me to change the
domain name completely, Instead of changing it from Wind-Gate to
Wind-Gate.com, can I change it FORTRESS.COM, or must it still
maintain some semblance of wind-gate. Thanks.

You can change it to any name you want the accounts will still migrate. Be
aware if you have a public website for the name you use or if anyone has a
public website for the name you use, there are records you will have to
create in your local zone in order to resolve those sites.
Incidentally I just checked, Wind-Gate.com is not registered, it might be a
good idea to buy the domain. FYI, I've been using www.dnscomplete.com for my
registrations, they are incredibly cheap (8.95 a year) and offer very good
service. Unlike NetSol, DNS is free of charge.

 

[Guest]

Hi Kevin

Thanks for the info, and the exporting from the registry works.