Active Directory without DNS?

[WOW]

I didn't think it was possible, but I went to a client today who installed
Server 2003, but couldn't figure out DNS, so he uninstalled it in July.
It's still working. How can that be?

Local domain name is the same as registered internic name, so I don't think
I can just install DNS without confusing internal vs external. I'm leaning
toward doing a DCPROMO to kill the domain, then rebuild using
xxxxxxxx.local.

There is also a Win2K server that is a part of this domain, but it can't
even run AD Users & Computers - says the domain doesn't allow it?! The only
DC is the 2k3 server.

Thoughts?

 

[Glenn L]

Members in an AD domain will eventually fall back to broadcasting to find
network resources. So a network can continue to function with a single DC
and all member computers located on the same subnet as the DC.

You can technically have your internal domain name the same as your external
domain name.
This only increases the administrative complexity for any records that must
be exposed both internally and externally. e.g. WWW hosts or SMTP MS
records.

The W2K server likely is having trouble resolving the domain. It is
possible the W2K server has secure channel issues if it has not been able to
find the domain since july. This would help explain why you can't run ADUC
on it.

I suggest you install and configure DNS on your W2K3 DC.
Point the W2K3 DC to itself for DNS name resolution.
Point the W2K member to the W2K3 DC for DNS name resolution.
Point any other member computers to the W2K3 DC for DNS name resolution.

 

[WOW]

Thanks Glen. I'm going to the client this afternoon. I read a bit more on
"split-horizon" DNS and it seems as though I can leave the domain intact,
install DNS, then add manual entries for web, mail and ftp so the internal
clients can see them. This is a whole lot easier than rebuilding AD with a
different domain name. I'll let you know how it turns out. Thanks again.

Randy

 

[Enkidu]

I would also point the forwarders in the DNS to a known DNS on the
Internet.

Cheers,

Cliff

 

[WOW]

All is well again. I installed DNS, pointed the other servers and most of
the workstations (ran out of time) to the new DNS server and everthing is
happy - I can resolve names and still get to their mail, ftp and web server
(internal). I did not use forwarders, instead I used TLD hints. The
workstations still have their ISP's DNS as secondary. Ran DCDIAG and
NETDIAG and all came back good. Thank you!

Randy

 

[Enkidu]

Great! I prefer to use forwarders myself. That way you take advantage
of the ISPs cache, which hopefully will contain enough of what you are
looking for to be an advantage. Plus the DNS traffic (not that it is a
great amount) doesn't travel down your pipe.

But there's two schools of thought.

Cheers,

Cliff

 

[Cary Shultz [A.D. MVP]]

WOW,

Please remove the ISP's DNS Server as the secondary! There should be only
your internal DNS Server(s) in there. Are you using DHCP? This is one of
the Scope options.......

HTH,

Cary