AD and Lucent QIP

[Adrian Marsh (NNTP)]

All,

I've been trying to find a new of taking the records from an Active
Directory Microsoft DNS server, and moving them into a Lucent QIP server.

I've been talking to my CIO.

I can't use the import tools in QIP to pull the data from the Microsoft
sever, or use the DC to reregister the SRV records, as that would be
considered to "pollute" the DNS. CIO have a strict rule on this. I have
to hand-enter each record. Not too big a deal as theres only one DC to
worry about.

i don't quite see how to put the tree structure used in MS DNS
(_msdcs->dc/domains/gc/pdc, etc into QIP).

main problem we also spotted is that Microsoft use '_' as parts of the
Attribute NAMEs. According to my IT guy, thats not a legal character
under DNS - and indeed QIP won't even let me type _ in the fieldname
though the GUI.

Both Ace Fekay and Graham McElroy got in touch before, in another
thread, so if either of you could help I'd appreciate it.

I'm contactable on this email (adrian.marsh -at- lucent.com)

As I work at Lucent, I've also put the questions out to some of the QIP
development teams, but usually talking to those-that-have-done-it-before
is easier and faster... Sounds silly I know. but....

Adrian

 

[Ace Fekay [MVP]]

In

All,

I've been trying to find a new of taking the records from an Active
Directory Microsoft DNS server, and moving them into a Lucent QIP
server.

I've been talking to my CIO.

I can't use the import tools in QIP to pull the data from the
Microsoft sever, or use the DC to reregister the SRV records, as that
would be considered to "pollute" the DNS. CIO have a strict rule on
this. I have to hand-enter each record. Not too big a deal as theres
only one DC to worry about.

i don't quite see how to put the tree structure used in MS DNS
(_msdcs->dc/domains/gc/pdc, etc into QIP).

main problem we also spotted is that Microsoft use '_' as parts of the
Attribute NAMEs. According to my IT guy, thats not a legal character
under DNS - and indeed QIP won't even let me type _ in the fieldname
though the GUI.

Both Ace Fekay and Graham McElroy got in touch before, in another
thread, so if either of you could help I'd appreciate it.

I'm contactable on this email (adrian.marsh -at- lucent.com)

As I work at Lucent, I've also put the questions out to some of the
QIP development teams, but usually talking to
those-that-have-done-it-before is easier and faster... Sounds silly I
know. but....

Adrian

I didn;t realize what you were doing with the underscore. I guess I should
clarify about the underscore:

The underscore is ONLY legal in the use of SRV records, but NOT legal in the
use of hosts or domain names. If QIP supports SRV records, then it will
accept the underscore for those specific types of records. If QIP does not
support SRVs or does not support dynamic updates, then it would be rather
useless to use it for AD. I would talk to Lucent to clarify exactly what it
supports. But from what I've heard, it works fine and supports AD's needs.

To import them, in QIP, you could make a secondary zone of the AD zone, then
let them transfer, and once the zone transfers, you can then make the zone a
Primary in QIP.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Kevin D. Goodknecht Sr. [MVP]]

In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
wrote their comments
Then Kevin replied below:

In

I didn;t realize what you were doing with the underscore.
I guess I should clarify about the underscore:

The underscore is ONLY legal in the use of SRV records,
but NOT legal in the use of hosts or domain names. If QIP
supports SRV records, then it will accept the underscore
for those specific types of records. If QIP does not
support SRVs or does not support dynamic updates, then it
would be rather useless to use it for AD. I would talk to
Lucent to clarify exactly what it supports. But from what
I've heard, it works fine and supports AD's needs.

To import them, in QIP, you could make a secondary zone
of the AD zone, then let them transfer, and once the zone
transfers, you can then make the zone a Primary in QIP.

Actually RFCs require an underscore at the begining of a protocol label.
http://www.faqs.org/rfcs/rfc3861.html

 

[Ace Fekay [MVP]]

In

Actually RFCs require an underscore at the begining of a protocol
label. http://www.faqs.org/rfcs/rfc3861.html

Yes, and they're used in conjunction with SRV records, since they point to
either a service (such as a GC), or protocol (such as tcp, udp), etc!

Cheers!

Ace

 

[Jonathan de Boyne Pollard]

AM> According to my IT guy, thats not a legal character under DNS

<sigh> Your "IT guy" is perpetuating a popular canard. Have him read
RFC 2181 and the "comp.protocols.tcp-ip.domains" FAQ answers.

<URL:http://intac.com./~cdp/cptd-faq/section4.html#underscore>

 

[Jonathan de Boyne Pollard]

MF> The underscore is ONLY legal in the use of SRV records, but
MF> NOT legal in the use of hosts or domain names.

Untrue. Underscores _are_ permitted in domain names. They are not
permitted for _some particular uses_ of domain names, including using
them as host names. They are permitted for _other uses_ of domain
names, including the owner domain names used for service location via
the DNS. As far as domain names themselves are solely concerned, the
restrictions are very lax, and most binary data are permitted. Read RFC
2181 and the FAQ answers.

<URL:http://intac.com./~cdp/cptd-faq/section4.html#underscore>

 

[Ace Fekay [MVP]]

In

Untrue. Underscores _are_ permitted in domain names. They are not
permitted for _some particular uses_ of domain names, including using
them as host names. They are permitted for _other uses_ of domain
names, including the owner domain names used for service location via
the DNS. As far as domain names themselves are solely concerned, the
restrictions are very lax, and most binary data are permitted. Read
RFC 2181 and the FAQ answers.

<URL:http://intac.com./~cdp/cptd-faq/section4.html#underscore>

Thanks for the clarification. All in all, I would assume to suggest to avoid
the use of underscores instead of needing to understand the fine print
behind them of when an not when you can use them. It will eliminate some
confusion to most folks. Of course this thought is not including SRV
records..

Ace