Jack said:The thing to realize about AD and DNS is that whatever you
name your AD, that new suffix becomes all-important to
your clients. It is with that suffix that your clients
find DCs and other services. Dynamic Updates also must be
turned on on that zone.
So if you want to keep your mydomain.com clean of a
million new records, I can't say I blame you (especially
if you open up DYDNS to all clients).
I can give you two quick examples. We have a DNS zone
called company.com. We had an NT4 domain called "domain."
We have two physical locations, and each location had
their own primary zones: "Loc1.company.com"
and "Loc2.company.com"
When it came time to make "domain" an AD we had to decide
whether to change the AD name to match one of the existing
DNS zones or to create a whole new zone. We decided to
basically create an AD only zone
called "domain.company.com" thus seperating our AD zone
from our pure DNS zones (which sounds like what you want
to do).
I also upgraded another NT4 domain from "otherdomain"
to "otherdomain.company.com" thus merging the pure DNS and
the AD dns. The reason for this was that we didn't want
to go through the trouble of changing the netbios name.
Both instances work just fine. Just be aware that when
you add a 2k machine to the AD, it automatically changes
the primary suffix of the machine. So it is important
that you either supply a suffix search order or make sure
all of your stuff uses the FQDN.
One thing we did do that I highly recommend if you are a
multi-locationed shop is to bring up an empty forest
root. That would mean that you have just a DC or two
using the company.com zone. Do a search on deja.com for
empty forest root to learn more.
-Jack
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.