http://support.microsoft.com/?id=255248 => GC

A

admin

Hello

we have a parent domain xxx.com.
we have create a childdomain child.xxx.com.


now i have a DNS problem:
the child.xxx.com was a secondary dns zone.


But the child.xxx.com was not in the same location as the parent
domain.
I need a GC on the child domain.

http://support.microsoft.com/?id=255248
=> no GC, GC just in the Parent Domain.


Are there any possibilites?

thanks
 
H

Herb Martin

Hello

we have a parent domain xxx.com.
we have create a childdomain child.xxx.com.
now i have a DNS problem:
the child.xxx.com was a secondary dns zone.
Click to expand...

All DNS zones need both a Primary and optional
but important Secondaries (or equivalent*) sufficient
for performance and fault tolerance purposes,
including dealing with important WAN locations.

*An AD Integrated "set" of DNS-DCs can replace the
Single traditional Primary, and function with or without
additional secondaries.

Every zone has it's own set of servers, the Primary or
equivalent being REQUIRED at a minimum.

By definition there was a Primary for that child zone
at least when you create the zone, so either correct it's
problems or switch a child secondary to become Primary.
But the child.xxx.com was not in the same location as the parent
domain.
Click to expand...

DNS routes so techically locations don't always matter
for DNS, but it is a good idea to have additional Secondaries
(or perhaps better AD Integrated) DNS servers wherever
you have separate significant locations, generally where you
have DCs.
I need a GC on the child domain.
Click to expand...

Technically GCs don't have anything DIRECTLY to do with
Domains (except that they must run on SOME DC which is
by definition in some domain) but rather are a FOREST
resource.

You should place your MINIMUM number of GCs by
Site -- every Site needs as least one, two for fault tolerance,
and more when performance of network applications such
as Exchange is an issue (Exchange uses the GC in place of
its older "Global Address List" or GAL).

Any DC can be made a GC (with some very trivial restrictions
for keeping the Infrastructure master and GC apart in multi
domain setups UNLESS you make every DC in the domain a GC.)

If you have a SMALL multidomain forest you can make every
GC a DC usually and this may frequently be best -- generally a
single domain forest should have every DC a GC.
http://support.microsoft.com/?id=255248
=> no GC, GC just in the Parent Domain.
Click to expand...
Are there any possibilites?
Click to expand...

Add GCs by going to Sites and servers and selecting a DC,
expanding its "NTDS" properties and "checking the box".

Wait for replication.

BTW, it is a good idea to run DCDiag on every DC and
ensure that you have both full replication and correct DNS
replication for the plethora of DC records through the
Forest.
 
K

Kevin D. Goodknecht Sr. [MVP]

Hello

we have a parent domain xxx.com.
we have create a childdomain child.xxx.com.


now i have a DNS problem:
the child.xxx.com was a secondary dns zone.


But the child.xxx.com was not in the same location as the parent
domain.
I need a GC on the child domain.

http://support.microsoft.com/?id=255248
=> no GC, GC just in the Parent Domain.

Are there any possibilites?
Click to expand...

In addition to Herb's comments for making a DC a Global Catalog, the GC
record is registered in gc.msdcs.xxx.com location. Assuming this is Win2k,
ADI zones cannot be replicated across domain boundaries, so you'll need
Secondary zones on the Win2k Child DNS servers, so the child members can
find these records, and child Domain Controllers can find the master servers
to register in. (All Domain Controllers in a forest register records in
_msdcs.xxx.com, which is why Win2k3 made this a separate zone that
replicates to all DC/DNS in the forest.)
You have to do this by using a Secondary zone, or by using Forwarding from
the child to the parent servers with "Do not use recursion" selected.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 
A

admin

Hello Martin

Best thanks for your reply.

GC was activated on the site in the childdomain.

parentdomain.com (with 2 gc's, 2 dc's)
child.parentdomain.com (with 1gc, 1dc)


Confuse is the following thing:
DNS
=> Partentdomain:
parentdomain.com
=> _tcp
=> I can see some _gc SRV entry from every gc / dc in the
parentdomain

=> Childdomain:
child.parentdomain.com
=> _tcp
=> I can't see any _gc SRV entry.

Is there any relation with GC functionality?
Or is it normal that on the childdomain are no _gc SRV entries?


Thanks, best regards




Herb said:
Hello

we have a parent domain xxx.com.
we have create a childdomain child.xxx.com.
now i have a DNS problem:
the child.xxx.com was a secondary dns zone.
Click to expand...

All DNS zones need both a Primary and optional
but important Secondaries (or equivalent*) sufficient
for performance and fault tolerance purposes,
including dealing with important WAN locations.

*An AD Integrated "set" of DNS-DCs can replace the
Single traditional Primary, and function with or without
additional secondaries.

Every zone has it's own set of servers, the Primary or
equivalent being REQUIRED at a minimum.

By definition there was a Primary for that child zone
at least when you create the zone, so either correct it's
problems or switch a child secondary to become Primary.
But the child.xxx.com was not in the same location as the parent
domain.
Click to expand...

DNS routes so techically locations don't always matter
for DNS, but it is a good idea to have additional Secondaries
(or perhaps better AD Integrated) DNS servers wherever
you have separate significant locations, generally where you
have DCs.
I need a GC on the child domain.
Click to expand...

Technically GCs don't have anything DIRECTLY to do with
Domains (except that they must run on SOME DC which is
by definition in some domain) but rather are a FOREST
resource.

You should place your MINIMUM number of GCs by
Site -- every Site needs as least one, two for fault tolerance,
and more when performance of network applications such
as Exchange is an issue (Exchange uses the GC in place of
its older "Global Address List" or GAL).

Any DC can be made a GC (with some very trivial restrictions
for keeping the Infrastructure master and GC apart in multi
domain setups UNLESS you make every DC in the domain a GC.)

If you have a SMALL multidomain forest you can make every
GC a DC usually and this may frequently be best -- generally a
single domain forest should have every DC a GC.
http://support.microsoft.com/?id=255248
=> no GC, GC just in the Parent Domain.
Click to expand...
Are there any possibilites?
Click to expand...

Add GCs by going to Sites and servers and selecting a DC,
expanding its "NTDS" properties and "checking the box".

Wait for replication.

BTW, it is a good idea to run DCDiag on every DC and
ensure that you have both full replication and correct DNS
replication for the plethora of DC records through the
Forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

thanks
Click to expand...
Click to expand...
 
H

Herb Martin

GC was activated on the site in the childdomain.
parentdomain.com (with 2 gc's, 2 dc's)
child.parentdomain.com (with 1gc, 1dc)
Click to expand...

So, every DC in the Forest is a GC, and specifically
every Site has at least one GC.
Confuse is the following thing:
DNS
=> Partentdomain:
parentdomain.com
=> _tcp
=> I can see some _gc SRV entry from every gc / dc in the
parentdomain

=> Childdomain:
child.parentdomain.com
=> _tcp
=> I can't see any _gc SRV entry.

Is there any relation with GC functionality?
Or is it normal that on the childdomain are no _gc SRV entries?
Click to expand...

There should be GC references in both the _msdcs._sites._sitename etc.
and in the corresponding _sites._sitename etc.

IF a DC is a GC and your run DCDiag is SHOULD also complain
if the records are not all correct.

How does the "child DNS Server" (there's no such thing really but
we all speak this way) find names in the PARENT zone? Does it
hold a copy of the parent zone? (There are other ways in Win2003
but this is the main choice for Win2000.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thanks, best regards




Herb said:
Hello

we have a parent domain xxx.com.
we have create a childdomain child.xxx.com.
now i have a DNS problem:
the child.xxx.com was a secondary dns zone.
Click to expand...

All DNS zones need both a Primary and optional
but important Secondaries (or equivalent*) sufficient
for performance and fault tolerance purposes,
including dealing with important WAN locations.

*An AD Integrated "set" of DNS-DCs can replace the
Single traditional Primary, and function with or without
additional secondaries.

Every zone has it's own set of servers, the Primary or
equivalent being REQUIRED at a minimum.

By definition there was a Primary for that child zone
at least when you create the zone, so either correct it's
problems or switch a child secondary to become Primary.
But the child.xxx.com was not in the same location as the parent
domain.
Click to expand...

DNS routes so techically locations don't always matter
for DNS, but it is a good idea to have additional Secondaries
(or perhaps better AD Integrated) DNS servers wherever
you have separate significant locations, generally where you
have DCs.
I need a GC on the child domain.
Click to expand...

Technically GCs don't have anything DIRECTLY to do with
Domains (except that they must run on SOME DC which is
by definition in some domain) but rather are a FOREST
resource.

You should place your MINIMUM number of GCs by
Site -- every Site needs as least one, two for fault tolerance,
and more when performance of network applications such
as Exchange is an issue (Exchange uses the GC in place of
its older "Global Address List" or GAL).

Any DC can be made a GC (with some very trivial restrictions
for keeping the Infrastructure master and GC apart in multi
domain setups UNLESS you make every DC in the domain a GC.)

If you have a SMALL multidomain forest you can make every
GC a DC usually and this may frequently be best -- generally a
single domain forest should have every DC a GC.
http://support.microsoft.com/?id=255248
=> no GC, GC just in the Parent Domain.
Click to expand...
Are there any possibilites?
Click to expand...

Add GCs by going to Sites and servers and selecting a DC,
expanding its "NTDS" properties and "checking the box".

Wait for replication.

BTW, it is a good idea to run DCDiag on every DC and
ensure that you have both full replication and correct DNS
replication for the plethora of DC records through the
Forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

thanks
Click to expand...
Click to expand...
Click to expand...
 
A

admin

Yeah should be a copy.

We have in the parent domain a W2k DC and a W2k3 DC.
In the Childdomain, there's a W2k3 DC.




Herb said:
GC was activated on the site in the childdomain.
parentdomain.com (with 2 gc's, 2 dc's)
child.parentdomain.com (with 1gc, 1dc)
Click to expand...

So, every DC in the Forest is a GC, and specifically
every Site has at least one GC.
Confuse is the following thing:
DNS
=> Partentdomain:
parentdomain.com
=> _tcp
=> I can see some _gc SRV entry from every gc / dc in the
parentdomain

=> Childdomain:
child.parentdomain.com
=> _tcp
=> I can't see any _gc SRV entry.

Is there any relation with GC functionality?
Or is it normal that on the childdomain are no _gc SRV entries?
Click to expand...

There should be GC references in both the _msdcs._sites._sitename etc.
and in the corresponding _sites._sitename etc.

IF a DC is a GC and your run DCDiag is SHOULD also complain
if the records are not all correct.

How does the "child DNS Server" (there's no such thing really but
we all speak this way) find names in the PARENT zone? Does it
hold a copy of the parent zone? (There are other ways in Win2003
but this is the main choice for Win2000.)

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Thanks, best regards




Herb said:
Hello

we have a parent domain xxx.com.
we have create a childdomain child.xxx.com.
now i have a DNS problem:
the child.xxx.com was a secondary dns zone.

All DNS zones need both a Primary and optional
but important Secondaries (or equivalent*) sufficient
for performance and fault tolerance purposes,
including dealing with important WAN locations.

*An AD Integrated "set" of DNS-DCs can replace the
Single traditional Primary, and function with or without
additional secondaries.

Every zone has it's own set of servers, the Primary or
equivalent being REQUIRED at a minimum.

By definition there was a Primary for that child zone
at least when you create the zone, so either correct it's
problems or switch a child secondary to become Primary.

But the child.xxx.com was not in the same location as the parent
domain.

DNS routes so techically locations don't always matter
for DNS, but it is a good idea to have additional Secondaries
(or perhaps better AD Integrated) DNS servers wherever
you have separate significant locations, generally where you
have DCs.

I need a GC on the child domain.

Technically GCs don't have anything DIRECTLY to do with
Domains (except that they must run on SOME DC which is
by definition in some domain) but rather are a FOREST
resource.

You should place your MINIMUM number of GCs by
Site -- every Site needs as least one, two for fault tolerance,
and more when performance of network applications such
as Exchange is an issue (Exchange uses the GC in place of
its older "Global Address List" or GAL).

Any DC can be made a GC (with some very trivial restrictions
for keeping the Infrastructure master and GC apart in multi
domain setups UNLESS you make every DC in the domain a GC.)

If you have a SMALL multidomain forest you can make every
GC a DC usually and this may frequently be best -- generally a
single domain forest should have every DC a GC.

http://support.microsoft.com/?id=255248
=> no GC, GC just in the Parent Domain.

Are there any possibilites?

Add GCs by going to Sites and servers and selecting a DC,
expanding its "NTDS" properties and "checking the box".

Wait for replication.

BTW, it is a good idea to run DCDiag on every DC and
ensure that you have both full replication and correct DNS
replication for the plethora of DC records through the
Forest.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


thanks
Click to expand...
Click to expand...
Click to expand...
 
K

Kevin D. Goodknecht Sr. [MVP]

Hello Martin

Best thanks for your reply.

GC was activated on the site in the childdomain.

parentdomain.com (with 2 gc's, 2 dc's)
child.parentdomain.com (with 1gc, 1dc)


Confuse is the following thing:
DNS
=> Partentdomain:
parentdomain.com
=> _tcp
=> I can see some _gc SRV entry from every gc / dc in the
parentdomain

=> Childdomain:
child.parentdomain.com
=> _tcp
=> I can't see any _gc SRV entry.

Is there any relation with GC functionality?
Or is it normal that on the childdomain are no _gc SRV entries?
Click to expand...

All Global Catalog records are registered under the DNS forest root,
regardless of site or domain.

Here are the Netlogon registrations and where they are registered.
LdapIpAddress A <DnsDomainName>
Ldap SRV _ldap._tcp.<DnsDomainName>
LdapAtSite SRV _ldap._tcp.<SiteName>._sites.<DnsDomainName>
Pdc SRV _ldap._tcp.pdc._msdcs.<DnsDomainName>
Gc SRV _ldap._tcp.gc._msdcs.<DnsForestName>
GcAtSite SRV
_ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestName>
DcByGuid SRV
_ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName>
GcIpAddress A _gc._msdcs.<DnsForestName>
DsaCname CNAME <DsaGuid>._msdcs.<DnsForestName>
Kdc SRV _kerberos._tcp.dc._msdcs.<DnsDomainName>
KdcAtSite SRV
_kerberos._tcp.dc._msdcs.<SiteName>._sites.<DnsDomainName>
Dc SRV _ldap._tcp.dc._msdcs.<DnsDomainName>
DcAtSite SRV
_ldap._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName>
Rfc1510Kdc SRV _kerberos._tcp.<DnsDomainName>
Rfc1510KdcAtSite SRV _kerberos._tcp.<SiteName>._sites.<DnsDomainName>
GenericGc SRV _gc._tcp.<DnsForestName>
GenericGcAtSite SRV _gc._tcp.<SiteName>._sites.<DnsForestName>
Rfc1510UdpKdc SRV _kerberos._udp.<DnsDomainName>
Rfc1510Kpwd SRV _kpasswd._tcp.<DnsDomainName>
Rfc1510UdpKpwd SRV _kpasswd._udp.<DnsDomainName>



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Fix Child Domain DNS prior to adding 2003 DCs 1
Missing DCs/GCs in AD Integrated DNS 1
Whose Net Logon service registers GC SRV records? 4
Need help with DNS configuration 4
Child Domain DNS Woes 2
Child domain 10
Child Domain - Deleted Root Hints - Forwarder Needed? 0
Child domain DNS problem 4

Top