Setting up AD - upgrading from NT4 Domain

[John]

Hey all,

I am in the process of moving from an NT4 domain (single site w /PDC
and BDC) to Windows 2003 w/ AD.

I have been reading up on the process of upgrading and have found some
well documented step by step instructions. However I read something
yestarday that through me for a loop. Please Help clarify this for
me....

OK so my existing setup is NT 4 Network with PDC and BDC. All of my
clients 50 n all are running Windows XP. I have a few other server
that are mixed NT/2000 servers.

The private network has a domain name of abcdomain.com. All of my
servers and clients are configured with this domain name. However, my
companies web site www.abcdomain.com is hosted offsite and the DNS for
the www.abcdomain.com is also hosted offsite. In preparing for the AD
installation I have setup a new server as BDC and installed DNS on it.
I was planning on upgrading this to the PDC in a few days and then
upgrading that to Windows 2003 w/AD.

However I read something yestarday that since my website is hosted
offsite and has the same domain name as my internal network once the
AD and DNS is setup on Windows 2003 my internal AD DNS with the same
domain name will cause some issues with the external hosting and DNS
of my website. The article went on to say I should setup AD with a new
domain and should name is something like

internal.abcdomain.com

My questions are this -

Do I need to do it this way or can I leave the internal domain name
(abcdomain.com) as it is when uopgrading to Windows 2003 AD?

If I do create a new domain on that W3k Ad server when I am upgrading
does that mean that I will have to go to every server and client
machine and change the domain name on it, in order for it to access
the network an authenticate?

How would this change effect my internal Exchange 5.5 mail server
which is currently in the domain abcdomain.com - If I need to change
the domain names on all of the servers including the mail server -
won't that mess up some settings in Exchange 5.5?

Any other pointers or suggestions for upgrading are appreciated as
well - also if anyone has any good links to doing the upgrade..

Thanks very much,


John

(e-mail address removed)

 

[Lanwench [MVP - Exchange]]

Does your website have a static IP? You can leave it alone (abcdomain.com)
and set up a host record in your AD DNS forward lookup zone - www, pointing
to your website's public IP address. A lot of people do this..."split brain
DNS". You can rename domains in W2003 but I think you will run into major
Exchange server problems if you do so....so if it isn't necessary, don't
bother.

 

[Chriss3]

John yes this is correct. How ever during the inplace upgrade of your NT4.0
PDC to Windows Server 2003 you are promoted for the Active Directory DNS
Domain Name. You may want to use abcdomain.local or adbcdomain.com. If you
prefer to use abcdomain.com all internal requests of the particular domain
will be handled by the Active Directory Domain Name this means you can't
reach the off-site DNS internally and have to create www records etc in your
Active Directory Zone. Personally I recommend you to use .local
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

 

[Enkidu]

Hey all,

I am in the process of moving from an NT4 domain (single site w /PDC
and BDC) to Windows 2003 w/ AD.

I have been reading up on the process of upgrading and have found some
well documented step by step instructions. However I read something
yestarday that through me for a loop. Please Help clarify this for
me....

OK so my existing setup is NT 4 Network with PDC and BDC. All of my
clients 50 n all are running Windows XP. I have a few other server
that are mixed NT/2000 servers.

The private network has a domain name of abcdomain.com. All of my
servers and clients are configured with this domain name. However, my
companies web site www.abcdomain.com is hosted offsite and the DNS for
the www.abcdomain.com is also hosted offsite. In preparing for the AD
installation I have setup a new server as BDC and installed DNS on it.
I was planning on upgrading this to the PDC in a few days and then
upgrading that to Windows 2003 w/AD.

The Domain is abcdomain.com. www is the host, and www.abcdomain.com is
the host's fully qualified domain name (FQDN). The DNS for
abcdomain.com is hosted offsite. Just bein' picky!

There is no real difficulty with having the internal and external
Domain Names the same.

However I read something yestarday that since my website is hosted
offsite and has the same domain name as my internal network once the
AD and DNS is setup on Windows 2003 my internal AD DNS with the same
domain name will cause some issues with the external hosting and DNS
of my website. The article went on to say I should setup AD with a new
domain and should name is something like

The "problems" are relatively minor. The internal and external DNS are
totally seperate and any changes should (if necessary) be propogated
from the one to the other manually. However this should not happen
frequently. That's the core of it.

All internal machines should use the internal DNS. Externally all
services (eg web, mail) that are required to be globally visible
should be in the external DNS. All external addresses should be
resolved by clients *through* the internal address which should
forward all requests for resolution of external IPs (eg
www.microsoft.com through the gateway.)

You say that the website is hosted externally. Therefore it should be
in the external DNS. If your mail server is internal, it should ALSO
be in the external DNS which should point to the IP address of your
gateway. Normally this should be then NATted to your internal mail
server.

eg externally, mail.abcdomain.com is found in the external DNS, which
has the address of the gateway. The gateway NATs the external address
to the internal address of the mail server. www.abcdomain.com
externally resolves directly to the web server.

Internally you have to add the *external* address of the web server to
the DNS manually. An internal client finds the address of the web
server from the internal DNS and sends packets to the external web
server via the gateway (which NATs the internal source address to the
external address of the gateway).

You probably know most if not all of this already!

internal.abcdomain.com

My questions are this -

Do I need to do it this way or can I leave the internal domain name
(abcdomain.com) as it is when uopgrading to Windows 2003 AD?

I personally would leave it. Less hassle all round.

If I do create a new domain on that W3k Ad server when I am upgrading
does that mean that I will have to go to every server and client
machine and change the domain name on it, in order for it to access
the network an authenticate?

Not normally. Access depends on the IP address, which can be
distributed by DHCP. Authentication also depends on the IP address of
the DC which is an internal address. This is obtained from the DC via
the SRV records in the DNS. The DNS IP address is normally obtained by
DHCP.

How would this change effect my internal Exchange 5.5 mail server
which is currently in the domain abcdomain.com - If I need to change
the domain names on all of the servers including the mail server -
won't that mess up some settings in Exchange 5.5?

I'd leave it, as above. Internally the mail server would normally have
a "private" IP address, and be visible internally on that address and
externally via NAT on a public address.

Any other pointers or suggestions for upgrading are appreciated as
well - also if anyone has any good links to doing the upgrade..

Did anyone mention backup? <grin>

Cheers,

Cliff

{MVP}

 

[John]

John yes this is correct. How ever during the inplace upgrade of your NT4.0
PDC to Windows Server 2003 you are promoted for the Active Directory DNS
Domain Name. You may want to use abcdomain.local or adbcdomain.com. If you
prefer to use abcdomain.com all internal requests of the particular domain
will be handled by the Active Directory Domain Name this means you can't
reach the off-site DNS internally and have to create www records etc in your
Active Directory Zone. Personally I recommend you to use .local
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

--- Thanks for the reply...
One last thing that I am still a little unsure on is this. When I am
installing the AD and it prompts me for the DNS domain name. Since the
server is already in the abcdomain.com (NT DOMAIN) if I enter in the
AD wizard abcdomain.com as the AD DNS name will that in turn actually
make the computer's full AD DNS name host.abcdomain.com.abcdomain.com
???

I hope that question makes some sense to you?

I do plan on using the same domain name for my AD implementation as it
just seems like an easier fit for me. I only have 1 externally hosted
IP address and that is for the www.abcdomain.com - so I don't mind the
one static local DNS entry..

Thanks Again..

 

[Chriss3]

computers under the domain should be host.abdcdomain.com. Pre-Windows2000
clients still use the NETBIOS name abdcdomain.

Is that the answer on your question?