In
- said:
Hello,
I was wondering if the Net Logon service of the domain controller
that is the GC does the registering or is it one of the root servers
that has its Net Logon service send the registration for a GC. For
example, we have the following scenario:
child DC becomes a GC
Empty root is updated, but DNS is held on separate W2K server boxes in
workgroup.
Does the child Net Logon send a message to these DC's or does the
root do it?
In addition to Herb's response, I think there may be a terminology mixup
here, or a slight misunderstanding of how this whole thing works.
As Herb said, each DC will register its own resources that it finds in the
AD database on the machine. The netlogon service on each DC does this. If
the machine is a GC, then so be it, it will register that fact into the SRVs
under the zone.
Some things top be aware of that dictate the registration process:
1. Primary DNS Suffix of the machine MUST match the AD DNS domain name (not
the NetBIOS domain name).
2. The zone name in DNS MUST match the name in #1 and be allowed updates.
3. The DCs (and all machiens for that matter) MUST only use the internal DNS
and not the ISP's or errors are guaranteed and WILL occur.
4. Your parent domain name is NOT a single label name ("domain" vs the
required format of "domain.com"). Errors WILL occur if this is so.
If you have a child domain, and its in a different location, we can opt to
create a DNS server on one of the DCs or another machine in that location.
Preferrably a DC, but it can be any DNS that supports AD. If you do it this
way, then you'll want to ensure that ALL child domain members (including
DCs) will ONLY use that server. Then in the parent domain's DNS, you'll want
to delegate the child zone name to the child DNS servers. In the child DNS
servers, setup a forwarder back to the parent DNS server. This will insure
your DNS infrastructure is sound and will resolve names throughout the
infrastructure.
Read this (just remember to add the forwarder from thechild to the parent)
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
