Windows 2000 Domain Controller Configured Without a Domain Suffix

J

Jerry Incollingo

Thank you for taking the time to read this (long) post.

I have a client with a single Windows 2000 domain controller running
SP3 and the latest security patches (as of 10/23/03). The consultant
who originally configured this server did not specify a domain suffix
when he ran DCPROMO. So the server is listed as 'server.domain'
instead of 'server.domain.com'. Before I explain what I have been
trying to do, let me ask this question:

Is it possible to add a suffix to a Windows 2000 server running AD
that has no domain suffix WITHOUT having to run DCPROMO? Also, DNS is
running on this machine and is Active Directory integrated. The
server points to itself for DNS resolution.

Here is what I have atempted (trying to run the steps for a disjoint
domain):
Changed the key HKLM\CCS\Services\TCPIP\Parameters\Domain to be
'domain.com'
Changed the key HKLM\CCS\Services\TCPIP\Parameters\NV Domain to be
'domain.com'

Rebooted. Checked system properties and the fully qualified server
name is correct, however the domain name listed is still missing the
suffix.

An ipconfig /all looks correct:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

I have run DCDIAG and received no errors ONLY after I added a new
Forward Lookup Zone in DNS. Currently there are 2 forward zones, that
is 'domain' and 'domain.com'. The zone I added does not contain the 4
folders that indicate it is AD integrated, that is _UDP, _TCP, _SITES
and _MSDCS. I tried steps from another post to resolve this, which
included stopping and starting NETLOGON, runnning an IPCONFIG
/flushdns then IPCONFIG /registerdns however, the zone I added won't
create those 4 folders.
I am still concerned that my domain is still listed as 'domain'
instead of 'domain.com' in the system properties on the server.
I also ran NETDIAG and received no errors only after I added the
Forward Zone.

So, am I wasting my time here? Is it not possible to add a suffix to
a single DC that has none without having to DCPROMO it? Am I simply
missing something DNS related? Any help is very appreciated.

Thank you,
Jerry
 
K

Kevin D. Goodknecht

In
Jerry Incollingo said:
Thank you for taking the time to read this (long) post.

I have a client with a single Windows 2000 domain controller running
SP3 and the latest security patches (as of 10/23/03). The consultant
who originally configured this server did not specify a domain suffix
when he ran DCPROMO. So the server is listed as 'server.domain'
instead of 'server.domain.com'. Before I explain what I have been
trying to do, let me ask this question:

Is it possible to add a suffix to a Windows 2000 server running AD
that has no domain suffix WITHOUT having to run DCPROMO? Also, DNS is
running on this machine and is Active Directory integrated. The
server points to itself for DNS resolution.

Here is what I have atempted (trying to run the steps for a disjoint
domain):
Changed the key HKLM\CCS\Services\TCPIP\Parameters\Domain to be
'domain.com'
Changed the key HKLM\CCS\Services\TCPIP\Parameters\NV Domain to be
'domain.com'

Rebooted. Checked system properties and the fully qualified server
name is correct, however the domain name listed is still missing the
suffix.

An ipconfig /all looks correct:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server
Primary DNS Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

I have run DCDIAG and received no errors ONLY after I added a new
Forward Lookup Zone in DNS. Currently there are 2 forward zones, that
is 'domain' and 'domain.com'. The zone I added does not contain the 4
folders that indicate it is AD integrated, that is _UDP, _TCP, _SITES
and _MSDCS. I tried steps from another post to resolve this, which
included stopping and starting NETLOGON, runnning an IPCONFIG
/flushdns then IPCONFIG /registerdns however, the zone I added won't
create those 4 folders.
I am still concerned that my domain is still listed as 'domain'
instead of 'domain.com' in the system properties on the server.
I also ran NETDIAG and received no errors only after I added the
Forward Zone.

So, am I wasting my time here? Is it not possible to add a suffix to
a single DC that has none without having to DCPROMO it? Am I simply
missing something DNS related? Any help is very appreciated.

Thank you,
Jerry
Click to expand...

Well in order to answer this I need to know the actual domain name listed in
ADU&C if it is domain you are stuck you can't change it and it is a single
label domain name. You primary DNS suffix must match this name.

If it is domain.com you're OK.
 
A

Alan Wood [MSFT]

Hi All,
I justed wanted to add something. It is correct, you can't change the
Name of DC after DCpromo unless you dcpromo down then back up. I would
also strongley suggest, going back into the registry and putting the name
back the way it was. This may case some SPN issues for you in the future
as the SPN(serverprinciplename) in the AD is not going to match.

In Windows 2000 your stuck with having to redo the domain. Please also
note that W2K3 you are not able to create a domain without specifying more
than single labeled name. There are also changes in Windows 2000 SP4 that
when in this configuration you will start running into problems as
Netlogon and the DHCP\DNS Client will stop registering records in the
single labeled domain name.

300684 Information About Configuring Windows 2000 for Domains With
Single-Label
http://support.microsoft.com/?id=300684

Another FYI is in W2K3 Domain, you can run Domain Rename but not in W2k.
814589 HOW TO: Rename a Windows 2003 Domain Controller
http://support.microsoft.com/?id=814589

Hope this Helps!


Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
A

Ace Fekay [MVP]

In
Alan Wood" said:
Another FYI is in W2K3 Domain, you can run Domain Rename but not in
W2k. 814589 HOW TO: Rename a Windows 2003 Domain Controller
http://support.microsoft.com/?id=814589
Click to expand...

Hi Alan,

Looks like that article was removed. I couldn't even find it in the Partner
Access KB site.

Maybe these will help:

819145 - Support WebCast Microsoft Windows Server 2003 Implementing an
Active Directory Domain Rename Operation:
https://mvp.support.microsoft.com/default.aspx?scid=kb;en-us;819145

325354 - HOW TO Use the Netdom.exe Utility to Rename a Computer in Windows
Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;325354

Rename a domain controller computer name:
http://www.microsoft.com/technet/tr...proddocs/datacenter/sag_ADmanage_renameDC.asp

Windows Server 2003 Domain Rename Tools:
http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
J

Jerry Incollingo

Thanks for the info Alan. I did put the names back in the registry to
what they were. The client has agreed to pay to have me redo their
Active Directory domain. So, I will DCPROMO the box back down to a
server and start over. Not that big of a company, so it shouldn't be
an issue. I just dread having to add all those XP machines to the new
domain and copy all those dang local profiles to their new account
logons. But hey, I'm paid by the hour.

Thanks,
Jerry
 
A

Ace Fekay [MVP]

In
Jerry Incollingo said:
Thanks for the info Alan. I did put the names back in the registry to
what they were. The client has agreed to pay to have me redo their
Active Directory domain. So, I will DCPROMO the box back down to a
server and start over. Not that big of a company, so it shouldn't be
an issue. I just dread having to add all those XP machines to the new
domain and copy all those dang local profiles to their new account
logons. But hey, I'm paid by the hour.

Thanks,
Jerry
Click to expand...

Install a parrallel AD with the new name and use ADMT to migrate users,
groups, computers (incl their profiles). It would be a lifesaver here.
:)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS problem? 4
Primary Domain Suffix Question 1
Inhouse and external domain 2
Domain Name System Suffix Does Not Match Domain Name 1
Is there any limit for " Append DNS Suffix" ? 10
Q: Script to append the exisiting DNS suffix search order on W2K clients 2
DNS suffix search list 1
incorrect domain suffix 1

Top