|
|
I have a single domain active-directory environment with (2) Windows 2003
Server Domain Controllers and (1) Windows 2000 Server Domain Controller. I
have 11 remote sites running either Windows 2003 Server or Windows 2000
Server as DHCP Servers.
I want to setup each of the remote DHCP Servers as DNS Servers for their
user PC's, and have then replicate or update DNS with the DC's?
How can I accomplish this?
|
|
Read inline please.
In news:50B68257-7B86-4AF7-860D-76D41631AF7E[ at ]microsoft.com,
rjones <rjones[ at ]discussions.microsoft.com> typed:
[Quoted Text] > I have a single domain active-directory environment with (2) Windows
> 2003 Server Domain Controllers and (1) Windows 2000 Server Domain
> Controller. I have 11 remote sites running either Windows 2003 Server
> or Windows 2000 Server as DHCP Servers.
> I want to setup each of the remote DHCP Servers as DNS Servers for
> their user PC's, and have then replicate or update DNS with the DC's?
>
> How can I accomplish this?
So are we to assume that the remote DHCP servers are not Domain Controllers?
Setting up DHCP to update DNS is fairly easy, but you should use Win2k3 DHCP
servers, which can make secure DNS updates. But, if they are member servers
they can only hold secondary zones, which through the use of the SOA record,
can send updates to primary servers, but they won't be able to update a
secure zone.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Correct, the DHCP Server are not Domain Controller. The DHCP Server that are
running Windows 2003 Server I would like to set up as DNS Servers. The other
DHCP Server that are running W2K Server will be rebuilt as W2K3 later this
year, then I can set them up as DNS Servers also.
So should I setup the W2K3 DHCP Server as Secondary DNS Servers? And will
they replicate DNS with the DC's?
"Kevin D. Goodknecht Sr. [MVP]" wrote:
[Quoted Text] > Read inline please. > > In news:50B68257-7B86-4AF7-860D-76D41631AF7E[ at ]microsoft.com, > rjones <rjones[ at ]discussions.microsoft.com> typed: > > I have a single domain active-directory environment with (2) Windows > > 2003 Server Domain Controllers and (1) Windows 2000 Server Domain > > Controller. I have 11 remote sites running either Windows 2003 Server > > or Windows 2000 Server as DHCP Servers. > > I want to setup each of the remote DHCP Servers as DNS Servers for > > their user PC's, and have then replicate or update DNS with the DC's? > > > > How can I accomplish this? > > So are we to assume that the remote DHCP servers are not Domain Controllers? > Setting up DHCP to update DNS is fairly easy, but you should use Win2k3 DHCP > servers, which can make secure DNS updates. But, if they are member servers > they can only hold secondary zones, which through the use of the SOA record, > can send updates to primary servers, but they won't be able to update a > secure zone. > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728> =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > > > |
|
Read inline please.
In news:524ABF2A-4FA3-45CC-9D5A-7F68B39C8B61[ at ]microsoft.com,
rjones <rjones[ at ]discussions.microsoft.com> typed:
[Quoted Text] > Correct, the DHCP Server are not Domain Controller. The DHCP Server
> that are running Windows 2003 Server I would like to set up as DNS
> Servers. The other DHCP Server that are running W2K Server will be
> rebuilt as W2K3 later this year, then I can set them up as DNS
> Servers also.
>
> So should I setup the W2K3 DHCP Server as Secondary DNS Servers? And
> will they replicate DNS with the DC's?
Secondary zones are not, and cannot be Active Directory integrated, and do
not participate in replication, however, they can have AD integrated zones
as their masters.
If dynamic DNS updates are you main goal, don't mix Win2k and Win2k3 DHCP
servers. You should use all Win2k3 DHCP, with the same user account
configured on the Advanced tab, for the DHCP service to use in updating DNS.
Keep in mind, DHCP uses the DNS servers listed in TCP/IP properties on its
network connections for updating DNS, not the DNS servers listed in its
scopes as you may expect.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
My primary goal is not to have remote site clients coming all the way back to
the main site for DNS request. I have the client TCP/IP properties sent up to
recieve DNS addresses automatically, and the DHCP scope is set up to point
them to the remote DHCP Server. So what are my options:
1. Set up only the W2K3 DHCP Servers as DNS Servers, and how would I
configure them for this scenario?
2. Rebuild all DHCP Servers to W2K3 Server, and how would I configure them
for this scenario?
"Kevin D. Goodknecht Sr. [MVP]" wrote:
[Quoted Text] > Read inline please. > > In news:524ABF2A-4FA3-45CC-9D5A-7F68B39C8B61[ at ]microsoft.com, > rjones <rjones[ at ]discussions.microsoft.com> typed: > > Correct, the DHCP Server are not Domain Controller. The DHCP Server > > that are running Windows 2003 Server I would like to set up as DNS > > Servers. The other DHCP Server that are running W2K Server will be > > rebuilt as W2K3 later this year, then I can set them up as DNS > > Servers also. > > > > So should I setup the W2K3 DHCP Server as Secondary DNS Servers? And > > will they replicate DNS with the DC's? > > Secondary zones are not, and cannot be Active Directory integrated, and do > not participate in replication, however, they can have AD integrated zones > as their masters. > > If dynamic DNS updates are you main goal, don't mix Win2k and Win2k3 DHCP > servers. You should use all Win2k3 DHCP, with the same user account > configured on the Advanced tab, for the DHCP service to use in updating DNS. > Keep in mind, DHCP uses the DNS servers listed in TCP/IP properties on its > network connections for updating DNS, not the DNS servers listed in its > scopes as you may expect. > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728> =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > > > |
|
In news:266B9CEA-A0A4-4174-9F69-DA1E783AA11D[ at ]microsoft.com,
rjones <rjones[ at ]discussions.microsoft.com> typed:
[Quoted Text] > My primary goal is not to have remote site clients coming all the way
> back to the main site for DNS request. I have the client TCP/IP
> properties sent up to recieve DNS addresses automatically, and the
> DHCP scope is set up to point them to the remote DHCP Server. So what
> are my options:
> 1. Set up only the W2K3 DHCP Servers as DNS Servers, and how would I
> configure them for this scenario?
> 2. Rebuild all DHCP Servers to W2K3 Server, and how would I configure
> them for this scenario?
>
How many users are at this remote site? The AD design rules/guidelines
states if there are 10 or more, and/or there are multiple services at that
location that require frequent authentication traffic, put a DC there and
create a separate site. After all, you already have a 2003 server at that
location that can be promoted to a DC. DC replication traffic will use less
bandwidth than authentication and DNS query traffic.
If you have less than 10, such as a small office with 5 or 6 people and one
printer, I wouldn't worry about the amount of DNS traffic generated for it
is extremely small and will not break the bank.
If you insist on keeping the server a non-DC, then I suggest to do what
Kevin suggested and create a secondary zone and stipulate the master as
being one of the DC/DNS servers in the main site or another site.
--
Regards,
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations
Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
"Quitting smoking is easy. I've done it a thousand times." - Mark Twain
|
|
And would you suggest that I configure each of the Remote Site new DC's into
it's own site in AD, or not?
"Ace Fekay [MVP]" wrote:
[Quoted Text] > In news:266B9CEA-A0A4-4174-9F69-DA1E783AA11D[ at ]microsoft.com, > rjones <rjones[ at ]discussions.microsoft.com> typed: > > My primary goal is not to have remote site clients coming all the way > > back to the main site for DNS request. I have the client TCP/IP > > properties sent up to recieve DNS addresses automatically, and the > > DHCP scope is set up to point them to the remote DHCP Server. So what > > are my options: > > 1. Set up only the W2K3 DHCP Servers as DNS Servers, and how would I > > configure them for this scenario? > > 2. Rebuild all DHCP Servers to W2K3 Server, and how would I configure > > them for this scenario? > > > > How many users are at this remote site? The AD design rules/guidelines > states if there are 10 or more, and/or there are multiple services at that > location that require frequent authentication traffic, put a DC there and > create a separate site. After all, you already have a 2003 server at that > location that can be promoted to a DC. DC replication traffic will use less > bandwidth than authentication and DNS query traffic. > > If you have less than 10, such as a small office with 5 or 6 people and one > printer, I wouldn't worry about the amount of DNS traffic generated for it > is extremely small and will not break the bank. > > If you insist on keeping the server a non-DC, then I suggest to do what > Kevin suggested and create a secondary zone and stipulate the master as > being one of the DC/DNS servers in the main site or another site. > > -- > Regards, > Ace > > Innovative IT Concepts, Inc (IITCI) > Willow Grove, PA > > This posting is provided "AS-IS" with no warranties or guarantees and > confers no rights. > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP > Microsoft MVP - Directory Services > Microsoft Certified Trainer > > Infinite Diversities in Infinite Combinations > > Having difficulty reading or finding responses to your post? > Instead of the website you're using, try using OEx (Outlook Express > or any other newsreader), and configure a news account, pointing to > news.microsoft.com. Anonymous access. It's free - no username or password > required nor do you need a Newsgroup Usenet account with your ISP. It > connects directly to the Microsoft Public Newsgroups. OEx allows you > o easily find, track threads, cross-post, sort by date, poster's name, > watched threads or subject. It's easy: > > How to Configure OEx for Internet News > http://support.microsoft.com/?id=171164> > "Quitting smoking is easy. I've done it a thousand times." - Mark Twain > > > |
|
In news:8E9EDEEE-B442-40BF-92B6-765445EB209B[ at ]microsoft.com,
rjones <rjones[ at ]discussions.microsoft.com> typed:
[Quoted Text] > And would you suggest that I configure each of the Remote Site new
> DC's into it's own site in AD, or not?
Absolutely. Definitely. That's the whole thing about Sites and how logon and
other types of authentication traffic from clients is controlled to stay
within the sites. Once the sites are properly created you can also use the
Printer Location feature. Also when you configure the clients, whether using
DHCP or static, only specificy the local DC as their DNS server. Also if a
DC, and the zone is ADI, and you install DNS on the DC, the zone will
auto-appear in DNS.
Just make sure you create the sites properly as well as the subnet object
for that site and associated with the Site you created.
Ace
|
|
I use this same approach for my SAV topology since all Internet access comes
through my main office. Would you suggest I point the Time Server service the
same way? Any other services you can think of that I could keep the traffic
at the remote site and ease any bandwidth latency?
"Ace Fekay [MVP]" wrote:
[Quoted Text] > In news:8E9EDEEE-B442-40BF-92B6-765445EB209B[ at ]microsoft.com,
> rjones <rjones[ at ]discussions.microsoft.com> typed:
> > And would you suggest that I configure each of the Remote Site new
> > DC's into it's own site in AD, or not?
>
> Absolutely. Definitely. That's the whole thing about Sites and how logon and
> other types of authentication traffic from clients is controlled to stay
> within the sites. Once the sites are properly created you can also use the
> Printer Location feature. Also when you configure the clients, whether using
> DHCP or static, only specificy the local DC as their DNS server. Also if a
> DC, and the zone is ADI, and you install DNS on the DC, the zone will
> auto-appear in DNS.
>
> Just make sure you create the sites properly as well as the subnet object
> for that site and associated with the Site you created.
>
> Ace
>
>
>
|
|
In news:4CD7509C-3572-42A6-AD4A-64B7664DCD9C[ at ]microsoft.com,
rjones <rjones[ at ]discussions.microsoft.com> typed:
[Quoted Text] > I use this same approach for my SAV topology since all Internet
> access comes through my main office. Would you suggest I point the
> Time Server service the same way? Any other services you can think of
> that I could keep the traffic at the remote site and ease any
> bandwidth latency?
Actually the time service in an AD topology on clients (Win2000 and newer)
considers the DC that holds the PDC Emulator Role to be their time source.
On that DC, run this command to ensure it gets it's time synched from a
reliable internet time source (in this case, the IP I provided below is a US
Navy time source). You will also want to insure NTP UDP 123 is open to this
DC.
For Windows 2003 on the PDC Emulator:
net stop w32time
net time /setstntp:192.5.41.41
net start w32time
For Windows 2000 PDC Emulator:
net stop w32time
net time /setstntp:192.5.41.41
w32tm -once
net start w32time
Honestly the time service uses so little bandwidth it is almost negligible.
To answer other questions about bandwidth and services I need to know
more...
How many users are in that site?
What speed and type of link exists between the main office and this site?
Is it using VPN (I assume it is)?
Ace
|
|
In news:4CD7509C-3572-42A6-AD4A-64B7664DCD9C[ at ]microsoft.com,
rjones <rjones[ at ]discussions.microsoft.com> typed:
[Quoted Text] > I use this same approach for my SAV topology since all Internet
> access comes through my main office. Would you suggest I point the
> Time Server service the same way? Any other services you can think of
> that I could keep the traffic at the remote site and ease any
> bandwidth latency?
And also to add to the list, what type of services and applications are
running at that site? Are any of the services and apps conencted to the main
site for configuration purposes or the central database is at the main site?
Also,do you have Exchange installed in the org?
Ace
|
|
Read inline please.
In news:4CD7509C-3572-42A6-AD4A-64B7664DCD9C[ at ]microsoft.com,
rjones <rjones[ at ]discussions.microsoft.com> typed:
[Quoted Text] > I use this same approach for my SAV topology since all Internet
> access comes through my main office. Would you suggest I point the
> Time Server service the same way? Any other services you can think of
> that I could keep the traffic at the remote site and ease any
> bandwidth latency?
On the subject of the time server, the PDC is the DC that sync's time with
an external source, other DCs get their time from the PDC, and all other
member servers/clients get their time from the first DC that responds with
authority, which depends on whether the DC was able to get time from the
last time it polled the PDC for time and how much correction it had the last
time it reset its time and if it was out of its maximum correction limit. If
a DC's time is off more than a preset limit, (Default 5000ms IIRC) it marks
it time as not authoritative.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|