|
|
One group has setup an internal Forest with 2 member domains, which
I'm not familiar with the concept of member domains. They have
main.local forest with 1stmember.local and 2ndmember.local domains.
Are these seperate Forests?
When I do a nslookup -type=ns 2ndmember.local, I see that all the name
servers for the 3 domains are listed. However when I query each name
server the only name server that respond are in the 2ndmember.local
domain. What's not configured on the other name servers that they
don't respond with the answer?
Thanks
Mike
|
|
"mmccaws2" <mmccaws[ at ]comcast.net> wrote in message
news:009a69ae-1912-481f-838a-5fd6f397a41f[ at ]l62g2000hse.googlegroups.com...
[Quoted Text] > One group has setup an internal Forest with 2 member domains, which
> I'm not familiar with the concept of member domains. They have
> main.local forest with 1stmember.local and 2ndmember.local domains.
> Are these seperate Forests?
>
> When I do a nslookup -type=ns 2ndmember.local, I see that all the name
> servers for the 3 domains are listed. However when I query each name
> server the only name server that respond are in the 2ndmember.local
> domain. What's not configured on the other name servers that they
> don't respond with the answer?
They are all "members" of the Forest. Any domain is going to be a member of
the Forest, it is just a matter of what "level" they exist at. A forest can
have many "trees" [Root domains],...these in your example are all domains at
the "top",...at the same "level",...with each representing its own separate
"tree" within the Forest. If you create any Child Domains under
these,...then they reflect "branches" within each "tree" that they are part
of.
I have never created a model like this,...probably never would,...so I have
no real personal experience with that one,...So,..if my illustration is
flawed then I will stand corrected by anyone who has more experience with
that model who can correct me.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
Hi, Forests can have multiple domains but they only have 1 root domain, even
if there are multiple trees. The root domain is the first domain created in
the forest and contains the schema admins and enterprise admins groups. A DC
in the root domain also holds the schema master role and the domain naming
master role.
--
James Yeomans, BSc, MCSE
"Phillip Windell" wrote:
[Quoted Text] > "mmccaws2" <mmccaws[ at ]comcast.net> wrote in message
> news:009a69ae-1912-481f-838a-5fd6f397a41f[ at ]l62g2000hse.googlegroups.com...
> > One group has setup an internal Forest with 2 member domains, which
> > I'm not familiar with the concept of member domains. They have
> > main.local forest with 1stmember.local and 2ndmember.local domains.
> > Are these seperate Forests?
> >
> > When I do a nslookup -type=ns 2ndmember.local, I see that all the name
> > servers for the 3 domains are listed. However when I query each name
> > server the only name server that respond are in the 2ndmember.local
> > domain. What's not configured on the other name servers that they
> > don't respond with the answer?
>
> They are all "members" of the Forest. Any domain is going to be a member of
> the Forest, it is just a matter of what "level" they exist at. A forest can
> have many "trees" [Root domains],...these in your example are all domains at
> the "top",...at the same "level",...with each representing its own separate
> "tree" within the Forest. If you create any Child Domains under
> these,...then they reflect "branches" within each "tree" that they are part
> of.
>
> I have never created a model like this,...probably never would,...so I have
> no real personal experience with that one,...So,..if my illustration is
> flawed then I will stand corrected by anyone who has more experience with
> that model who can correct me.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>
|
|
On Oct 9, 5:14 am, James Yeomans BSc, MCSE
<JamesYeomansBScM...[ at ]discussions.microsoft.com> wrote:
[Quoted Text] > Hi, Forests can have multiple domains but they only have 1 root domain, even
> if there are multiple trees. The root domain is the first domain created in
> the forest and contains the schema admins and enterprise admins groups. A DC
> in the root domain also holds the schema master role and the domain naming
> master role.
> --
> James Yeomans, BSc, MCSE
>
> "Phillip Windell" wrote:
> > "mmccaws2" <mmcc...[ at ]comcast.net> wrote in message
> >news:009a69ae-1912-481f-838a-5fd6f397a41f[ at ]l62g2000hse.googlegroups.com....
> > > One group has setup an internal Forest with 2 member domains, which
> > > I'm not familiar with the concept of member domains. They have
> > > main.local forest with 1stmember.local and 2ndmember.local domains.
> > > Are these seperate Forests?
>
> > > When I do a nslookup -type=ns 2ndmember.local, I see that all the name
> > > servers for the 3 domains are listed. However when I query each name
> > > server the only name server that respond are in the 2ndmember.local
> > > domain. What's not configured on the other name servers that they
> > > don't respond with the answer?
>
> > They are all "members" of the Forest. Any domain is going to be a member of
> > the Forest, it is just a matter of what "level" they exist at. A forest can
> > have many "trees" [Root domains],...these in your example are all domains at
> > the "top",...at the same "level",...with each representing its own separate
> > "tree" within the Forest. If you create any Child Domains under
> > these,...then they reflect "branches" within each "tree" that they are part
> > of.
>
> > I have never created a model like this,...probably never would,...so I have
> > no real personal experience with that one,...So,..if my illustration is
> > flawed then I will stand corrected by anyone who has more experience with
> > that model who can correct me.
>
> > --
> > Phillip Windell
> >www.wandtv.com
>
> > The views expressed, are my own and not those of my employer, or Microsoft,
> > or anyone else associated with me, including my cats.
> > -----------------------------------------------------
The name servers list that came back from nslookup -type=ns
2ndmember.local query with
ns1.2ndmember.local
ns2.2ndmember.local
ns3.2ndmember.local
ns1.1stmember.local
ns1.main.local
ns2.main.local
the only name servers that responded to the query were from the
2ndmember.local domain.
I'm trying to understand why nslookup reported that these servers were
authorative and yet when directly queried, there was no response from
the name servers from domains 1stmember.local and main.local. The
computer that ran the query was not a member of any of these domains.
Thanks
Mike
|
|
"James Yeomans BSc, MCSE" <JamesYeomansBScMCSE[ at ]discussions.microsoft.com>
wrote in message news:626988DC-598B-4413-A51A-27AE7B355494[ at ]microsoft.com...
[Quoted Text] > Hi, Forests can have multiple domains but they only have 1 root domain,
> even
> if there are multiple trees. The root domain is the first domain created
> in
> the forest and contains the schema admins and enterprise admins groups. A
> DC
> in the root domain also holds the schema master role and the domain naming
> master role.
Ok, so other than me refering to the trees as roots, the rest is correct?
What is the best way to describe the relationship of the first Domain (root)
to the trees?,..both including and not including the one it is in?
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
The key to the forest root is the forst level roles and groups that it stores
(the ones i mentioned previously). Trees are linked by a 2 way transitive
trust that flows between the domains at the top of each tree. It actualy sits
at the same level as the rest of the domains at the top of their respective
trees and just has a bit of extra responsibility. Hope that makes sense
James :)
--
James Yeomans, BSc, MCSE
"Phillip Windell" wrote:
[Quoted Text] > "James Yeomans BSc, MCSE" <JamesYeomansBScMCSE[ at ]discussions.microsoft.com>
> wrote in message news:626988DC-598B-4413-A51A-27AE7B355494[ at ]microsoft.com...
> > Hi, Forests can have multiple domains but they only have 1 root domain,
> > even
> > if there are multiple trees. The root domain is the first domain created
> > in
> > the forest and contains the schema admins and enterprise admins groups. A
> > DC
> > in the root domain also holds the schema master role and the domain naming
> > master role.
>
> Ok, so other than me refering to the trees as roots, the rest is correct?
> What is the best way to describe the relationship of the first Domain (root)
> to the trees?,..both including and not including the one it is in?
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
>
|
|
"James Yeomans BSc, MCSE" <JamesYeomansBScMCSE[ at ]discussions.microsoft.com>
wrote in message news:20108C50-E9B4-4C10-AD5B-A17716167464[ at ]microsoft.com...
[Quoted Text] > The key to the forest root is the forst level roles and groups that it
> stores
> (the ones i mentioned previously). Trees are linked by a 2 way transitive
> trust that flows between the domains at the top of each tree. It actualy
> sits
> at the same level as the rest of the domains at the top of their
> respective
> trees and just has a bit of extra responsibility. Hope that makes sense
> James :)
Makes sense to me. It is kinda like the similar concept that two DCs in AD
are "peers" yet one (typically the first) has the PDC role so it has a
little more work to deal with.
Thanks James..
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
On Oct 9, 8:40 am, "Phillip Windell" <philwind...[ at ]hotmail.com> wrote:
[Quoted Text] > "James Yeomans BSc, MCSE" <JamesYeomansBScM...[ at ]discussions.microsoft.com>
> wrote in messagenews:20108C50-E9B4-4C10-AD5B-A17716167464[ at ]microsoft.com....
>
> > The key to the forest root is the forst level roles and groups that it
> > stores
> > (the ones i mentioned previously). Trees are linked by a 2 way transitive
> > trust that flows between the domains at the top of each tree. It actualy
> > sits
> > at the same level as the rest of the domains at the top of their
> > respective
> > trees and just has a bit of extra responsibility. Hope that makes sense
> > James :)
>
> Makes sense to me. It is kinda like the similar concept that two DCs in AD
> are "peers" yet one (typically the first) has the PDC role so it has a
> little more work to deal with.
>
> Thanks James..
>
> --
> Phillip Windellwww.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
So, why do wouldn't all name servers listed listed in the response
(nslookup -type=ns 2ndmember.local) answer a query?
|
|
On Oct 9, 10:05 am, mmccaws2 <mmcc...[ at ]comcast.net> wrote:
[Quoted Text] > On Oct 9, 8:40 am, "Phillip Windell" <philwind...[ at ]hotmail.com> wrote:
>
>
>
> > "James Yeomans BSc, MCSE" <JamesYeomansBScM...[ at ]discussions.microsoft.com>
> > wrote in messagenews:20108C50-E9B4-4C10-AD5B-A17716167464[ at ]microsoft.com....
>
> > > The key to the forest root is the forst level roles and groups that it
> > > stores
> > > (the ones i mentioned previously). Trees are linked by a 2 way transitive
> > > trust that flows between the domains at the top of each tree. It actualy
> > > sits
> > > at the same level as the rest of the domains at the top of their
> > > respective
> > > trees and just has a bit of extra responsibility. Hope that makes sense
> > > James :)
>
> > Makes sense to me. It is kinda like the similar concept that two DCs in AD
> > are "peers" yet one (typically the first) has the PDC role so it has a
> > little more work to deal with.
>
> > Thanks James..
>
> > --
> > Phillip Windellwww.wandtv.com
>
> > The views expressed, are my own and not those of my employer, or Microsoft,
> > or anyone else associated with me, including my cats.
> > -----------------------------------------------------
>
> So, why do wouldn't all name servers listed listed in the response
> (nslookup -type=ns 2ndmember.local) answer a query?
It turns out there was a firewall that I wasn't aware of in-between my
computer and the dns servers .
Thanks for your help
|
|
"mmccaws2" <mmccaws[ at ]comcast.net> wrote in message
news:c673612b-992e-4782-a51d-c1b9d33c6bb2[ at ]c36g2000prc.googlegroups.com...
[Quoted Text] > It turns out there was a firewall that I wasn't aware of in-between my
> computer and the dns servers .
That's why networks need to be documented or at minimum be designed and
layed out simple enough so that you can just "look at it" and know what is
there. There should not be firewalls and routers that you don't know are
there.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
|
|
On Oct 10, 6:32 am, "Phillip Windell" <philwind...[ at ]hotmail.com> wrote:
[Quoted Text] > "mmccaws2" <mmcc...[ at ]comcast.net> wrote in message
>
> news:c673612b-992e-4782-a51d-c1b9d33c6bb2[ at ]c36g2000prc.googlegroups.com...
>
> > It turns out there was a firewall that I wasn't aware of in-between my
> > computer and the dns servers .
>
> That's why networks need to be documented or at minimum be designed and
> layed out simple enough so that you can just "look at it" and know what is
> there. There should not be firewalls and routers that you don't know are
> there.
>
> --
> Phillip Windellwww.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
Amen!!
|
|
|