RE: [ActiveDir] DNS Name resolution issues
Might this not be related to the node type being issued? I remember the node controlling the name resolution order but don't remember the specifics. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 15 July 2004 23:49 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Name resolution issues I work in the desktop area and we see some peculiar things around DNS name resolution. When I ask our server guys, I get some answers that don't seem to make sense. We are running Windows 2003 servers with Wins and my problems are:- 1. Duplicate IP entries in DNS. I have a program that gets a list of all workstations in Active Directory, then does a DNS lookup on them. I find multiple workstations with the same IP address. I assume that one of the machines is an old machine that no longer exists. If DHCP is so smart that it tells DNS when it assigns an address to a workstation, why doesn't it also tell DNS when it deassigns it? The lecturer at a course last week said we should Turn on Scavenging to delete the old ones. My server guys say they tried that, but it deleted all of the Static IP Addresses for printers. 2. Inconsistent responses with Reverse lookup. If my program does a reverse lookup on an IP address, sometimes I get a fully qualified name (presumably resolved in DNS) and sometimes just the nodename (presumably resolved in Wins). Now the latter would make sense if I had an IP Address that was defined in Wins but not in DHCP, but if I try and resolve the same IP address multiple times, sometimes I get the Full name, sometimes the short name. My Server guys tell me this is a feature of 2003. It sometimes tries Wins first, sometimes tries DNS first. Sounds a bit dodgey to me! Is it true and if so, is there a way to override this behaviour, ie direct the reverse lookup to:- - only use DNS - only use Wins - or only try Wins if DNS fails? Alan Cuthbertson List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Name Question
Title: Message http://support.microsoft.com/default.aspx?scid=kb;en-us;296250 There's a link that explains it. It talks about SBS Server 2000, but it applies to any 2000/2003 DNS implementation. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BrianSent: Tuesday, February 10, 2004 9:04 AMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS Name Question Hello! Pardon me for a basic question, but an important question I need to understand... We are finally in the beginning phase of moving to AD from NT 4.0 environment and in the process of picking DNS name for our company. Our environment is pretty simple so we are going through domain upgrade instead of using the migration method. Our company has domain Company.com running on non Windows DNS servers. Sine we don't want to run our company's DNS on Windows environment, we have to choose new domain name for AD, correct? So we came up with Company.Corp as the name for our Windows DNS. My concern is that it's not a qualified domain that can't ever be registered with Internic even if we ever wanted to do it in the future (Who know what's going on in the future???). I am wondering if anyone can point me to good documentation that goes over the best practice of picking proper names or tell me that we should not be using .local or .corp for the reason I stated above. Or can't we just use something like Corp.Company.com? Or I should just relax and just use .local or .corp our internal DNS name servers... I'd appreciate any feedback you can give me. Thank you in advance, Brian
RE: [ActiveDir] DNS Name
You could use the .fin and/or .biz DNS names without getting into any AD problems. However, you should think about the fact whether or not you want to connect AD to the internet (not now but in the future?). Don't place your bets on renaming your domains in the future using the new domain renaming features in Windows Server 2003. The renaming is a very complex proces which has significant impact on the availability of the infrastructure. If you're sure you only want to use these names internally you can use these extensions without running into problems. Cheers! John -Original Message- From: George Arezina [mailto:[EMAIL PROTECTED] Sent: woensdag 22 oktober 2003 15:37 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Name Can someone please confirm if they have ever used, aside from the standard .com .org .net, for their AD implementation .biz or .fin domain name structure. I am considering implementing nb.fin or nb.biz domain name for our new AD structure some time in the very near future. Would such a name have any side affects on AD or DNS? Another question not pertaining to the one above. I know Windows 2003 server has drastically changed its default security structure on its folders and volumes through either ACL or DACL. In my test environment, when I created a home folder and when I created a user through ADUC, I was able to create a user's home folder, but the user security ACL's were not there. Under W2K, when you share the home folder, create a new user, and create a user's home folder, you automatically created in the security tab the user's name along with his ACL. Does anyone know how to do the same thing in Windows 2003 server? Thanks George George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. P E-mail: [EMAIL PROTECTED] g Phone:+381 (11) 3202-474 GSM: +381 (63) 342-321 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Name
I personally don't put a lot of weight into the save your top level domain for the Internet argument. I've been hearing that since the W2K JDP and we are already on a second version of AD with no indication that saving your tld will be important in any way. You could always prefix an external forest root domain name with ext or external. This is a prime example of a best practice that many people swear by, but I doubt will ever be justified. Just my $.02 :-) Robbie Allen http://www.rallenhome.com/ -Original Message- From: John Reijnders [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 4:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS Name You could use the .fin and/or .biz DNS names without getting into any AD problems. However, you should think about the fact whether or not you want to connect AD to the internet (not now but in the future?). Don't place your bets on renaming your domains in the future using the new domain renaming features in Windows Server 2003. The renaming is a very complex proces which has significant impact on the availability of the infrastructure. If you're sure you only want to use these names internally you can use these extensions without running into problems. Cheers! John -Original Message- From: George Arezina [mailto:[EMAIL PROTECTED] Sent: woensdag 22 oktober 2003 15:37 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Name Can someone please confirm if they have ever used, aside from the standard .com .org .net, for their AD implementation .biz or .fin domain name structure. I am considering implementing nb.fin or nb.biz domain name for our new AD structure some time in the very near future. Would such a name have any side affects on AD or DNS? Another question not pertaining to the one above. I know Windows 2003 server has drastically changed its default security structure on its folders and volumes through either ACL or DACL. In my test environment, when I created a home folder and when I created a user through ADUC, I was able to create a user's home folder, but the user security ACL's were not there. Under W2K, when you share the home folder, create a new user, and create a user's home folder, you automatically created in the security tab the user's name along with his ACL. Does anyone know how to do the same thing in Windows 2003 server? Thanks George George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. P E-mail: [EMAIL PROTECTED] g Phone:+381 (11) 3202-474 GSM: +381 (63) 342-321 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Name
... going out on a limb there aren't we Robbie?? :) Sarcasm aside, it's a point with which I happen to agree. To date, I've experienced no beneficial behaviors when following this best practice. In fact, having implemented both I have yet to encounter a scenario where one makes any tangible difference over the other. That said, there may still be a reason in later versions of AD, IP or DNS to adhere to this model but; 1) those reasons have never been sufficiently justified to me and 2) by that time it's likely you'll be able to highlight the domain/forest name(s), hit F2 and type a new one :) Dean -- Dean Wells MSEtechnology * Tel: +1 (954) 501-4307 * Email: [EMAIL PROTECTED] http://msetechnology.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robbie Allen Sent: Thursday, October 23, 2003 8:54 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS Name I personally don't put a lot of weight into the save your top level domain for the Internet argument. I've been hearing that since the W2K JDP and we are already on a second version of AD with no indication that saving your tld will be important in any way. You could always prefix an external forest root domain name with ext or external. This is a prime example of a best practice that many people swear by, but I doubt will ever be justified. Just my $.02 :-) Robbie Allen http://www.rallenhome.com/ -Original Message- From: John Reijnders [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 4:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS Name You could use the .fin and/or .biz DNS names without getting into any AD problems. However, you should think about the fact whether or not you want to connect AD to the internet (not now but in the future?). Don't place your bets on renaming your domains in the future using the new domain renaming features in Windows Server 2003. The renaming is a very complex proces which has significant impact on the availability of the infrastructure. If you're sure you only want to use these names internally you can use these extensions without running into problems. Cheers! John -Original Message- From: George Arezina [mailto:[EMAIL PROTECTED] Sent: woensdag 22 oktober 2003 15:37 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Name Can someone please confirm if they have ever used, aside from the standard .com .org .net, for their AD implementation .biz or .fin domain name structure. I am considering implementing nb.fin or nb.biz domain name for our new AD structure some time in the very near future. Would such a name have any side affects on AD or DNS? Another question not pertaining to the one above. I know Windows 2003 server has drastically changed its default security structure on its folders and volumes through either ACL or DACL. In my test environment, when I created a home folder and when I created a user through ADUC, I was able to create a user's home folder, but the user security ACL's were not there. Under W2K, when you share the home folder, create a new user, and create a user's home folder, you automatically created in the security tab the user's name along with his ACL. Does anyone know how to do the same thing in Windows 2003 server? Thanks George George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. P E-mail: [EMAIL PROTECTED] g Phone:+381 (11) 3202-474 GSM: +381 (63) 342-321 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Name
Heck - we didn't HAVE a TLD when we built our AD forest, so we went hugely generic - for both the AD domains and the Exchange infrastructure. Gotta love being divested... -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Robbie Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 8:54 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] DNS Name I personally don't put a lot of weight into the save your top level domain for the Internet argument. I've been hearing that since the W2K JDP and we are already on a second version of AD with no indication that saving your tld will be important in any way. You could always prefix an external forest root domain name with ext or external. This is a prime example of a best practice that many people swear by, but I doubt will ever be justified. Just my $.02 :-) Robbie Allen http://www.rallenhome.com/ -Original Message- From: John Reijnders [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 4:10 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DNS Name You could use the .fin and/or .biz DNS names without getting into any AD problems. However, you should think about the fact whether or not you want to connect AD to the internet (not now but in the future?). Don't place your bets on renaming your domains in the future using the new domain renaming features in Windows Server 2003. The renaming is a very complex proces which has significant impact on the availability of the infrastructure. If you're sure you only want to use these names internally you can use these extensions without running into problems. Cheers! John -Original Message- From: George Arezina [mailto:[EMAIL PROTECTED] Sent: woensdag 22 oktober 2003 15:37 To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Name Can someone please confirm if they have ever used, aside from the standard .com .org .net, for their AD implementation .biz or .fin domain name structure. I am considering implementing nb.fin or nb.biz domain name for our new AD structure some time in the very near future. Would such a name have any side affects on AD or DNS? Another question not pertaining to the one above. I know Windows 2003 server has drastically changed its default security structure on its folders and volumes through either ACL or DACL. In my test environment, when I created a home folder and when I created a user through ADUC, I was able to create a user's home folder, but the user security ACL's were not there. Under W2K, when you share the home folder, create a new user, and create a user's home folder, you automatically created in the security tab the user's name along with his ACL. Does anyone know how to do the same thing in Windows 2003 server? Thanks George George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. P E-mail: [EMAIL PROTECTED] g Phone:+381 (11) 3202-474 GSM: +381 (63) 342-321 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir% 40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Name
For Windows 2000 AD I have used as suffixes for domains .local .bob .test I wouldn't expect you should have issue with the names you are looking at. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Arezina Sent: Wednesday, October 22, 2003 9:37 AM To: [EMAIL PROTECTED] Can someone please confirm if they have ever used, aside from the standard .com .org .net, for their AD implementation .biz or .fin domain name structure. I am considering implementing nb.fin or nb.biz domain name for our new AD structure some time in the very near future. Would such a name have any side affects on AD or DNS? Another question not pertaining to the one above. I know Windows 2003 server has drastically changed its default security structure on its folders and volumes through either ACL or DACL. In my test environment, when I created a home folder and when I created a user through ADUC, I was able to create a user's home folder, but the user security ACL's were not there. Under W2K, when you share the home folder, create a new user, and create a user's home folder, you automatically created in the security tab the user's name along with his ACL. Does anyone know how to do the same thing in Windows 2003 server? Thanks George George Arezina BA, A+, Net+, MCSE 2000 Information Technology Consultant National Bank of Serbia Pop Lukina 7-9, 11000 Belgrade. P E-mail: [EMAIL PROTECTED] g Phone:+381 (11) 3202-474 GSM: +381 (63) 342-321 List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/