Real scenario - The way in which 2003 AD integrates the _msdcs subdomain (now a zone) causes it to replicate forest wide. This one zone subsequently becomes writable on every K3 DNS(/DC) server within the forest. I didn't ask it to do that, I didn't intentionally make a key component of AD available for modification ... all I said was "replicate it better" (obviously that's highly simplified but you get the idea :-).
Hypothetical scenario - I'd like a non-AD related DNS zone available at every one of my hundreds of sites. Each site has DCs/DNS servers running K3. I'd like the zone's writability constrained (and enforced) to the head-office site alone. The moment I AD integrate to take advantage of the vastly superior replication semantics, I inadvertently expose it to offsite change ... again, all I wanted was to exploit replication not the multimaster nature of AD. I can, of course, re-ACL the whole thing but, believe me, that's more pain than I'm prepared to inflict on myself ... you, on the other hand, may like that ;-). My feeling is simply this; we would be better served by being offered a choice as to which features are made available when a zone is AD integrated. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 19, 2004 11:29 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? I see what you are saying, but ..... why would I want to store the zone info of DomainA in the AD of DomainB in an independent/disjointed, non-trusting environment? What would be the compelling reason? Would something improve or work better if this is implemented? Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Dean Wells Sent: Fri 11/19/2004 8:24 AM To: Send - AD mailing list Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? Deji, There would a concept of "AD integrated secondaries" had MS decided to write it; it may be desirable (to some) to maintain read-only yet AD replicated zones. I guess the point in question is - MS didn't. I've asked the question directly to those that chose not to within MS and their response was quite simply "because we didn't :)". -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, November 19, 2004 11:13 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: Why no AD integrated DNS secondary zones? Because when it's integrated, there is no concept of "secondaries" as we understood it to be in pre-2Kx world. It's there in AD, and any DC can see and write to it. Now, if you are secondarying the zones on another server located in another forest/network, why would you want to store that info in your own AD. You will not be modifying that zone locally on the secondary anyway. Or, are you intending to? Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Ken Cornetet Sent: Fri 11/19/2004 6:56 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: Why no AD integrated DNS secondary zones? OK, integrated stub zones are cool, but I'm curious - why did MS stop there? Why no integrated secondaries? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
