Also I have to point out that I've worked on many, many AD deployments where in-place upgrades have been extremely successful.
Lot's of cleanup on the front end makes an in-place upgrade a breeze. On 12/16/04 4:20 PM, "Renouf, Phil" <[EMAIL PROTECTED]> wrote: > I wouldn't worry about it too much. The situation you are in may not be > the optimal design, but it is not an uncommon design either. There are a > pretty large number of AD installs that use a split level DNS structure > the same way you are. I think you've got a pretty good setup right now > with a script that replicated external DNS names in your internal DNS > structure, most places would just leave that as a manual syncronization. > I know of some very large companies that have split level DNS that > replicate them manually. > > I'd say that live with it the way it is now and the next time you see an > opportunity to restructure your AD environment, take the time to > redesign the forest and DNS structure the way you want it. > > Phil > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Edwin > Sent: Thursday, December 16, 2004 3:50 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Domain Name and DNS Problems > > It looks like I am just going to have to deal with the DNS problem as it > is. I can perform the upgrade as easy as it sounds but I have never > done one before. I dont mind jumping in and doing the work but I dont > think my superiors will let me. I know that I can setup a test > environment to at least get me familiar with the process for the first > time but I am sure that it will be deemed to risky by those who will > make the ultimate decision of moving on with this or not. > > Aside from that there are licensing issues with the latest version of > Exchange. I dont think that the money will be invested in the upgrade. > > One lesson definately learned is NEVER to use your already in use domain > again for Active Directory. I guess next time management should have > sent me to training instead of me having to come up with a solution on > my own. > > Thank you all for your assistance. > > Edwin > > > On Thu, 2004-12-16 at 14:58 +0100, Jorge de Almeida Pinto wrote: > > > and be sure to have recovery procedure im place (up-to-date and > tested) for your AD forest if something goes wrong! > regards > jorge > > > ________________________________ > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric > Sent: Tuesday, December 14, 2004 20:01 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Domain Name and DNS Problems > > > > Edwin, > > > > You could theoretically upgrade your Exchange server to E2K3 > followed by an upgrade of the OS to W2K3. At this point, even with the > W2K Pro systems, you could perform a domain rename assuming your forest > has a functional level of (2) Windows Server 2003 as a fix now exists > for E2K3. Keep in mind that the domain rename process is not for the > faint of heart and you should dedicate an entire weekend to it for your > relatively small environment...just in case. Also be sure and read > through the approx. 90 page white paper regarding the rename process. > > > > Aside from that, you are doing what many other organizations do > when a split-brain DNS is implemented. > > > > Regards, > > > > Aric > > > > > ________________________________ > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Edwin > Sent: Tuesday, December 14, 2004 10:01 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Domain Name and DNS Problems > > > > > That is why I mentioned the Perl script that is used. That is > exactly what it does. But this is not what I would like to see. I > would like for our internal AD DNS to only host records for our internal > systems and forward any other unresolved requests. > > > On Tue, 2004-12-14 at 09:29 -0500, Salandra, Justin A. wrote: > > > > Why don't you just duplicate the records in the public DNS zone > to the private zone. That is what I do since both my internal and > external namespaces are the same. > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Edwin > Sent: Tuesday, December 14, 2004 9:04 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Domain Name and DNS Problems > > > > Hello Everyone. I have an ongoing problem and would like to get > some assistance please. > > The domain that I am currently responsible for is the first > domain that I have ever configured. As a result there was a lot of > trial and error and most things were resolved but there remains this one > problem that still lingers. I will try to explain as best as I can the > scenario. > > I work for a company (mycompany.net) and we host many web > servers out on the public Internet. Our servers follow a naming scheme > that is dependent on the type of OS or special purpose for that server. > i.e. w39322.mycompany.net for Windows Web Servers and > l23841.mycompany.net for Linux servers. There are other naming > conventions that is not important for this topic. > > Throughout the every day work environment we are constantly > accessing these servers for trouble shooting, investigations or other > general use. The web servers are authoritative to public name servers > ns1.mycompany.net and ns2.mycompany.net > > When the domain was put online within our internal network, I > used mycompany.net as the domain name. I also have DNS services for the > domain on a one of the DC's. Since I have named our internal domain the > same as our public domain, we ran into problems where we were no longer > able to connect to our web servers on the Internet. As a workaround > solution we wrote a Perl script that goes out to our public name servers > and reads the mycompany.net zone and grabs any information that it does > not have. The data is then written to a text file that then runs DNSCMD > to import the data into the DC's DNS zone for mycompany.net > > This is okay but still problematic and ultimately not the > solution that I would like to have. > > Our domain consists of: > > 1. 2 Win2K3 Standard DC's > 2. 1 Win2K3 Standard File Server > 3. 1 Win2K Exchange Server with Exchange 2000 > 4. Win2K Professional Workstations > >> From what I understand Win2K3 has a new feature that will allow > for you to change the domain name of an already configured network. But > this will not apply to me since I have Win2K Pro Clients and an Exchange > 2K Server. > > We do have an internal name server but it is a caching name > server for the authoritative public name server. It is my understanding > that AD requires for the nameserver to be authoritative for the domain > and support SRV records. SRV records are not a problem but the > authoritative part is since our public name server hold that role and it > is not able to be changed. Also, to make the server authoritative would > mean that our internal systems could be known by the public Internet. > > Can anyone offer any suggestions to overcome this problem? > Ultimately, what I would like to have done is for the mycompany.net zone > on the AD DNS Server only to contain entries for our internal network. > Any requests not resolved by the AD DNS server then get forwarded to the > public name server. This would allow me to then clean up the zone for > the AD DNS server and still have the functionality that we require. > > Is this possible? > > Thank you all for your replies. > > > > > > This e-mail and any attachment is for authorised use by the > intended recipient(s) only. It may contain proprietary material, > confidential information and/or be subject to legal privilege. It should > not be copied, disclosed to, retained or used by, any other party. If > you are not an intended recipient then please promptly delete this > e-mail and any attachment and all copies and inform the sender. Thank > you. > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
