I am with you on that. Which is why I said my suggestion is not a replacement for WINS. But, for the items under discussion, I can say "WINS? What WINS?" Remember our discussion about devolution and DNS Suffixes a while back? This is where the concept comes into play. A process is asked to look for, say, "Rick", where no WINS exists. It says to itself "Rick is not qualified [1], so let me see what I have in my suffix list". It sees "Akomolafe.who, Kingslan.what, anyone.no" - in that order. It immediately devolves the lookup to "Rick.akomolafe.who". Since "akomolafe.who" has no record of a Rick, the process moves on and devolves to "Rick.Kingslan.what" and gets a hit. Some milliseconds added to the lookup, yes, but it found the record anyway. Would WINS have helped? Certainly, IF there is a replication of WINS records between the domains in question. If there is no replication, then ..... [1] I know you are qualified, Rick. That was just a figure of speech ;) Sincerely,
D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Rick Kingslan Sent: Tue 5/31/2005 7:00 PM To: [email protected] Subject: RE: [ActiveDir] _msdcs question But, my experiments have shown that though you might be able to get rid of WINS for Exchange purposes, the Office team hasn't quite grown past its use. Outlook (including 2003) has a bit of a hard time finding its mailbox if WINS is not active (or, at least an LMHosts file in place). Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, May 31, 2005 8:45 PM To: [email protected] Subject: RE: [ActiveDir] _msdcs question >>>> Exchange also is relies on WINS name resolution. You cannot install Exchange without WINS name resolution. If you mean in a multi-domain environment, yes but....... You don't need WINS per se. With appropriate DNS suffixes, you can overcome the NetBIOS resolution limitations that necessitates the WINS requirement. I am not saying don't use WINS or that you can get rid of WINS easily. I am just saying that for purposes like these (Exchange install in a multi-domain environ, or trust establishment, etc), it is not a necessity IF you do the necessary home-work. Sincerely, D�j� Ak�m�l�f�, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Santhosh Sivarajan Sent: Tue 5/31/2005 4:59 PM To: [email protected] Subject: Re: [ActiveDir] _msdcs question Deji, I completely understand your point but from my experience, if you don't have NetBIOS name resolution you cannot establish a trust. Also, you need to make sure all the required ports are open between two Domains. (http://support.microsoft.com/default.aspx?scid=kb;en-us;179442) Exchange also is relies on WINS name resolution. You cannot install Exchange without WINS name resolution. HTH Santhosh Santhosh Sivarajan MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ Houston, TX On 5/31/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Santhosh, I don't understand the significance of WINS here, as opposed to > getting DNS resolution properly working. Since he's on W2K3, wouldn't it be > better that he uses a stub of each domain on the other side of the trust (or > even cond fwding for that matter)? Just curious. > > On a similar note, I've noticed that the trust process (and other processes, > like Exchange Server Migration in ADMT) uses NetBIOS lookup instead of doing > an FQDN lookup. One way I do this is to simply create an A record in MY zone > for the DC on the other side. By creating the A record, the query will simply > get handed the record for that DC. This works IF the name of the DC on the > other side is not the same as the name of any of the DC in MY domain. Let me > explain with an example. > > MYDomain wants to trust YOURDomain. YourDomain has a DC called YourDC. During > the trust establishment process, I see a query for YourDC, which of course > does not exist in MyDomain, and because YourDomain is also not on my suffix, > no record is located. > > So, I create an A record for YourDC and give it the true IP of YourDC. So, > now the process goes and query for YourDC (instead of YourDC.YourDomain), it > gets resolved to the YourDC that is located in MyDomain, which happens to be > the same as YourDC.YourDomain. > > > Deji > > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Santhosh Sivarajan > Sent: Tue 5/31/2005 2:07 PM > To: [email protected] > Subject: Re: [ActiveDir] _msdcs question > > > > I don't think you have to do anything with your _msdcs zone. You have > to have WINS name resolution in-order to configure the trust. What is > your WINS configuration? Can you ping both Domain DCs using NetBIOS > and FQDN? > > HTH > Santhosh > > Santhosh Sivarajan > MCSE(W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),CCNA,Network+ > Houston, TX > > > On 5/31/05, Rimmerman, Russ <[EMAIL PROTECTED]> wrote: > > > > We upgraded our Win2k AD domain to Win2k3 a few months ago. Now I'm > > attempting to set up a two-way trust with an outside Win2k3 domain, and > > I found out that _msdcs.company.com in the Win2k3 domain is at the same > > level as the company.com zone. So I found out this means that they > > build this as a Win2k3 domain rather than upgrading from Win2k. > > > > I found http://support.microsoft.com/?id=817470 on how to reconfigure an > > _msdcs subdomain to a forest-wide DNS application directory partition > > when you upgrade from Win2k to Win2k3, but we haven't done that (didn't > > know about it until just now). > > > > Question is - I want to set up a two-way trust with this win2k3 domain, > > but when I set them up as a secondary zone in our empty root domain, we > > didn't get the _msdcs data since it's just a grey reference folder > > rather than actual data. > > > > How do I get the two-way trust working? Do I have to set up two > > secondary zones in my empty root domain, one for company.com and one for > > _msdcs.company.com? > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > This e-mail is confidential, may contain proprietary information > > of the Cooper Cameron Corporation and its operating Divisions > > and may be confidential or privileged. > > > > This e-mail should be read, copied, disseminated and/or used only > > by the addressee. If you have received this message in error please > > delete it, together with any attachments, from your system. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
