the difference is the number of records in the zone that are replicated or transfered. Creating a separate zone for _MSDCS.<ForestRootDomain>.<tld> only replicates or transfers that contents instead of replicating everything in <ForestRootDomain>.<tld> I'm not sure if I understand your question....but I'll try to answer it. In w2k you create an AD-I zone for _MSDCS.<ForestRootDomain>.<tld> on the DCs/DNS servers of the forest root domain. On DNS servers (not specificly DCs) in the other domains you create a secondary DNS zone for the zone _MSDCS.<ForestRootDomain>.<tld>. Is this the answer you were looking for? Cheers #JORGE#
________________________________ From: [EMAIL PROTECTED] on behalf of Kern, Tom Sent: Fri 7/29/2005 5:28 PM To: [email protected] Subject: RE: [ActiveDir] _gc and _ldap SRV records Whats the difference or adverse affects of just making a secondary copy of the root domain zone on every dns server in a multi domain forest as that zone contains the _MSDC.<forestrootdomaim> zone instead of partitioning just the _MSDC.... zone? Also, how do you do that in win2k because windows dns doesn't seem to treat _MSDC as a "real" zone file or domain but like a subfolder? Thanks -----Original Message----- From: Almeida Pinto, Jorge de [mailto:[EMAIL PROTECTED] Behalf Of Almeida Pinto, Jorge de Sent: Friday, July 29, 2005 10:13 AM To: [email protected] Subject: RE: [ActiveDir] _gc and _ldap SRV records creating a separate zone for _MSDCS.<ForestRootDomain>.<tld> is especially interesting in multiple domain forests. In single domain forests it is not needed as all DCs in the domain with DNS already get the info through the zone <ForestRootDomain>.<tld>. Although not needed I always configure a separate zone for _MSDCS.<ForestRootDomain>.<tld> if someone for some reason wants to create an additional domain in the forest #JORGE# ________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Fri 7/29/2005 3:19 PM To: [email protected] Subject: RE: [ActiveDir] _gc and _ldap SRV records So reading this... am I correct in this interpretation? I should remove the _msdcs domain from xyz.root and instead create a new zone called _msdcs, cycle netlogon to force registration of records? :m:dsm:cci:mvp ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Thursday, July 28, 2005 3:09 PM To: [email protected] Subject: RE: [ActiveDir] _gc and _ldap SRV records Each DNS zone representing an AD domain has a _MSDCS DNS subdomain. All DCs register belonging to a certain domain register their DNS domain wide records in their own _MSDCS DNS subdomain. However each DC and GC also register forest wide records (e.g. CNAME and _GC, etc). It is a best practice to create a separate DNS zone for _MSDCS.<ForestRootDomain>.<tld>. In W2K3 it is also a best-practice to set the replication scope for that zone to all DCs with DNS in the forest. In W2K this is not possible so in the forest root domain make the zone AD-I and for the DNS servers in the other domains in the forest create a secondary zone of this zone. And yes, assuming replication is complete all the records in the _MSDCS.<ForestRootDomain>.<tld> zone should be on each DNS server that hosts this zone Cheers #JORGE# ________________________________ From: [EMAIL PROTECTED] on behalf of Creamer, Mark Sent: Thu 7/28/2005 8:52 PM To: [email protected] Subject: [ActiveDir] _gc and _ldap SRV records A question about DNS SRV records for my DCs and Global Catalog servers...should every AD-integrated DNS server in my entire forest have _gc and _ldap records for every GC and DC in the forest? It looks like the records listed vary from one domain to another in my DNS, and I wonder if they should all have the same records regardless of the forest domain the DNS server is in Thanks, Mark This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<inline: winmail.dat>>
