With (contional) forwarding you specify the DNS zone and the IP address of the DNS server that hosts the zone. When a client queries for "_ldap._tcp.pdc._ms-dcs.<DNSDomainName>" and the DNS server of the client does not host a DNS zone "<DNSDomainName>" the DNS server itself queries its forwarders (recursively = default or iterativelty) to see if they know the answer. If a positive answer exists it is returned to the client.
If I understand correctly what you ask you need to disable recursion on the DNS server so that the clients performs an iterative query.
 
What are you trying to gain? less network traffic, more direct answers? Still trying to understand why/what? Can you explain more?
 
More info on iterative and recursive queries:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/0bcd97e6-b75d-48ce-83ca-bf470573ebdc.mspx
http://www.computerperformance.co.uk/w2k3/services/DNS_Query.htm
http://media.pearsoncmg.com/aw/aw_kurose_network_2/applets/dns/dns.html
 
Cheers,
jorge


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Fraser
Sent: Friday, October 21, 2005 13:32
To: [email protected]
Subject: [ActiveDir] Conditional Forwarding for SRV's

I have a query - is it possible for a client to get a referral using conditional forwarding for an SRV at start up? I ask this because I have a site with a large amount of UNIX DNS servers. If I specify (for example)  _ldap._tcp.pdc._ms-dcs.<DNSDomainName>  as the zone, would this work?
 
I think this is a definite no go, but I need to prove this to some technical guys. Sorry I can't test this at this point in time.
 
Many Thanks
 
Ian Fraser
 
 

"Salandra, Justin A." <[EMAIL PROTECTED]> wrote:

I am concerned about the local PC’s not the Servers

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Thursday, October 13, 2005 11:51 AM
To: [email protected]
Subject: RE: [ActiveDir] Adding users to local Admin group

 

One of the processes we use for servers is to create a global security group in AD that identifies accounts to be used for administering a particular computer, say “ServerName_admins”.  That group is then added to the local “ServerName\administrators” group.

 

hth,

Mike Thommes

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jake Stabl
Sent: Thursday, October 13, 2005 9:16 AM
To: [email protected]; [EMAIL PROTECTED]; [email protected]
Subject: [ActiveDir] Adding users to local Admin group

 

I am using Active Directory and I need to know how to add certain people to the local admin group only on certain computers.  I know I can do this under restricted groups but that makes thoses users local admin on all machines they log into.  Specificly I have a cisco class I need to give admin rights to but only on those computers they use.  Any one have a suggestion?

--
Jacob Stabl
<Network Engineer
Plain Local School District
http://www.plainlocal.org
Office:      330.492.3500
Cell :        330.704.1278
IP Phone: 4466


To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre.

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

Reply via email to