1)
Okie.. so I can mark that part of DNS as *** Reserved for future use *** :-)
In fact I also use ATSN.exe to find the IP-->siteinfo and move computer accounts from "Default Computer " container to OUs allocated for sites or even specific subnets.
2)
I was hoping for registry or netlogon.dns entries, If scripts is what left, then,
I have found a sample _vbscript_ script for registering records in DNS at Robbie Allen's site...
OR
I think support tool dnscmd.exe will also help,
Dnscmd server_name /RecordAdd zone_name computer_name A IP_address
--
Kamlesh
On 1/1/06, joe <[EMAIL PROTECTED]> wrote:
1. There might be 0, 10, or 1000 apps out there doing this now. The structure is there for them to register records and look things up. I don't think the site based mentality has taken off as completely as it can yet though. I do expect that to change though because it makes a ton of sense. Mostly it is probably just done with DCs at the moment because MS offers a nice wasy API for finding DCs in that structure. If they offered an API to find any service where you plug in the prefix you are looking for coupled with easy registration of those records, it would probably be start being used more. A lot of MS based programmers are lazy. They look for the easiest way to code the stuff versus the best way to code the stuff. This is no surprise since a vast majority of Windows programmers came from the VB world. VB didn't train you to do things well, it trained you to do find the easiest way. If people weren't looking for the easiest way, it is doubtful they would have gone to VB in the first place.As an aside, I know of folks who have used the site/subnet objects in AD to map out Web Site usage. The IPs were mapped via the IP to site via my ATSN tool which calls an MS API for the translation. That was the hardest part. The rest is simple perl scanning of web service logs (not blogs) and scooping out the pages and the IP accessing the site. That isn't using DNS directly, but is leveraging the AD site info for the purposes of good.2. Nope, unfortunately not more customizable directly. However, these simply DNS entries. There is nothing stopping you from taking a script and registering your own records as you see fit. Just go find a copy of nsupdate and script it with perl and register whatever the heck you want to register either based on a list you generate or some logic that perl can follow. You could set up just about anything you would like to set up.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Kamlesh Parmar
Sent: Saturday, December 31, 2005 7:57 AM
To: [email protected]
Subject: Re: [ActiveDir] DNS SRV records
1)AFAIK, Site is a active directory specific concept, and AD is Directory (LDAP), Authentication server (Kerberos) etc. These services are published by AD in DNS thru SRV records in _sites._msdcs for each site and it covers them all... (LDAP,DC,GC,Kerberos,Kpassword)so I was curious what applications would actually just read sitename from AD and look for a service not offered by DC in that site? AD based distributed applications (other than exchange) ?2)
DNS priorities, I know by default, its only possible per DC basis thru registry.I was hoping it was more customizable, even if it was not officially documented.Basically we do have hub and spoke stuff. We have central hub and then at its spokes regional hubs and at their spoke individual remote sites. (This is highly simplified, as there are load balancing links across regions, away from central hub, so I would say its a mash between center and regional sites and than hub and spokes at region and remote sites)Now, in case of DC failure at remote site, clients would go to any regional or Central hub DC, and not necessarily its nearest regional hub DC.With priority only per DC basis, I would have to create mess of priorities to achieve what I want. And it would be complex.One solution I thought was to publish regional hub DCs in their spoke DCs with lower priorityThis would surely give me some control, on where remote sites go for authentication. But this would not help cover DC failure at region level.Basically, I want to totally control the list of DCs referred to clients at each site and in what order they are referred. So, per DC per Site priority setting would have been ideal.I am open to other possible solutions.--KamleshOn 12/31/05, Almeida Pinto, Jorge de < [EMAIL PROTECTED]> wrote:"_sites.dc._msdcs.DNSDomainName" is for locating a DC (hence the _msdcs) that hosts a certain service in a certain site
"_sites.DnsDomainName" is for locating a SERVER (does not need to be a DC) that hosts a certain service in a certain site
for more info on service resource records see:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url="">
DNS priorities are on a per DC basis, and not on a per DC per site basis.
It is not possible to configure a different priority for the same DC covering another site.
Why do you want to do that?
if clients cannot find a DC in a site by querying for _ldap._tcp.SiteName._sites.DnsDomainName
the client will search for a DC in the domain by querying for _ldap._tcp.dc._msdcs.DnsDomainName
If you have a hub-and-spoke site topology it is OK to configure all spoke DCs (branches) NOT to register domain wide DC locator records and only let HUB DCs register those records
Jorge
________________________________
From: [EMAIL PROTECTED] on behalf of Kamlesh Parmar
Sent: Fri 2005-12-30 22:42
To: [email protected]
Subject: [ActiveDir] DNS SRV records
>From my limited knowledge of how AD uses SRV records, I have two queries.
1)
Why we need separate _sites.DnsDomainName child domain when we have
_sites.dc._msdcs.DNSDomainName child domain populated?
And I guess that only later is used by clients to find the site specific DC for authentication.
Which other applications would need site specific but generic SRV records (former ones) ??
2)
How to publish DC1 in site1 into remote site site2 with different priority than its own site site1?
i.e.
DC1 site1 priority=0
DC1 site2 priority=10
DC2 site1 priority=10
DC2 site2 priority=0
By the way,
Happy New Year to you all.
--
Kamlesh
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Be the change you want to see in the World"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
