Migrating from NT to 2003 Server, AD/Routing questions

dp

Distinguished
Mar 31, 2004
108
0
18,680
Archived from groups: microsoft.public.win2000.setup (More info?)

Hi. I'm trying to convert our organization from using Windows NT as it's
primary domain controller, to using a nifty new Windows 2003 server box I
bought from Dell. I already had the rest of the network setup, running
pretty good. Others servers were (and still are used) for internet gateway,
file services (smb via Linux), and dialup services. What I'm having a
little trouble with is conceptually what to call our tree- or forest, or
whatever. Let's take the example of XYZ Cooling. We already have our web
site, xyzcooling.com, and it exists somewhere out on the internet hosted by
someone or other. Our mail services are handled by that same company. We
do have a static IP here at our site which is attached to our DSL and
internet gateway, however I've never really wanted to take on the burden of
dishing up email and web services. Also, I don't like the idea of
publishing our static ip for fear of some new sort of pingflood or whatever
they've come up with now.

When I go to name the AD server, say I'll call it XYZcooling, as the domain
name. Then, it seems to want a suffix - TLD? We tried .com, but then this
seems to create some confusion. If a user on my side of the firewall tries
to resolve xyxcooling.com, it determines that it's already defined in-house,
and won't go to our external web page. The consultant I am using thought it
would be appropriate to just change the TLD to '.prv', and that would solve
the problem.

Is this a proper way to solve this issue? I'm given to understand that
somehow or other, through routing tables or something, in the end it would
look something like this:

xyzcooling.com - resolves to the web server on the network. 132.222.222.121
or whatever..
xyz0000.xyzcooling.com - would be the AD controller.. (10.0.3.10 our
internal network)
xyzNT01.xyzcooling.com - would be the old NT PDC (10.0.3.1 our internal
network)
xyzRH02.xyzcooling.com - would be the beginning of my Linux Redhat boxes...
Internet gateway (10.0.3.5)
.
.
.
etc...

In this scenario, the AD controller would be setup to do name resolution,
not the Linux gateway as it's setup right now. This way, I could tell the
AD controller to intercede if it gets an address like
xyzrh05.xyzcooling.com. This way, I never have to mess with the DNS record
for the internet.

Is this how I go about doing this? Is this reasonable? Perhaps to cut down
on network traffic being passed through the switch, gateway through
10.0.3.10, and 10.0.3.5, should I setup some sort of cable connection
between the AD controller and the internet gateway? I _don't_ feel
comfortable plugging my DSL modem into ws2003 and having it do the firewall.

At some point I'd like to somehow replace 10.0.3.1 and use that as the
address as the new AD controller. Is this necessary? I always liked having
the root be 1.

Finally, If I'm terribly mistaken on how this whole thing ought to be
setup, if there is some magic wizard that makes this whole thing work
perfectly the first time, let me know. I've fiddled around with the
Configure your Server Wizard, but I'm still confused. I never find these
Microsoft Migration wizards are all they're cracked up to be anyway.

Thanks,

-BrianDP
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.setup (More info?)

Call it xyzcooling.local. That will make all your headaches go away. Do not
make it the same as any real Internet domains. Have a look at the following
articles.

http://support.microsoft.com/default.aspx?scid=kb;en-us;254680


http://support.microsoft.com/default.aspx?scid=kb;en-us;285983
--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"dp" <nobody@mrspam.com> wrote in message
news:pMDGc.25192$6e7.22076@nwrddc03.gnilink.net...
> Hi. I'm trying to convert our organization from using Windows NT as it's
> primary domain controller, to using a nifty new Windows 2003 server box I
> bought from Dell. I already had the rest of the network setup, running
> pretty good. Others servers were (and still are used) for internet
gateway,
> file services (smb via Linux), and dialup services. What I'm having a
> little trouble with is conceptually what to call our tree- or forest, or
> whatever. Let's take the example of XYZ Cooling. We already have our web
> site, xyzcooling.com, and it exists somewhere out on the internet hosted
by
> someone or other. Our mail services are handled by that same company. We
> do have a static IP here at our site which is attached to our DSL and
> internet gateway, however I've never really wanted to take on the burden
of
> dishing up email and web services. Also, I don't like the idea of
> publishing our static ip for fear of some new sort of pingflood or
whatever
> they've come up with now.
>
> When I go to name the AD server, say I'll call it XYZcooling, as the
domain
> name. Then, it seems to want a suffix - TLD? We tried .com, but then
this
> seems to create some confusion. If a user on my side of the firewall
tries
> to resolve xyxcooling.com, it determines that it's already defined
in-house,
> and won't go to our external web page. The consultant I am using thought
it
> would be appropriate to just change the TLD to '.prv', and that would
solve
> the problem.
>
> Is this a proper way to solve this issue? I'm given to understand that
> somehow or other, through routing tables or something, in the end it would
> look something like this:
>
> xyzcooling.com - resolves to the web server on the network.
132.222.222.121
> or whatever..
> xyz0000.xyzcooling.com - would be the AD controller.. (10.0.3.10 our
> internal network)
> xyzNT01.xyzcooling.com - would be the old NT PDC (10.0.3.1 our internal
> network)
> xyzRH02.xyzcooling.com - would be the beginning of my Linux Redhat
boxes...
> Internet gateway (10.0.3.5)
> .
> .
> .
> etc...
>
> In this scenario, the AD controller would be setup to do name resolution,
> not the Linux gateway as it's setup right now. This way, I could tell the
> AD controller to intercede if it gets an address like
> xyzrh05.xyzcooling.com. This way, I never have to mess with the DNS
record
> for the internet.
>
> Is this how I go about doing this? Is this reasonable? Perhaps to cut
down
> on network traffic being passed through the switch, gateway through
> 10.0.3.10, and 10.0.3.5, should I setup some sort of cable connection
> between the AD controller and the internet gateway? I _don't_ feel
> comfortable plugging my DSL modem into ws2003 and having it do the
firewall.
>
> At some point I'd like to somehow replace 10.0.3.1 and use that as the
> address as the new AD controller. Is this necessary? I always liked
having
> the root be 1.
>
> Finally, If I'm terribly mistaken on how this whole thing ought to be
> setup, if there is some magic wizard that makes this whole thing work
> perfectly the first time, let me know. I've fiddled around with the
> Configure your Server Wizard, but I'm still confused. I never find these
> Microsoft Migration wizards are all they're cracked up to be anyway.
>
> Thanks,
>
> -BrianDP
>
>
>
>
>