upgrade to win2000 adv server and DNS

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Hi all!
Dear Kevin and Ace,

I have three questions.
I have a Win NT 4.0 PDC and BDC.

I am going to ugrade to Win2kadv server but I am aprehensive about a couple
things.
I'm having trouble defining the right questions.

You and Ace mentioned that the Win2kadv server uses the tcpip DNS tab Host
and domain
fields as the basis for its DNS name. Mine are currently not the same as the
internal names.
they are "made up" and I want it the same way as I have it, is this
possible?

You and/or Ace said that I need a fully qualified domain name with
a suffix such as .net or .org or I will have trouble with DNS hierarchy.
I do not run this way now, it works great as is, I never had a problem in 5
years
using WinNT DNS, I would prefer to keep what I have, can I do it?

I want to upgrade WinNT to Win2kadv, totally replacing the old os
on the same box and have no difference. will my clients still be able
to be domain authenticateded with thier same accounts to the new
installation?
This wont change anything (about logging in or thier accounts) on the
clients will it?
For instance...one time, I converted one of my clients to a workgroup
membership from
a domain memership. This got it a totally different desktop and account
where nothing was installed. I hope I dont have to go thru that do I ?


here is my setup:

PDC
Win NT 4.0 Server
name jewelntserver
domain jewelconsulting
(jewelntserver.jewelconsulting)

has 2 nics

inside nic:
static Private IP address in 10.0.0.x range

outside nic:
dynamic ip - get from ISP via DHCP . Is not "public" or associated with
a public internet name. changes.

tcpip dns hostname tab: dynamic
tcpip dns domain name tab: ip

protocols:
tcpip, netbios and file and printer sharing run on the inside nic
and only tcpip runs on the outside nic.

BDC
Win NT 4.0 Server
name: littlehal
domain jewelconsulting
(littlehal.jewelconsulting)
2 nics

inside nic: static Private IP 10.0.0.x range
outside nic: dhcp dynamic IP
tcpip dns hostname tab: dynamic2
tcpip dns domain tab: ip

protocols: same way as jewelntserver.

All my clients are win2000 the same way, 2 nics.
same way with protocols.

They authenticate to the PDC.

All inside nics goto a shared hub
All outside nics goto a different shared hub.
The outside hub is connected to the internet.

I have extensive file rights specified (acl's) on all drives/folders/files
in my systems.
services such as runas, remote registry, remote desktop etc are permanently
disabled.


from any machine in the domain I can ping the following:
jewelntserver
jewelntserver.jewelconsulting
jewelconsulting
(these all result in the same internal private ip for jewelntserver at
10.0.0.x)

on jewelntserver If I ping dynamic.ip I get ITS outside dynamically assigned
address (today).
on littlehal if I ping dynamic2.ip I get ITS outside dynamic ip address
(today).

There is no web server, no public ip, no need to vpn, no other location
etc. This is simply
a multihomed domain runing PDC/BDC and DNS only on the inside and that is
all.

I have the DNS files if you need them.

Thank you,

--
James W. Long
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:Bq6dnePJ9Mil-k7dRVn-jw@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
mine
> Hi all!
> Dear Kevin and Ace,
>
> I have three questions.
> I have a Win NT 4.0 PDC and BDC.
>
> I am going to ugrade to Win2kadv server but I am aprehensive about a
> couple things.
> I'm having trouble defining the right questions.
>
> You and Ace mentioned that the Win2kadv server uses the tcpip DNS
> tab Host and domain
> fields as the basis for its DNS name. Mine are currently not the same
> as the internal names.
> they are "made up" and I want it the same way as I have it, is this
> possible?
>
> You and/or Ace said that I need a fully qualified domain name with
> a suffix such as .net or .org or I will have trouble with DNS
> hierarchy.
> I do not run this way now, it works great as is, I never had a
> problem in 5 years
> using WinNT DNS, I would prefer to keep what I have, can I do it?
>
> I want to upgrade WinNT to Win2kadv, totally replacing the old os
> on the same box and have no difference. will my clients still be able
> to be domain authenticateded with thier same accounts to the new
> installation?
> This wont change anything (about logging in or thier accounts) on the
> clients will it?
> For instance...one time, I converted one of my clients to a workgroup
> membership from
> a domain memership. This got it a totally different desktop and
> account where nothing was installed. I hope I dont have to go thru
> that do I ?
>
>
> here is my setup:
>
> PDC
> Win NT 4.0 Server
> name jewelntserver
> domain jewelconsulting
> (jewelntserver.jewelconsulting)
>
> has 2 nics
>
> inside nic:
> static Private IP address in 10.0.0.x range
>
> outside nic:
> dynamic ip - get from ISP via DHCP . Is not "public" or associated
> with
> a public internet name. changes.
>
> tcpip dns hostname tab: dynamic
> tcpip dns domain name tab: ip
>
> protocols:
> tcpip, netbios and file and printer sharing run on the inside nic
> and only tcpip runs on the outside nic.
>
> BDC
> Win NT 4.0 Server
> name: littlehal
> domain jewelconsulting
> (littlehal.jewelconsulting)
> 2 nics
>
> inside nic: static Private IP 10.0.0.x range
> outside nic: dhcp dynamic IP
> tcpip dns hostname tab: dynamic2
> tcpip dns domain tab: ip
>
> protocols: same way as jewelntserver.
>
> All my clients are win2000 the same way, 2 nics.
> same way with protocols.
>
> They authenticate to the PDC.
>
> All inside nics goto a shared hub
> All outside nics goto a different shared hub.
> The outside hub is connected to the internet.
>
> I have extensive file rights specified (acl's) on all
> drives/folders/files in my systems.
> services such as runas, remote registry, remote desktop etc are
> permanently disabled.
>
>
> from any machine in the domain I can ping the following:
> jewelntserver
> jewelntserver.jewelconsulting
> jewelconsulting
> (these all result in the same internal private ip for jewelntserver at
> 10.0.0.x)
>
> on jewelntserver If I ping dynamic.ip I get ITS outside dynamically
> assigned address (today).
> on littlehal if I ping dynamic2.ip I get ITS outside dynamic ip
> address (today).
>
> There is no web server, no public ip, no need to vpn, no other
> location etc. This is simply
> a multihomed domain runing PDC/BDC and DNS only on the inside and
> that is all.
>
> I have the DNS files if you need them.
>
> Thank you,


HI John,

I remember something about the binding order in your mutlihomed machines.
But I'll tell you this much. DO NOT USE A SINGLE LABEL NAME. If you do, go
right ahead, and we;ll definitely be hearing from you again with all the
problems that you WILL be getting from choosing that name.

Now, let;s sit back and have a beer and discuss this.

NT4 is a different animal. Now we're talking W2k and W2k3, which uses AD for
it;s directory services which is TOTALLY based on DNS. DNS is a hierarchal
structure. A single label name does not follow any sort of hierarchy,
therefore, DNS will fail, therefore AD will fail. With me so far?

Here's some reading on it:
Clients cannot dynamically register DNS records in a single-label forward
lookup zone:
http://support.microsoft.com/?kbid=826743

251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
Option {more than likely due to single label name]:
http://support.microsoft.com/default.aspx?scid=kb;en-us;251384

DNS Domain Name System and Domain Name Service Protocol (RFC 1034 2535):
http://www.javvin.com/protocolDNS.html

Also, with all due respect, please do not mutlihome all your machines. You
are creating an administrative nightmare when it comes to AD, if you don't
already have one. All you need is one machine mutlihomed (preferably NOT a
DC or a server running a service such as Exchange, SQL, etc). Or better yet,
get yourself a $50.00 Linksys router that will work like a charm. They have
one with a firewall version for about $70.00. Otherwise, with your current
config, I;m putting my paycheck on this that you will definitely have
serious problems.

Please, take my word of advise and strip the extra NICs. I'm no trying to be
facetious, just pointing out the facts, and I've seen config issues that
will blow your mind. This seems like it may turn into one if you keep this
config due to DNS registration with your AD data. Removing the extra NICs
will eliminate these config issues and also security issues since they are
directly on the Internet.

And don't forget, with AD you must only use your own internal DNS ONLY. YOu
cannot use your ISP's address, no matter what your ISP will tell you or
expect addition administrative issues, complaints and generally
malfunctioning AD services. My paycheck is on this too.

Hope that helps. If you need any AD design links and upgrade or migration
links, let me know.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:Bq6dnePJ9Mil-k7dRVn-jw@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted a question
Then Kevin replied below:
> Hi all!
> Dear Kevin and Ace,
>
> I have three questions.
> I have a Win NT 4.0 PDC and BDC.
>
> I am going to ugrade to Win2kadv server but I am aprehensive about a
> couple things.
> I'm having trouble defining the right questions.
>
> You and Ace mentioned that the Win2kadv server uses the tcpip DNS
> tab Host and domain
> fields as the basis for its DNS name. Mine are currently not the same
> as the internal names.
> they are "made up" and I want it the same way as I have it, is this
> possible?
>
> You and/or Ace said that I need a fully qualified domain name with
> a suffix such as .net or .org or I will have trouble with DNS
> hierarchy.

Yes you will need to add a Top Level Domain name, it can be .net, .org, or
even .local. It does not need to be a registered domain name, you can choose
any TLD you want.


> I do not run this way now, it works great as is, I never had a
> problem in 5 years
> using WinNT DNS, I would prefer to keep what I have, can I do it?

That is because NT4 does not use DNS for network connectivity or domain
authentication. You can use the same NetBIOS name, but you should use DNS
compatible name. If you use a single-label DNS name, it will cause you many
problems, some of which there is no fix for.




> I want to upgrade WinNT to Win2kadv, totally replacing the old os
> on the same box and have no difference. will my clients still be able
> to be domain authenticateded with thier same accounts to the new
> installation?

Once you upgrade the NT4 to Win2k, if you do not have an NT4 BDC the NT4
domain will no longer exist. The NT4 domain accounts are converted to local
accounts on the Win2k server. Then you must DCPROMO the Win2k to create the
new Active Directory domain, which converts the now local accounts to Active
Directory domain accounts.
When you run DCPROMO you can then choose the NetBIOS name of the AD Domain
and the DNS name of the AD domain. You can use the same NetBIOS name that
you have now, this is the name that will appear in Network Places. The DNS
name should be DNS compatible with a multi-labeled name such as
"jewelconsulting.local"

> This wont change anything (about logging in or thier accounts) on the
> clients will it?

IIRC when I upgraded from NT4 to Winn2k, users kept the same profiles and
desktops.

> For instance...one time, I converted one of my clients to a workgroup
> membership from
> a domain memership. This got it a totally different desktop and
> account where nothing was installed. I hope I dont have to go thru
> that do I ?

Like I said it was a few years ago since I upgraded my domain, but I think
it migrated the accounts properly, at least it did on my Win2k clients which
by the time I upgraded my server, that is all I had.


I don't know the TCP/IP settings you have on your clients, but once you
upgrade your domain _all_ NICs on _all_ clients must use the local DNS
address. Do _not_ use your ISP's DNS or any other DNS on any NIC in any
position on any domain member, period. This includes the External NIC you
have on all your clients. The clients are not required to register in DNS
and you certainly don't want you clients registering the external Addresses
in DNS, but the DNS on the external NIC must be the internal DNS.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Dear Ace,

Here's an after-thought but it did catch me once.

k, I forgot to mention the way I'll work the multihomed problem,
I already tried this experimentally on a different box,

But essentially,
I'll remove the outside card before I upgrade,
so it only sees the inside domain.
Do the upgrade. Lie and say no internet.
after THATS working (with DNS),
THEN re-add the second (the outside) card
and let the Internet Connection Wizard set the new
connection up.
presto. basically.

It is nothing less than a mid sized nightmare
to install with 2 cards intact in the first place, agreed,
because you have to jump thru hoops with ICW
and disabling/reenabling cards until windows figgures
out which card is for what. Add AD on top of that
and forget it, bye bye. You gotta take out AD and
start over. forget that. been there done that.


James W. Long.



"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:elZdbjbVEHA.1888@TK2MSFTNGP11.phx.gbl...
> In news:Bq6dnePJ9Mil-k7dRVn-jw@wideopenwest.com,
> James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
> mine
> > Hi all!
> > Dear Kevin and Ace,
> >
> > I have three questions.
> > I have a Win NT 4.0 PDC and BDC.
> >
> > I am going to ugrade to Win2kadv server but I am aprehensive about a
> > couple things.
> > I'm having trouble defining the right questions.
> >
> > You and Ace mentioned that the Win2kadv server uses the tcpip DNS
> > tab Host and domain
> > fields as the basis for its DNS name. Mine are currently not the same
> > as the internal names.
> > they are "made up" and I want it the same way as I have it, is this
> > possible?
> >
> > You and/or Ace said that I need a fully qualified domain name with
> > a suffix such as .net or .org or I will have trouble with DNS
> > hierarchy.
> > I do not run this way now, it works great as is, I never had a
> > problem in 5 years
> > using WinNT DNS, I would prefer to keep what I have, can I do it?
> >
> > I want to upgrade WinNT to Win2kadv, totally replacing the old os
> > on the same box and have no difference. will my clients still be able
> > to be domain authenticateded with thier same accounts to the new
> > installation?
> > This wont change anything (about logging in or thier accounts) on the
> > clients will it?
> > For instance...one time, I converted one of my clients to a workgroup
> > membership from
> > a domain memership. This got it a totally different desktop and
> > account where nothing was installed. I hope I dont have to go thru
> > that do I ?
> >
> >
> > here is my setup:
> >
> > PDC
> > Win NT 4.0 Server
> > name jewelntserver
> > domain jewelconsulting
> > (jewelntserver.jewelconsulting)
> >
> > has 2 nics
> >
> > inside nic:
> > static Private IP address in 10.0.0.x range
> >
> > outside nic:
> > dynamic ip - get from ISP via DHCP . Is not "public" or associated
> > with
> > a public internet name. changes.
> >
> > tcpip dns hostname tab: dynamic
> > tcpip dns domain name tab: ip
> >
> > protocols:
> > tcpip, netbios and file and printer sharing run on the inside nic
> > and only tcpip runs on the outside nic.
> >
> > BDC
> > Win NT 4.0 Server
> > name: littlehal
> > domain jewelconsulting
> > (littlehal.jewelconsulting)
> > 2 nics
> >
> > inside nic: static Private IP 10.0.0.x range
> > outside nic: dhcp dynamic IP
> > tcpip dns hostname tab: dynamic2
> > tcpip dns domain tab: ip
> >
> > protocols: same way as jewelntserver.
> >
> > All my clients are win2000 the same way, 2 nics.
> > same way with protocols.
> >
> > They authenticate to the PDC.
> >
> > All inside nics goto a shared hub
> > All outside nics goto a different shared hub.
> > The outside hub is connected to the internet.
> >
> > I have extensive file rights specified (acl's) on all
> > drives/folders/files in my systems.
> > services such as runas, remote registry, remote desktop etc are
> > permanently disabled.
> >
> >
> > from any machine in the domain I can ping the following:
> > jewelntserver
> > jewelntserver.jewelconsulting
> > jewelconsulting
> > (these all result in the same internal private ip for jewelntserver at
> > 10.0.0.x)
> >
> > on jewelntserver If I ping dynamic.ip I get ITS outside dynamically
> > assigned address (today).
> > on littlehal if I ping dynamic2.ip I get ITS outside dynamic ip
> > address (today).
> >
> > There is no web server, no public ip, no need to vpn, no other
> > location etc. This is simply
> > a multihomed domain runing PDC/BDC and DNS only on the inside and
> > that is all.
> >
> > I have the DNS files if you need them.
> >
> > Thank you,
>
>
> HI John,
>
> I remember something about the binding order in your mutlihomed machines.
> But I'll tell you this much. DO NOT USE A SINGLE LABEL NAME. If you do, go
> right ahead, and we;ll definitely be hearing from you again with all the
> problems that you WILL be getting from choosing that name.
>
> Now, let;s sit back and have a beer and discuss this.
>
> NT4 is a different animal. Now we're talking W2k and W2k3, which uses AD
for
> it;s directory services which is TOTALLY based on DNS. DNS is a hierarchal
> structure. A single label name does not follow any sort of hierarchy,
> therefore, DNS will fail, therefore AD will fail. With me so far?
>
> Here's some reading on it:
> Clients cannot dynamically register DNS records in a single-label forward
> lookup zone:
> http://support.microsoft.com/?kbid=826743
>
> 251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
> Option {more than likely due to single label name]:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;251384
>
> DNS Domain Name System and Domain Name Service Protocol (RFC 1034 2535):
> http://www.javvin.com/protocolDNS.html
>
> Also, with all due respect, please do not mutlihome all your machines. You
> are creating an administrative nightmare when it comes to AD, if you don't
> already have one. All you need is one machine mutlihomed (preferably NOT a
> DC or a server running a service such as Exchange, SQL, etc). Or better
yet,
> get yourself a $50.00 Linksys router that will work like a charm. They
have
> one with a firewall version for about $70.00. Otherwise, with your current
> config, I;m putting my paycheck on this that you will definitely have
> serious problems.
>
> Please, take my word of advise and strip the extra NICs. I'm no trying to
be
> facetious, just pointing out the facts, and I've seen config issues that
> will blow your mind. This seems like it may turn into one if you keep this
> config due to DNS registration with your AD data. Removing the extra NICs
> will eliminate these config issues and also security issues since they are
> directly on the Internet.
>
> And don't forget, with AD you must only use your own internal DNS ONLY.
YOu
> cannot use your ISP's address, no matter what your ISP will tell you or
> expect addition administrative issues, complaints and generally
> malfunctioning AD services. My paycheck is on this too.
>
> Hope that helps. If you need any AD design links and upgrade or migration
> links, let me know.
>
>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

James, this was from January, 2004

Ace

----- Original Message -----
From: Ace Fekay [MVP]
Newsgroups:
microsoft.public.windows.server.dns,microsoft.public.windows.server.sbs
Sent: Tuesday, January 13, 2004 9:26 PM
Subject: Re: DNS, Single Label Domains and SBS2K3


In news:O1V9ujj2DHA.1704@tk2msftngp13.phx.gbl,
Aaron <1aaron1bav1@eln.net> posted their thoughts, then I offered mine
>
> Firstly, I would HAVE to convince my boss that this is REALLY, REALLY
> necessary.
>
> Just to play devils advocate here for a moment:
>
> My Boss would say: Why re-install? everything is working. The clients
> are registering in local DNS (with registry hacks),
> \\domain\sysvol\domain is accesable and group policies/scripts are
> being applied to the clients,Web browsing /e-mail is working to the
> outside world, VPN is working, Exchange is working, we can access all
> our files, etc. Where is the need?
>
> And I don't have a good argument to counter this, because it is true.
> This is SBS, so there is no need to have access to other AD/DNS
> servers for replication, zone transfers, etc. There are no forest, or
> trees, just SBS. We're not running an external DNS that needs to be
> RFC compliant (we use forwrders to the ISP for external resolution),
> and we still have legacy O.S.'s (95/98 - actually legacy O.S.'s was
> the reason our consultant gave for "maintaining" a single label
> domain - funny thing is those legacy O.S.'s seem to work just fine on
> my SBS testbed at home with "domain.lan" as my domain - go figure
> huh).
>
>
>> There are still alot of registrations errors, I'm afraid you are
>> going to have to rename it if you want it to work like it is
>> supposed to.
>
>
> But things do appear to be working. I need something to point to and
> say :
>
> "see it's SUSPOSED to do this, but because the DNS is BROKEN, it
> ISN'T doing what it should be doing"
>
> What is my SBS not doing that it should be?
>
> I need convincing arguments (as much to convince myself as my boss -
> this would be a really big deal to have to force the company to go
> through this again so soon). I need some TEST to show /prove, that if
> this isn't fixed "X" will be the result, and it ain't pretty if "X"
> happens (i.e. the network will come to a total, screeching, train
> wrecking halt)!
>
>
> I don't like the fact that the domain is semi-broken, but I believe I
> can live with it. I just really need to know what the downside
> is/will be.
>
> Any thoughts/arguments/recommendations greatly appreciated.
>
>
> Aaron
>
>
Aaron,

This has been a real big issue lately. Here's a copy/paste of a recent
thread (just search back on single label name and a whole bunch of them will
turn up). But go ahead and read it, including (way below) a re-post from one
of the MS guys, Alan Wood, with the company's take on it. Excessive queries
to the ISC Root Servers, AD doesn't work correctly, etc etc etc.

The whole thing is basically caused by, with all due respect, from not
properly planning or researching prior to your migration or upgrade .

/begin paste...
=================================
In news:083d01c3d9c6$0ed9e9a0$a601280a@phx.gbl,
Joe <anonymous@discussionsmicrosoft.com> posted their thoughts, then I
offered mine
> How do I rename my domain. I don't know how. I want to
> rename my domain without modifying other configurations
> like active directory.

Well, that's the whole thing. It's all about AD.

Instead of typing it all out again, check this post (below) from a recent
post I made. This is a common problem due to lack of proper pre-installation
planning and research into AD. Sorry to say that, with all due respect.

I hope it helps in understanding what is in front of you.
Begin:
=================================================


continued.....
This is a common problem lately. Many posts on it. Recently (yesterday) I
posted something similar that will apply to you. I copied/pasted it below.

> Yes, The DC is Windows Server 2000 SP4.
> And, yes, the computer in question is the only one having this issue.
> And, no, when I ping our domain I get "Unknown host"
>
> C:\>ping CREDENTALS
> Unknown host CREDENTALS.
>
> I have entered the two registry entries that were suggested in
> http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
> in the DC now, although I have not had a chance to reboot that
> machine yet. Once I do will this fix the "Unknown host CREDENTALS."
> problem as well or could this all be very simply fixed by adding a
> ".com" to my domain?
>
> -Scott Elgram
>

To ping a domain name, it would need the TLD suffix, since it will look
under the zone name for the (same as parent) record. If pinging a single
name, it will treat it as a host and may even suffix it with your Search
Suffix List, which is in your case, baswed on your ipconfig, "CREDENTIALS",
so it may be trying to ping, credentials.credentials.

Ideally, it would be advised to rename the domain, eitehr installing a new
domain in a new forest and migrate the users/groups/and computer accounts to
the new domain with ADMT. The user profiles will be translated to the new
domain user account on their workstations and will be automatically joined
to the new domain for you. This way you won;t have to disjoin/rejoin the
machines in the domain and lose the user profiles. Once that's done, you can
trash the old DC and rebuild it as a new DC in the new existing domain you
created.

Single label domain names are problematic, at best. Certain clients, such as
XP may balk at it and cause additional errors since they have problems
querying single lable name records in DNS.

--
Regards,
Ace



First of all, you can try using
http://support.microsoft.com/?id=300684
for a reg entry to force it to update. Need to do it on your clients too,
but XP won;t work properly. You may still get problems with GPOs applying
since the GetGPOList function onthe client side references the domain FQDN,
such as:
\\domain.com\sysvol\domain.COM\Policies
But when it tries to go to what you have, such as:
\\DOM\etc...
It perceives DOM as a host name, and may not resolve properly.

Here's my other post that may help in resolving this to help rename
it....Read the whole thing so you'll know what's involved.

==========================================
> Ace Fekay,
> If I were to just rename the domain from CREDENTALS to
> CREDENTALS.net and disjoin all the affected workstations from
> CREDENTALS and join it to CREDENTALS.net would it reset the user
> profiles?

First, you can't just rename a domain, unless you're still in mixed mode
with an NT4 BDC still present. If still in mixed mode, you can add an NT4
BDC, trash the W2k DC, promote the NT4 BDC to a PDC, then manually set the
DNS Suffix in TCP/IP properties to the new domain name, credentials.net,
(which would be the name you choose for the AD DNS domain name, but keep the
NetBIOS domain name as CREDENTIALS for backward capatilibity), then upgrade
it to a W2k DC. This way the machines that are still joined will still be
joined to the same domain.

Otherwise if the domain is in Native mode, you'll need to follow the ADMT
method I previously mentioned.

And no about disjoining and rejoining to the new domain with the old
profiles. When you manually rejoin, a new profile is created. You may find
that you can manually force the new profiles to use the old profile one
machine at a time, but I don;t think that's what you want to do. ADMT will
do that for you.

Keep in mind you want to follow DNS naming methods. One thing I noticed is
you're using uppercase. It's not that it won't work, but to keep things
consistent with DNS RFCs (looks good too), name it credentials.net, not
CREDENTIALS.net.

> From what I have read in researching this problem it sure does seem
> that single label domains cause lots of problems and sometimes even
> questionable and/or slow connections. But, likewise, I have also
> read things that lead me to think migrating AD off CREDENTALS and
> over to CREDENTALS.net could possibly cause more problems domain wide
> than just the one machine I have now. If I ever have to set up a new
> domain or rebuild the old one for some reason other than one machine
> I'll defiantly use the appropriate formatting (I wasn't the one who
> set this up anyway, that guy quit ). For now should the 2
> registry entries discussed previously in
> http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1
> fix this problem for the one machine?
>
> -Scott Elgram
>

If the domain is in mixed mode, it will be alot easier for you. If not, the
ADMT will work, but I would read up on it first and test it. I can provide
links if needed. I've migrated quite a few domains and have to say it's the
easier method if the domain is presently in mixed mode. To find the present
mode, rt-click the domain name in ADUC, properties. Look at the bottom of
the general tab.

Also, Kevin has a big point about GPOs and how the GetGPOList function works
when a machine logs on and looks for the GPOs. That reg entry has to be made
system wide....

***************************************
***************************************
Here's a repost by Alan Wood from Microsoft describing the issue and
ramifications and the recommendations to rename it properly. I hope it helps
in understanding the issue at hand.

***************************************
***************************************
----- Original Message -----
From: "Alan Wood" [MSFT]
Newsgroups: microsoft.public.win2000.dns
Sent: Wednesday, January 07, 2004 1:25 PM
Subject: Re: Single label DNS


Hi Roger,
We really would preffer to use FQDN over Single labled. There are
alot of other issues that you can run into when using a Single labeled
domain name with other AD integrated products. Exchange would be a great
example. Also note that the DNR (DNS RESOLVER) was and is designed to
Devolve DNS requests to the LAST 2 names.

Example: Single Labeled domain domainA
then, you add additional domains on the forest.
child1.domainA
Child2.child1.domainA

If a client in the domain Child2 wants to resolve a name in domainA
Example. Host.DomainA and uses the following to connect to a share
\\host then it is not going to resolve. WHY, because the resolver is
first going to query for first for Host.Child2.child1.domainA, then it
next try HOST.Child1.domainA at that point the Devolution process is
DONE. We only go to the LAST 2 Domain Names.

Also note that if you have a single labeled domain name it causes excess
DNS traffic on the ROOT HINTS servers and being all Good Internet Community
users we definitely do not want to do that. NOTE that in Windows 2003,
you get a big Pop UP Error Message when trying to create a single labeled
name telling you DON'T DO IT. It will still allow you to do it, but you
will still be required to make the registry changes, which is really not
fun.

Microsoft is seriously asking you to NOT do this. We will support you but
it the end results could be limiting as an end results depending on the
services you are using.


Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
****************************************

=================================
/end

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23WVt4B%23VEHA.3012@tk2msftngp13.phx.gbl...
> James, inline...
>

Dear Ace:

Thanks for your help, I have been learning alot.

I newly installed an available box with w2kadv with svc pak4 slipped.
first nic is static ip on intranet lan.
created disjointed domain name: bean.
created server name jelly. netbios name jelly.
created an AD DNS DC out of it. (jelly.bean)
then added a second nic card making it multihomed.
the 2nd nic is dhcp, conected via hub to cable modem. (direct).
pointed DNS on the 2nd nic to the ip of jelly.bean.
killed the (.) root domain in DNS.
came up fresh.

I ran this test using network monitor to examine ethernet traffic on the
DHCP enabled 2nd nic which is connected to the internet.
This way I can see what really goes out and what stays in.

1. ipconfig/renew-> causes {reverse-ip.arpa} to go to external DNS.
2. ping jelly-> does not cause DNS to go external to resolve.
3. ping jelly.bean -> does not cause DNS to go external to resolve.
4. ping yahoo.com -> goes to external DNS to resolve.
5. ping microsoft.com -> goes to external dns to resolve.
6. ping bootdisks.com -> goes to external dns to resolve.
7. ping (a different internal client) -> goes to external DNS to resolve
only the first time.


Just so I am totally sure I understand the problem could you
please indicate where the problem is here.
I have read everything you presented.
Thank you
James W. Long
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:F7ydnbYSlZm8z0TdRVn-jA@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
mine
> "Ace Fekay [MVP]"
> <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
> message news:%23WVt4B%23VEHA.3012@tk2msftngp13.phx.gbl...
>> James, inline...
>>
>
> Dear Ace:
>
> Thanks for your help, I have been learning alot.
>
> I newly installed an available box with w2kadv with svc pak4 slipped.
> first nic is static ip on intranet lan.
> created disjointed domain name: bean.
> created server name jelly. netbios name jelly.
> created an AD DNS DC out of it. (jelly.bean)
> then added a second nic card making it multihomed.
> the 2nd nic is dhcp, conected via hub to cable modem. (direct).
> pointed DNS on the 2nd nic to the ip of jelly.bean.
> killed the (.) root domain in DNS.
> came up fresh.
>
> I ran this test using network monitor to examine ethernet traffic on
> the DHCP enabled 2nd nic which is connected to the internet.
> This way I can see what really goes out and what stays in.
>
> 1. ipconfig/renew-> causes {reverse-ip.arpa} to go to external DNS.
> 2. ping jelly-> does not cause DNS to go external to resolve.
> 3. ping jelly.bean -> does not cause DNS to go external to resolve.
> 4. ping yahoo.com -> goes to external DNS to resolve.
> 5. ping microsoft.com -> goes to external dns to resolve.
> 6. ping bootdisks.com -> goes to external dns to resolve.
> 7. ping (a different internal client) -> goes to external DNS to
> resolve only the first time.
>
>
> Just so I am totally sure I understand the problem could you
> please indicate where the problem is here.
> I have read everything you presented.
> Thank you
> James W. Long


Hi James,

Try looking at registration traffic. According to the studies, it's
registration traffic.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

inline....


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eL$YzCRWEHA.2972@TK2MSFTNGP12.phx.gbl...
> In news:F7ydnbYSlZm8z0TdRVn-jA@wideopenwest.com,
> James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
> mine
> > "Ace Fekay [MVP]"
> > <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
> > message news:%23WVt4B%23VEHA.3012@tk2msftngp13.phx.gbl...
> >> James, inline...
> >>
> >
> > Dear Ace:
> >
> > Thanks for your help, I have been learning alot.
> >
> > I newly installed an available box with w2kadv with svc pak4 slipped.
> > first nic is static ip on intranet lan.
> > created disjointed domain name: bean.
> > created server name jelly. netbios name jelly.
> > created an AD DNS DC out of it. (jelly.bean)
> > then added a second nic card making it multihomed.
> > the 2nd nic is dhcp, conected via hub to cable modem. (direct).
> > pointed DNS on the 2nd nic to the ip of jelly.bean.
> > killed the (.) root domain in DNS.
> > came up fresh.
> >
> > I ran this test using network monitor to examine ethernet traffic on
> > the DHCP enabled 2nd nic which is connected to the internet.
> > This way I can see what really goes out and what stays in.
> >
> > 1. ipconfig/renew-> causes {reverse-ip.arpa} to go to external DNS.
> > 2. ping jelly-> does not cause DNS to go external to resolve.
> > 3. ping jelly.bean -> does not cause DNS to go external to resolve.
> > 4. ping yahoo.com -> goes to external DNS to resolve.
> > 5. ping microsoft.com -> goes to external dns to resolve.
> > 6. ping bootdisks.com -> goes to external dns to resolve.
> > 7. ping (a different internal client) -> goes to external DNS to
> > resolve only the first time.
> >
> >
> > Just so I am totally sure I understand the problem could you
> > please indicate where the problem is here.
> > I have read everything you presented.
> > Thank you
> > James W. Long
>
>
> Hi James,
>
> Try looking at registration traffic. According to the studies, it's
> registration traffic.


If I am not wrong and please correct me, step 1 was a dns registration
to my isp. this would also happen normally
(without typing the manual ipconfig/renew command)
during bootup as part of a normal boot sequence to acquire an address
and dns servers ips. yes?






>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:66Gdndyp-pb-7kTdRVn-jg@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
mine
>>
>> Hi James,
>>
>> Try looking at registration traffic. According to the studies, it's
>> registration traffic.
>
>
> If I am not wrong and please correct me, step 1 was a dns registration
> to my isp. this would also happen normally
> (without typing the manual ipconfig/renew command)
> during bootup as part of a normal boot sequence to acquire an address
> and dns servers ips. yes?
>

No, step 1:
>> 1. ipconfig/renew-> causes {reverse-ip.arpa} to go to external DNS.
is just a DHCP renewal request. I'm talking about DNS Dynamic Updates, when
you type in:
ipconfig /registerdns

This also happens automatically with AD when Dynamic Updates occur ever 60
min with W2k AD DCs, and every 24 hours with W2k3 AD DCs.

James, do not forget GPO applications. Remember how the clientside
extensions ferret out the GPOs. This fails with single label names. We've
tried different ways to fake it out with search suffixes, etc, but doesn't
work.

I'm not sure why, but you seem very adamant about keeping the single label
name. Is my assumption correct?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Ace ,inline...

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:u0HiLuWWEHA.2844@TK2MSFTNGP11.phx.gbl...
> In news:66Gdndyp-pb-7kTdRVn-jg@wideopenwest.com,
> James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
> mine
> >>
> >> Hi James,
> >>
> >> Try looking at registration traffic. According to the studies, it's
> >> registration traffic.
> >
> >
> > If I am not wrong and please correct me, step 1 was a dns registration
> > to my isp. this would also happen normally
> > (without typing the manual ipconfig/renew command)
> > during bootup as part of a normal boot sequence to acquire an address
> > and dns servers ips. yes?
> >
>
> No, step 1:
> >> 1. ipconfig/renew-> causes {reverse-ip.arpa} to go to external DNS.
> is just a DHCP renewal request. I'm talking about DNS Dynamic Updates,
when
> you type in:
> ipconfig /registerdns
>
> This also happens automatically with AD when Dynamic Updates occur ever 60
> min with W2k AD DCs, and every 24 hours with W2k3 AD DCs.
>
> James, do not forget GPO applications. Remember how the clientside
> extensions ferret out the GPOs. This fails with single label names. We've
> tried different ways to fake it out with search suffixes, etc, but doesn't
> work.
>

Ok, I'm following, yes I see the difference in pathed accesses.

setting the gpo problem aside for a just a moment....
and understanding that gpos become broken this way,

when dynamic updates are done on the server end, this wouldcause
hklm\system\ccs\services\tcpip\parameters\DNSRegisteredAdapters
to be refreshed/repopulated again? Causing all those DNS queries
for each host to happen again periodically? maybe I have the wrong specific
key. maybe AD has a key similar to this one that maintains its list?

this dynamic update would make available to AD DNS the names
of each host {card} that appeared
in that list, so that DNS would handle them first before netbios?
or at least DNS would know them, regardless of the search order?

could I go to the properties of the forward zones in the dns manager
and turn dynamic updates off and this causes that to not happen anymore?
is that the same thing as we have been talking about all along,
i.e. an ipconfig/registerdns?





I have a question about an odd DNS/netbios behaivor I saw in that last test.
It's about step 7:

7. ping (a different internal client) -> goes to external DNS to resolve,
only the first time. its cached after that.

I pinged hal9000 which is a w2k machine and a member of the
jewelconsulting domain from jelly.bean, a w2kadv DC DNS server.
Both share the same physical ethernet network.
Both are in the same exact 10 subnet. I thought that netbios
should have resolved the name hal9000 before DNS did.

Instead, jelly.bean went all the way thru DNS out to the internet
to attempt to resolve hal9000, before deciding hal9000 is acutally local.

There is something really wrong with that behavior,
netbios should have resolved first, the query should never
go outside to resolve in the first place, how do I fix it?
is it because the two machines are in different domains?




> I'm not sure why, but you seem very adamant about keeping the single label
> name. Is my assumption correct?

for my lan, me, here, Yes. in this case. otherwise I would set it up and/or
upgrade it suffixed.


Thanks,
James W. Long

>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:jtmdndbeLLl2rEfd4p2dnA@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
mine

> Ok, I'm following, yes I see the difference in pathed accesses.
>
> setting the gpo problem aside for a just a moment....
> and understanding that gpos become broken this way,
>
> when dynamic updates are done on the server end, this wouldcause
> hklm\system\ccs\services\tcpip\parameters\DNSRegisteredAdapters
> to be refreshed/repopulated again? Causing all those DNS queries
> for each host to happen again periodically? maybe I have the wrong
> specific key. maybe AD has a key similar to this one that maintains
> its list?

It's actually the Netlogon service key.

>
> this dynamic update would make available to AD DNS the names
> of each host {card} that appeared
> in that list,

Actually it gets the name to register into from the Primary DNS Suffix. If
the suffix is incorrectly spelled or different than the actual AD domain
name, then it;s called a disjointed namespace and it will not register.

> so that DNS would handle them first before netbios?

NetBIOS has NOTHING TO DO WITH AD.


> or at least DNS would know them, regardless of the search order?
>
> could I go to the properties of the forward zones in the dns manager
> and turn dynamic updates off and this causes that to not happen
> anymore?

You're still trying to fight it.....

> is that the same thing as we have been talking about all along,
> i.e. an ipconfig/registerdns?

That command is the manual registration of the host record ONLY. Not the
AD's required SRV records that Netlogon registers, which causes the issue.


>
> I have a question about an odd DNS/netbios behaivor I saw in that
> last test. It's about step 7:
>
> 7. ping (a different internal client) -> goes to external DNS to
> resolve, only the first time. its cached after that.

Sure, that's the way it does it.



> I pinged hal9000 which is a w2k machine and a member of the
> jewelconsulting domain from jelly.bean, a w2kadv DC DNS server.
> Both share the same physical ethernet network.
> Both are in the same exact 10 subnet. I thought that netbios
> should have resolved the name hal9000 before DNS did.


Nope. W2k and newer use the HOSTS method FIRST. Then NetBIOS.



> Instead, jelly.bean went all the way thru DNS out to the internet
> to attempt to resolve hal9000, before deciding hal9000 is acutally
> local.

There you go. There's another example of the single label issue. The DNS
client side resolver will suffix the search suffix to the name in the ping.
If it's a single label name.... (nuf said).

>
> There is something really wrong with that behavior,
> netbios should have resolved first,

NO NO NO. Legacy -> Yes, W2k and newer, NO.


> the query should never
> go outside to resolve in the first place, how do I fix it?
> is it because the two machines are in different domains?


Here's the old:
172218 - Microsoft TCP-IP Host Name Resolution Order:
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b172218

250662 - Description of the TCP-IP Registry Entries in the
MSTCPServiceProvider Subkey:
http://support.microsoft.com/default.aspx?scid=kb;en-us;250662

I wouldn't really suggest to change these. But go for it! You seem to have
the spirit to try new things.


>> I'm not sure why, but you seem very adamant about keeping the single
>> label name. Is my assumption correct?
>
> for my lan, me, here, Yes. in this case. otherwise I would set it up
> and/or upgrade it suffixed.

It's your network!

>
>
> Thanks,
> James W. Long


Cheers!

Ace
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Dear Ace:

Thank you again for your excellent advice.

Ok. to upgrade my nt4 server, I do what? correct me if I miss something.

get all my clients and servers up, the pdc and bdc, the clients.
set the DNS hostname in tcpip properties to jewelntserver on the nt4 pdc
set the DNS domain in tcpip properties to jewelconsulting.org on the nt4 pdc
slap in the w2kadv cd on the nt4 pdc
tell it I want to upgrade right over nt4
it reboots and it installs w2kadv but its not a DC yet.
im a new forest
w2k mode not backwards compliant
set the computer netbios name to jewelntserver.
set the netbios domain name as jewelconsulting
(does this new upgrade take on the same SID?)

I do a dcpromo
questions about DNS server:
do I fix up my dns or does the AD install?
from jewelconsulting domain to jewelconsulting.org
(does it read my old nt4 dns files?)

I'm not keeping my nt4 BDC as a NT4 BDC so I
take that offline when?

Then the clients.
something about ADMT? not sure.


Thanks
James W. Long



"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:uws7xIZWEHA.2520@TK2MSFTNGP12.phx.gbl...
> In news:jtmdndbeLLl2rEfd4p2dnA@wideopenwest.com,
> James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
> mine
>
> > Ok, I'm following, yes I see the difference in pathed accesses.
> >
> > setting the gpo problem aside for a just a moment....
> > and understanding that gpos become broken this way,
> >
> > when dynamic updates are done on the server end, this wouldcause
> > hklm\system\ccs\services\tcpip\parameters\DNSRegisteredAdapters
> > to be refreshed/repopulated again? Causing all those DNS queries
> > for each host to happen again periodically? maybe I have the wrong
> > specific key. maybe AD has a key similar to this one that maintains
> > its list?
>
> It's actually the Netlogon service key.
>
> >
> > this dynamic update would make available to AD DNS the names
> > of each host {card} that appeared
> > in that list,
>
> Actually it gets the name to register into from the Primary DNS Suffix. If
> the suffix is incorrectly spelled or different than the actual AD domain
> name, then it;s called a disjointed namespace and it will not register.
>
> > so that DNS would handle them first before netbios?
>
> NetBIOS has NOTHING TO DO WITH AD.
>
>
> > or at least DNS would know them, regardless of the search order?
> >
> > could I go to the properties of the forward zones in the dns manager
> > and turn dynamic updates off and this causes that to not happen
> > anymore?
>
> You're still trying to fight it.....
>
> > is that the same thing as we have been talking about all along,
> > i.e. an ipconfig/registerdns?
>
> That command is the manual registration of the host record ONLY. Not the
> AD's required SRV records that Netlogon registers, which causes the issue.
>
>
> >
> > I have a question about an odd DNS/netbios behaivor I saw in that
> > last test. It's about step 7:
> >
> > 7. ping (a different internal client) -> goes to external DNS to
> > resolve, only the first time. its cached after that.
>
> Sure, that's the way it does it.
>
>
>
> > I pinged hal9000 which is a w2k machine and a member of the
> > jewelconsulting domain from jelly.bean, a w2kadv DC DNS server.
> > Both share the same physical ethernet network.
> > Both are in the same exact 10 subnet. I thought that netbios
> > should have resolved the name hal9000 before DNS did.
>
>
> Nope. W2k and newer use the HOSTS method FIRST. Then NetBIOS.
>
>
>
> > Instead, jelly.bean went all the way thru DNS out to the internet
> > to attempt to resolve hal9000, before deciding hal9000 is acutally
> > local.
>
> There you go. There's another example of the single label issue. The DNS
> client side resolver will suffix the search suffix to the name in the
ping.
> If it's a single label name.... (nuf said).
>
> >
> > There is something really wrong with that behavior,
> > netbios should have resolved first,
>
> NO NO NO. Legacy -> Yes, W2k and newer, NO.
>
>
> > the query should never
> > go outside to resolve in the first place, how do I fix it?
> > is it because the two machines are in different domains?
>
>
> Here's the old:
> 172218 - Microsoft TCP-IP Host Name Resolution Order:
> http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b172218
>
> 250662 - Description of the TCP-IP Registry Entries in the
> MSTCPServiceProvider Subkey:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;250662
>
> I wouldn't really suggest to change these. But go for it! You seem to have
> the spirit to try new things.
>
>
> >> I'm not sure why, but you seem very adamant about keeping the single
> >> label name. Is my assumption correct?
> >
> > for my lan, me, here, Yes. in this case. otherwise I would set it up
> > and/or upgrade it suffixed.
>
> It's your network!
>
> >
> >
> > Thanks,
> > James W. Long
>
>
> Cheers!
>
> Ace
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:a6KdnbF2fq3IEUfdRVn-hQ@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
mine
> Dear Ace:
>
> Thank you again for your excellent advice.
>
> Ok. to upgrade my nt4 server, I do what? correct me if I miss
> something.
>
> get all my clients and servers up, the pdc and bdc, the clients.
> set the DNS hostname in tcpip properties to jewelntserver on the nt4
> pdc set the DNS domain in tcpip properties to jewelconsulting.org on

Excellent choice!! :)

> the nt4 pdc slap in the w2kadv cd on the nt4 pdc
> tell it I want to upgrade right over nt4
> it reboots and it installs w2kadv but its not a DC yet.

The next step is when dcpromo runs...

> im a new forest
> w2k mode not backwards compliant

Yes, as long as you don't have any more NT4 domain controllers.

> set the computer netbios name to jewelntserver.
> set the netbios domain name as jewelconsulting
> (does this new upgrade take on the same SID?)

Nope, SID remains the same.

>
> I do a dcpromo

Well, if you;re running an upgrade, that's automatic. You can test it (and
actually better to do it this way) by creating a BDC in your domain, takje
your current PDC offline, promote the BDC to the PDC, and upgrade that. If
any problems, just trash the box and start over again.


> questions about DNS server:
> do I fix up my dns or does the AD install?

Dcpromo will upgrade DNS for you if already installed. So set it up now.


> from jewelconsulting domain to jewelconsulting.org
> (does it read my old nt4 dns files?)

No, dcpromo will create a new zone for your new domain. YOu can also do it
before hand. Take the text file, and change the references to the new name,
then create the new zone and tell it to use the new text file.

>
> I'm not keeping my nt4 BDC as a NT4 BDC so I
> take that offline when?

See, if you have this BDC, you need to stay in mixed mode. If everything
works, trash it (unplug it, etc). If in Mixed mode, change it to Native.

>
> Then the clients.
> something about ADMT? not sure.

Not required in an "upgrade".

>
>
> Thanks
> James W. Long
>
>

Cheers!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Dear Ace,


Thanks, need a bit more help, and couple more qustions then I'm ready,


I dont know how to promote a nt bdc to a pdc never did that,
could you point me to that one? Thanks.


if I have IIS4 on the nt4 pdc and I do not even want it present
after the upgrade, I should remove it from NT PDC first I assume?

for test,
I take my NT PDC (jewelntserver) offline then promote the bdc who is named
littlehal,
would I have to reconfig dns on the promoted bdc as the pdcs hostname
(jewelntserver)?
should I dcpromo the promoted bdc's name to the same name as my pdc
(jewelntserver) ?
or just leave it all as littlehal? does this even matter in terms of when I
ultimately
upgrade the REAL bdc or not?


also, I wonder if, just to make things more difficult, when upgrading the
REAL NT4 pdc,
is it possible to rename the PDC during upgrade by changing its netbios/host
name
during dcpromo and get that all that straight in dns tcpip properties and
DNS beforehand?

Ready at last.

Thank You,
James W. long



"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:O6AloxdWEHA.212@TK2MSFTNGP12.phx.gbl...
> In news:a6KdnbF2fq3IEUfdRVn-hQ@wideopenwest.com,
> James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
> mine
> > Dear Ace:
> >
> > Thank you again for your excellent advice.
> >
> > Ok. to upgrade my nt4 server, I do what? correct me if I miss
> > something.
> >
> > get all my clients and servers up, the pdc and bdc, the clients.
> > set the DNS hostname in tcpip properties to jewelntserver on the nt4
> > pdc set the DNS domain in tcpip properties to jewelconsulting.org on
>
> Excellent choice!! :)
>
> > the nt4 pdc slap in the w2kadv cd on the nt4 pdc
> > tell it I want to upgrade right over nt4
> > it reboots and it installs w2kadv but its not a DC yet.
>
> The next step is when dcpromo runs...
>
> > im a new forest
> > w2k mode not backwards compliant
>
> Yes, as long as you don't have any more NT4 domain controllers.
>
> > set the computer netbios name to jewelntserver.
> > set the netbios domain name as jewelconsulting
> > (does this new upgrade take on the same SID?)
>
> Nope, SID remains the same.
>
> >
> > I do a dcpromo
>
> Well, if you;re running an upgrade, that's automatic. You can test it (and
> actually better to do it this way) by creating a BDC in your domain, takje
> your current PDC offline, promote the BDC to the PDC, and upgrade that. If
> any problems, just trash the box and start over again.
>
>
> > questions about DNS server:
> > do I fix up my dns or does the AD install?
>
> Dcpromo will upgrade DNS for you if already installed. So set it up now.
>
>
> > from jewelconsulting domain to jewelconsulting.org
> > (does it read my old nt4 dns files?)
>
> No, dcpromo will create a new zone for your new domain. YOu can also do it
> before hand. Take the text file, and change the references to the new
name,
> then create the new zone and tell it to use the new text file.
>
> >

don't forget to delete the root domain (.)

> > I'm not keeping my nt4 BDC as a NT4 BDC so I
> > take that offline when?
>
> See, if you have this BDC, you need to stay in mixed mode. If everything
> works, trash it (unplug it, etc). If in Mixed mode, change it to Native.
>
> >
> > Then the clients.
> > something about ADMT? not sure.
>
> Not required in an "upgrade".
>
> >
> >
> > Thanks
> > James W. Long
> >
> >
>
> Cheers!
>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:pLadnUBpjKjGv0bdRVn-hQ@wideopenwest.com,
James W. Long <JamesLong@wowway.com> posted their thoughts, then I offered
mine
> Dear Ace,
>
>
> Thanks, need a bit more help, and couple more qustions then I'm ready,
>
>
> I dont know how to promote a nt bdc to a pdc never did that,
> could you point me to that one? Thanks.

It's done thru Server Manager. Make sure the PDC is offline when you do it.


> if I have IIS4 on the nt4 pdc and I do not even want it present
> after the upgrade, I should remove it from NT PDC first I assume?

Yes and no, your call.

>
> for test,
> I take my NT PDC (jewelntserver) offline then promote the bdc who is
> named littlehal,
> would I have to reconfig dns on the promoted bdc as the pdcs hostname
> (jewelntserver)?

Yes.

> should I dcpromo the promoted bdc's name to the same name as my pdc
> (jewelntserver) ?

No, need to use the same computer name. Later you can kill the other
machine, reformat it, name it jewelntserver, and then promote it as an
additional DC in the domain, then demote the original one if you don;t want
it. It's suggested to have a minimum of two DCs in a domain.


> or just leave it all as littlehal? does this even matter in terms of
> when I ultimately
> upgrade the REAL bdc or not?

Nope, no matter.


>
>
> also, I wonder if, just to make things more difficult, when upgrading
> the REAL NT4 pdc,
> is it possible to rename the PDC during upgrade by changing its
> netbios/host name

Nope. Have to settle on a name first.


> during dcpromo and get that all that straight in dns tcpip properties
> and DNS beforehand?

YES.


>
> Ready at last.
>
> Thank You,
> James W. long
>
>

Here's a little reading...
HOW TO: Upgrade a Windows NT 4.0-Based PDC to a Windows 2000-Based Domain
Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;296480



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================