+ Post New Thread
Results 1 to 9 of 9
*nix Thread, Help needed - new 2003 AD DC in a *nix environment in Technical; Hi everyone, First a bit of background I have just taken over management of a network that has an SME ...
  1. #1
    thom's Avatar
    Join Date
    Jul 2005
    Location
    Bedford, East Anglia, UK
    Posts
    242
    Thank Post
    4
    Thanked 6 Times in 5 Posts
    Rep Power
    19

    Question Help needed - new 2003 AD DC in a *nix environment

    Hi everyone,
    First a bit of background
    • I have just taken over management of a network that has an SME (E-Smith) box as it's DC.
    • This is failing and they bought a Windows 2003 box to replace it.
    • I have set up loads of AD domains before but this site already has a DNS (8.4.6-REL-NOESW) & DHCP Server set up on a debian based router.
    • They are connected to a middle school (On the same site) via another router and they have an existing SME DC that is working fine

    My question is what should I do to get the Active Directory using the existing DNS service? Is it possible or do I need to set up a new DNS server on the AD box and just configure them to talk to eachother?
    I am a complet nix newbie so please be gentle

  2. #2
    Diello's Avatar
    Join Date
    Jun 2005
    Location
    Kent, England
    Posts
    1,063
    Thank Post
    111
    Thanked 228 Times in 128 Posts
    Rep Power
    73
    Technically, yes, you can configure AD to use BIND for it's DNS queries - however, I wouldn't recommend it.

    Using DNS in AD Integrated mode will be much better for you really - easier to manage, less error prone, and gives you the benefit of multi-master. Use DNS on your W2k3 box to manage your local domain, then setup the Debian box as a forwarder maybe? Might also want to look at upgrading BIND to v9.

    Take a look here: http://www.microsoft.com/technet/arc....mspx?mfr=true

  3. #3

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    I presume the DNS is ISC BIND and the DHCP is ISC DHCPD then?

    You need to make sure that either DHCP updates DNS when it issues a lease or that the Windows clients have sufficient access to be able to push DNS updates to the DNS server themselves.

    You also either need to delegate the AD subzones '_tcp', '_udp', '_msdcs' and '_sites' in DNS to the DNS server running on the W2k3 DC.

    Alternatively you can create your own static records and put them in your existing DNS server configuration. Your existing DNS server must support SRV records for this to function.

    More info on technet here:

    Microsoft Corporation
    Microsoft Corporation

    Using DNS in AD Integrated mode will be much better for you really - easier to manage, less error prone, and gives you the benefit of multi-master.
    You get all this with BIND, and more. Try to migrate away will just add to the OPs headaches.

  4. #4
    Diello's Avatar
    Join Date
    Jun 2005
    Location
    Kent, England
    Posts
    1,063
    Thank Post
    111
    Thanked 228 Times in 128 Posts
    Rep Power
    73
    Quote Originally Posted by Geoff View Post
    You get all this with BIND, and more. Try to migrate away will just add to the OPs headaches.
    On BIND8?! Didn't even think BIND9 bin multi-master copies of the DNS zone?

    Darn you and your Google-Brain :P

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    Sure it does. Here's an example, with 3 masters. One using a non-default port and one using IPv6..

    Code:
    zone "example.com" in {
        type slave;
        file "slave.example.com";
        masters {192.168.2.7; 10.2.3.15 port 1127; 2001:db8:0:1::15};
    };

  6. Thanks to Geoff from:

    Diello (10th April 2008)

  7. #6
    Diello's Avatar
    Join Date
    Jun 2005
    Location
    Kent, England
    Posts
    1,063
    Thank Post
    111
    Thanked 228 Times in 128 Posts
    Rep Power
    73
    Interesting, thanks - Nice to learn something new!

  8. #7
    thom's Avatar
    Join Date
    Jul 2005
    Location
    Bedford, East Anglia, UK
    Posts
    242
    Thank Post
    4
    Thanked 6 Times in 5 Posts
    Rep Power
    19
    Thanks guys, a couple of things,
    I presume the DNS is ISC BIND and the DHCP is ISC DHCPD then?
    You are correct Geoff.
    I set up a virtual machine of 2003 svr to do some testing and it got me wondering about what order to do stuff in.
    I set up AD with dns integrated and setup the router as a forwarder. That seemed to work OK.
    Do i still need to do what Geoff says and why?
    You also either need to delegate the AD subzones '_tcp', '_udp', '_msdcs' and '_sites' in DNS to the DNS server running on the W2k3 DC.
    The current dns zone on the router is "site1.contoso.co.uk"
    I wanted the new lan to be called "contoso.lan"
    Is that possible or will it need to be something like "new.site1.contoso.co.uk" or "new.contoso.co.uk"

  9. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223
    What you have done will work, however it's messy and not really the 'correct' way to do it.

    If you want to do it the 'right' way, perform a domain DNS rename using the domain rename tool, then proceed to follow whichever one of my solutions you feel like.

  10. #9
    thom's Avatar
    Join Date
    Jul 2005
    Location
    Bedford, East Anglia, UK
    Posts
    242
    Thank Post
    4
    Thanked 6 Times in 5 Posts
    Rep Power
    19
    Sorry Geoff but I am a bit confused
    The new Server is currently part of the existing SME domain and hasn't been elveated to DC yet. I want to do it the "right" way so I am keen to follow your instructions. Is this the right order?
    1, Update DHCP to v9
    2, Add "aac.lan" as a zone on the DNS server config file
    3, Run dcpromo on 2003 server
    3a, Choose DC for new domain
    3b, Choose "domain in new forest"
    3c, Full DNS name = contoso.lan
    3d, DNS Registration Diagnostics - install DNS later
    I have just done this on my test server (except the bind update/configuration)
    Am I on the right track? What's next?
    I am just going to treat myself to a lunch break while that is updating :-)

SHARE:
+ Post New Thread

Similar Threads

  1. Test Environment
    By Neville in forum Thin Client and Virtual Machines
    Replies: 2
    Last Post: 25th February 2008, 10:19 AM
  2. Learning Environment Manager
    By DanLW in forum Educational IT Jobs
    Replies: 1
    Last Post: 20th February 2008, 11:04 AM
  3. Mixed Office 2002 and 2003 environment - Known issues?
    By meastaugh1 in forum How do you do....it?
    Replies: 8
    Last Post: 17th November 2006, 10:59 PM
  4. Replies: 10
    Last Post: 26th October 2006, 08:07 AM
  5. Study environment
    By dezt in forum How do you do....it?
    Replies: 16
    Last Post: 10th March 2006, 09:58 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •