RE: [OT] Window 7 connecting to a Win 2003 Domain

["Keith Doxey" <ukha@xxxxxxxxxxx>]

Hi Paul

Thanks for all that info. Hopefully I will get everything sorted pretty
quickly tomorrow :)

Keith

-----Original Message-----
From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf Of
Paul Gordon
Sent: 23 February 2010 22:32
To: ukha_d@xxxxxxx
Subject: RE: [ukha_d] [OT] Window 7 connecting to a Win 2003 Domain

Ah, righto - welcome to the fun world of AD management.. Lesson number 1 is
that DNS is absolutely fundamental to the very core of AD operation...

In the scenario you describe, DNS is almost certainly running on the SBS
server and providing the DNS service to support the AD.

Generally speaking, you almost always want to have ALL computers that are
members of the domain (or want to be!)to use THAT as their primary DNS -
Domain members have constant requirements to query for numerous Active
Directory related resources, and if the clients can't query a DNS that has
the AD's resource records all manner of things tend to go screwy...

There's no harm in setting the client to point to the SBS server as its
*primary* DNS, and the existing gateway/router as its secondary DNS. I'm
assuming that DNS settings are currently dished out by the DHCP service in
the router, so you almost certainly want to update the DHCP scope options
to
give correct DNS settings to all clients. This involves no change to
existing network services, and is a perfectly safe operation that should
not
break anything... (provided you take care to ensure that queries can still
get out to the internet by one of the methods mentioned below).

I presume the router is actually performing as a DNS proxy to the ISP's
external DNS service, hence why the clients currently all point to it.

What *I* would do in this environment, - based on what you've said so far -
is...

Confirm the SBS server is running DNS. This is almost certainly the case,
since AD services won't allow you to complete the installation unless &
until you provide it with an AD-compliant DNS service. - (If AD setup can't
find one on the network, it will offer to install DNS on the server you're
building and just use that)
Set the SBS servers' own DNS client settings to point to ITSELF as its
primary DNS - ensure that it is set to "register this connections
addresses
in DNS" - this is very likely already the case as the SBS setup
probably
configured that automatically.
Set the DHCP scope on the router to give all other machines the SBS server
as their primary/preferred DNS server. Optionally set it to also assign the
router as their secondary/alternate DNS server.
Configure the DNS Service running on the SBS server to use either the
router
*OR* if you know them, the ISP's external DNS addresses as FORWARDERS - the
end result is the same, since the DNS in the router is almost certainly
just
proxying the queries onward to those ISP servers...
If you really felt inclined, you could do both: set the ISPs DNS as a
forwarder on the SBS, *and* set the clients to use the router as a
secondary
DNS... - then client queries have two distinct routes to get out to the
external DNS...

>From a clients perspective, henceforth it will issue all DNS queries to
the
SBS server. - That's what you *need* to happen if the client is looking for
AD resources... If the client is actually querying for something external,
the DNS on the SBS server will forward the request, via the router, to the
ISP... If for some reason the server can't forward the request, then if
you've also set the router as the clients secondary DNS, then client can
then re-issue the query straight out that way...

HTH

Paul G.




------------------------------------

<*> Join the Automated Home Forums
http://www.automatedhome.co.uk/vbulletin/