Re: [OT] Window 7 connecting to a Win 2003 Domain

["Paul" <paul@xxxxxxxxxxxxxxxxx>]

As I say almost everyday 80% of "problems" with AD are
either DNS or permissions. The other 20% are PICNIC

Paul

--- In ukha_d@xxxxxxx, "Paul Gordon" <paul_gordon@...>
wrote:
>
> Ah, righto - welcome to the fun world of AD management.. Lesson number
1 is
> that DNS is absolutely fundamental to the very core of AD operation...
>
> In the scenario you describe, DNS is almost certainly running on the
SBS
> server and providing the DNS service to support the AD.
>
> Generally speaking, you almost always want to have ALL computers that
are
> members of the domain (or want to be!)to use THAT as their primary DNS
-
> Domain members have constant requirements to query for numerous Active
> Directory related resources, and if the clients can't query a DNS that
has
> the AD's resource records all manner of things tend to go screwy...
>
> There's no harm in setting the client to point to the SBS server as
its
> *primary* DNS, and the existing gateway/router as its secondary DNS.
I'm
> assuming that DNS settings are currently dished out by the DHCP
service in
> the router, so you almost certainly want to update the DHCP scope
options to
> give correct DNS settings to all clients. This involves no change to
> existing network services, and is a perfectly safe operation that
should not
> break anything... (provided you take care to ensure that queries can
still
> get out to the internet by one of the methods mentioned below).
>
> I presume the router is actually performing as a DNS proxy to the
ISP's
> external DNS service, hence why the clients currently all point to it.
>
> What *I* would do in this environment, - based on what you've said so
far -
> is...
>
> Confirm the SBS server is running DNS. This is almost certainly the
case,
> since AD services won't allow you to complete the installation unless
&
> until you provide it with an AD-compliant DNS service. - (If AD setup
can't
> find one on the network, it will offer to install DNS on the server
you're
> building and just use that)
> Set the SBS servers' own DNS client settings to point to ITSELF as its
> primary DNS - ensure that it is set to "register this connections
addresses
> in DNS" - this is very likely already the case as the SBS setup
probably
> configured that automatically.
> Set the DHCP scope on the router to give all other machines the SBS
server
> as their primary/preferred DNS server. Optionally set it to also
assign the
> router as their secondary/alternate DNS server.
> Configure the DNS Service running on the SBS server to use either the
router
> *OR* if you know them, the ISP's external DNS addresses as FORWARDERS
- the
> end result is the same, since the DNS in the router is almost
certainly just
> proxying the queries onward to those ISP servers...
> If you really felt inclined, you could do both: set the ISPs DNS as a
> forwarder on the SBS, *and* set the clients to use the router as a
secondary
> DNS... - then client queries have two distinct routes to get out to
the
> external DNS...
>
> From a clients perspective, henceforth it will issue all DNS queries
to the
> SBS server. - That's what you *need* to happen if the client is
looking for
> AD resources... If the client is actually querying for something
external,
> the DNS on the SBS server will forward the request, via the router, to
the
> ISP... If for some reason the server can't forward the request, then
if
> you've also set the router as the clients secondary DNS, then client
can
> then re-issue the query straight out that way...
>
> HTH
>
> Paul G.
>
>
> -----Original Message-----
> From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf Of
> Keith Doxey
> Sent: 23 February 2010 18:34
> To: ukha_d@xxxxxxx
> Subject: RE: [ukha_d] [OT] Window 7 connecting to a Win 2003 Domain
>
> Thanks Simon, will look for a copy :)
>
> -----Original Message-----
> From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf Of
> Simon Coates
> Sent: 23 February 2010 17:55
> To: ukha_d@xxxxxxx
> Subject: Re: [ukha_d] [OT] Window 7 connecting to a Win 2003 Domain
>
> Keith,
>
> I can recommend 'Windows Server 2003' by Mark Minasi published by
Sybex -
> extremely well written, and essential reading/reference if you're
going to
> manage the server at work.
>
> Good luck.
>
> Simon
>
>   ----- Original Message -----
>   From: Keith Doxey
>   To: ukha_d@xxxxxxx
>   Sent: 23 February 2010 17:49
>   Subject: RE: [ukha_d] [OT] Window 7 connecting to a Win 2003 Domain
>
>
>
>   Hi Paul,
>
>   Thanks for that. I guess *I* will be managing the AD from now on as
I was
>   taken on to cover IT related issues. At the moment the Router is the
>   Gateway, DHCP server and DNS server for the network. Will have to
take a
>   close look at the setup to see what I can change without breaking
the
>   existing network.
>
>   I now work for a telecoms firm and IP telephony is very important so
I
> have
>   to be careful what I change on the router. Will have to discuss it
with a
>   few people first but I am sure we will resolve it eventually.
>
>   I guess the first step would be to tell the router that the server
should
> be
>   the DNS server. There is only one SBS2003 server in the network
which is
> the
>   DC, the remaining machines in the company are all running XP Pro
atm.
>
>   Regards
>
>   Keith
>
>   -----Original Message-----
>   From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf Of
>   Paul Gordon
>   Sent: 23 February 2010 17:10
>   To: ukha_d@xxxxxxx
>   Subject: RE: [ukha_d] [OT] Window 7 connecting to a Win 2003 Domain
>
>   Hey Keith... may I can help a little...
>
>   You say DNS is handled by the internet router, - I'm extremely
sceptical
>   about this, - Active Directory depends absolutely on certain DNS
features:
>   SRV records and Dynamic updates, primarily come to mind. (Although
>   technically, dynamic updates aren't actually mandatory for AD, SRV
records
>   absolutely are).
>
>   I've never heard of a DNS service in a router that supports these
> features.
>   - Of course it might just be that I've led a sheltered life for the
last
> few
>   years, and things do of course change, but nonetheless, until
confronted
>   with incontrovertible proof, I just don't believe that the router is
>   providing AD DNS services to support the domain. I'll bet you fiver
right
>   here & now that DNS is installed & running on at least one
of the domain
>   controllers in the domain... - you really need to set THAT DNS
service as
>   your primary DNS server in the Windows 7 client before you'll get
any
>   success trying to join the domain... - Your Windows 7 client will be
>   querying its configured DNS for SRV records to locate various
service
>   connection points within the active directory; you need more than
just
> name
>   resolution of the DC name to its IP Address, and you need to be able
to
> much
>   more than just ping it...
>
>   Go back to whomever is managing the AD, and get them to tell you the
> address
>   of an AD-compliant DNS server....
>
>   Paul G.
>
>   -----Original Message-----
>   From: ukha_d@xxxxxxx [mailto:ukha_d@xxxxxxx] On Behalf Of
>   Keith Doxey
>   Sent: 23 February 2010 16:16
>   To: UKHA Discussion (UKHA Discussion)
>   Subject: [ukha_d] [OT] Window 7 connecting to a Win 2003 Domain
>
>   HELP !!!.
>
>   Hi All, just started an new job and trying but failing to get my
laptop to
>   connect to the domain under Windows 7. I did eventually succeed
under XP
>   yesterday after I entered details of
"<domain>.local" into both the hosts
>   file and the LM hosts file as I was getting an error message saying
that
> it
>   couldn't find a DNS entry for the domain controller.
>
>   DNS is not handled by the windows server but by the internet router.
Since
>   adding the entries to the host files I can now ping successfully.
>
>   I tried exactly the same under Win7 but it hasn't worked. I CAN ping
OK
> and
>   also get further down the setup route but it fails at the final step
>   complaining about DNS again.
>
>   One more thing that was weird yesterday.... manually trying to join
the
>   domain failed but the wizard succeeded. No luck with either method
in
>   Windows 7
>
>   Any network guru got a clue as to what I am doing wrong ?
>
>   Thanks
>
>   Keith
>
>   [Non-text portions of this message have been removed]
>
>   ------------------------------------
>
>   Yahoo! Groups Links
>
>   ------------------------------------
>
>   Yahoo! Groups Links
>
>
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
> ------------------------------------
>
>
> Yahoo! Groups Links
>
>
>
>
>
> ------------------------------------
>
>
> Yahoo! Groups Links
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.733 / Virus Database: 271.1.1/2700 - Release Date:
02/23/10
> 07:34:00
>




------------------------------------

<*> Join the Automated Home Forums
http://www.automatedhome.co.uk/vbulletin/