• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 177
  • Last Modified:

add a send domain

my office is running win2k server with active directory installed

our primary domain is say abc.com
and it works fine

Now I want to add an 2nd domain say xyz.com

I added but I try to ping xyz.com

unknown host

what any settings I missied ?
1 Solution
First off, according to your description, you had created a new forest instead of a new domain within the same forest.  I'm not sure how big or complex your company is, but this is not usually the way even for many enterprise sized organization.  What you should have done was created an xyz.abc.com child domain.  
Second, do you have an A resource record for xyz.com defined in DNS?  Are the 2 domains registered with all the DNS servers that your clients use?  
adrianmakAuthor Commented:
how to create a child domain in win2k ?

we only have one dns in office
The process of creating a child domain is quite similar to that which you used when promoting your first Windows 2000 member server to the initial root domain for your network. To add a child domain, do this:

1. If you have an OU in the parent domain with the same name as the child domain you intend to create, change the OU?s name.

Note:You receive a misleading ?Directory service is busy? error message during the server promotion process if a parent domain OU has the same name as the child domain. A similar error message appears if you attempt to create a new OU in the parent domain with the same name as that of a child domain. The problem is a duplication of Relative Distinguished Names (RDNs), which Knowledge Base article Q240147, ?Cannot Create an Organizational Unit in the Parent Domain with the Same Name as a Child Domain in Windows 2000,? explains. For this example, you can rename the Students OU in the oakmont.edu domain to Student. Changing the Students OU name prevents adding more student accounts with GroupPol. Alternatively, specify Student as the child domain name in step 7.

2. Verify in the DNS page of the Internet Protocol (TCP/IP) Properties dialog of your network connection that the Preferred DNS Server text box contains the IP address of the parent domain?s DNS server.

3. Run Dcpromo.exe to start the Active Directory Installation Wizard and click Next to bypass the Welcome dialog.

4. In the Domain Controller Type dialog, select the Domain Controller for a New Domain option and click Next.

5. In the Create Tree or Child Domain dialog, select the Create a New Child Domain in an Existing Domain Tree option and click Next.

6. In the Network Credentials dialog, type your user name and password for your Domain Admins account in the parent domain and change the Domain entry, if necessary. Click Next.

7. In the Child Domain Installation Dialog, accept or change the Parent Domain value and type the Child Domain name. As you type, the Complete DNS Name of New Domain text box displays the full childdomain.parentdomain.ext value: students.oakmont.edu for this example. Click Next.

8. In the NetBIOS Domain Name dialog, accept the default or change the NetBIOS name (STUDENTS) used by downlevel clients; then click Next.

9. In the Database and Log Locations dialog, accept the default folders, unless you have a reason to change them, and click Next.

10. In the Shared System Volume dialog, again accept the default unless you want to put Sysvol on another drive. Click Next.

11. If you don?t need to support Windows NT Remote Access Service (RAS) on servers or assignment of Windows 2000 users to Windows NT resource server groups in a mixed-mode domain, select the Permissions Compatible Only with Windows 2000 Servers option. Otherwise, accept the default Permissions Compatible with Pre-Windows 2000 Servers option, which grants the Everyone group permissions for specific folders and other objects that ordinarily restrict access to members of the Authenticated Users group. Click Next.

Don?t select the Permissions Compatible Only with Windows 2000 Servers option until you?ve upgraded all Windows NT resource servers to Windows 2000. Knowledge Base articles Q257988, ?Description of Dcpromo Permissions Choices,? and Q257942, ?Error Message: Unable to Browse the Selected Domain Because the Following Error Occurred...,? describe the consequences of selecting this option. You can?t change the option you select in this dialog without demoting the DC and starting over.

12. In the Directory Services Restore Mode Administrator Password dialog, type and confirm the password to use to remove the domain or administer it with the Ntdsutil.exe command-line utility; click Next.

13. In the Summary dialog, review your settings and then click Next to start the AD installation and child domain creation process, which takes more than the advertised ?several? minutes on moderate-speed servers.

14. Reboot the new DC for the child domain and log on with Enterprise Admins credentials.

15. Launch Active Directory Domains and Trusts, click to expand the parent domain node, right-click the child domain node, and choose Properties to open the childdomain.parentdomain.ext Properties dialog. The target (child) domain must run in native mode, so click Change Mode to make the domain ready for the move with ADMT.

16. Install ADMT on the DC for the child (target) domain. Download instructions are in the ?Easing Restructure and Migration with ADMT? section of Appendix C.

17. On the child DC, launch the Domain Security Settings snap-in from Administrative Tools and navigate to and select the Windows Settings\Security Settings\Local Policies\Audit Policy node.

18. Double-click the Audit account management policy to open the Security Policy Settings dialog. Mark the Define These Policy Settings, Success, and Failure check boxes and click OK to apply the policy.

19. Repeat steps 17 and 18 on the parent domain DC. Account management auditing is required for ADMT operations on user accounts in both domains.
Adding a child domain automatically adds a Dynamic DNS (Active Directory-integrated, DDNS) primary forward lookup zone for the child domain to the parent domain?s DNS server. When users move to the child domain, DHCP doesn?t need to assign their Primary DNS Server to the child domain server?s IP address.
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

adrianmak  - Let me get back to the question.  You said "I added but I try to ping xyz.com - unknown host"

All of the above may be correct, but if you can't ping the other server - you can forget about connecting to the domain.

Please explain what the hardware setup is.  Where are the two domains located.  Same building or remote.  Are there routers or firewalls involved?  I think you need to deal with basic connectivity before anything else.


adrianmakAuthor Commented:
please note that the domain I mentioned is not MS windows domain but a Internet domain dns that I am going to serve Internet guys
Do we take this to mean that your are building an internet information server? As much info as possible would help!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now