Solved

How to setup an unregistered internal AD domain whilst creating a domain controller

Posted on 2004-08-10
8
352 Views
Last Modified: 2010-04-14
I am simply trying to experiment with creating and modifying domain controllers, and learning how to use Active directory.  
I understand that DNS is integral to this in resolving names to addresses and so on. The two DNS addresses that were automatically selected on my home ADSL router are 217.13.4.24 and 217.13.7.140 which I have traced back to my service provider.  If I am setting up my own DNS under 2000, should I be disabling the DNS on my router first?

Second issue:  How do I chose and employ a ficticious domain name without getting into trouble on the WEB.  How can I be sure that my new unregistered experimental domain called BIGFIRM.BIZ will not create problems with other DNS servers on the web.  I am assuming that any DNS server on my LAN will eventually connect up with others on the WEB to confirm or inform of the existence of my new unregistered domain BIGFIRM.BIZ, and create problems.  I read something somewhere about being able to chose between an internal domain name and one which is connected to the WEB.  I have an ADSL connection both here and at school.  Does that mean that I can not have an internal domain?  As you can see I am very confused.

Third issue:  I tried to convert my win2000 advanced server to a domain controller for the first time.  Half way through the process I was warned that "No DNS server could be found" , which surprised me because "ipconfig /all" showed clearly the above 2 DNS server addresses.  "Do you want win2000 to setup a DNS server?" was the next question.  Mark Minasi wrote in his book MASTERING WIN2003 SERVER do not say yes to this option here. It only leads to problems.  Instead stop the installation and make sure the DNS server has been properly setup.  Then install the domain controller.

I did not follow his advice.  I followed Microsofts RECOMMENDED option and allowed 2000 to create the DNS server.  Then when I tried to join the new domain on another 2000 pro PC, I got the message that the domain could not be found and that perhaps I had a problem with DNS.

I would really value some answers to the above 3 points, as I need to setup 2003 server as a domain controller and 20 domain clients in the next week at school.
0
Comment
Question by:Alistair7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11762340
You need to clear up a few misunderstandings before setting up your domain.

1: Use a private network. If your computer is hooked up directly to a cable / DSL modem (meaning you have a publicly routable IP address), STOP now and pick up a cheap cable/DSL router. You will want to start with a private network range, which will probably be something like 192.168.1.0 mask 255.255.255.0 by default, if you buy a Linksys router.

2: Ignore your internet provider's DNS for now, it is only there for you to look up hosts on the public internet. For your Active Directory, you will want your own private DNS server (most likely running on your Domain Controller), which you can configure later to forward queries to the ISP if you wish (more on that later). If this is done properly, you will not have to worry about any DNS conflicts on the web, regardless of what domain name you choose (no one on the internet will ever look up DNS records from your server - it is strictly for internal use by your Active Directory on the private network).

3: Once your DC is installed, and the DNS service is up and running, your clients / member servers will need to have their NICs configured so the Domain Controller is their primary DNS server. Since you will be on a private network segment by this point, you could choose to set up the DHCP service on your domain controller and configure client addresses that way (do NOT do this if you are on a network segment that you are not responsible for - IE, in a school environment, there may already be DHCP servers on the network. If you add your own unauthorized server, you will cause problems. Make sure you are on your own isolated physical segment before installing a DHCP server).
0
 

Author Comment

by:Alistair7
ID: 11762535
I'm responsible for small 20 PC school system.

1 I do not know if we have a cable/DSL modem or a cable/DSL router.  All of our internal addresses are 10.0.0.x.  Gateway = 10.0.0.1.  Does that answer that question?

2 That was a help

3 I understand that there should only be one DHCP server unless they have different ip ranges.  I forgot about configuring the client NICs.  I will try that now.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11763780
1 - Sounds like you already have a router, since the 10.* network is private. So you've got that part covered already.

With that in mind, the Domain you already built should be nearly functional. All that's left is to configure your clients to point to the domain controller for DNS (whcih you are doing), and to configure the DNS service to forward unknown host queries on to your ISP's dns server. (Administrative Tools -> DNS. Right click the Domain Controller, select Properties. Forwarding tab. Check Enable Forwarders, and add your ISP's DNS server IPs to the list).
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:Alistair7
ID: 11767325
I am still getting the same message.  "Cannot find bigfirm.biz domain"

The following shows my server configuration:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : moonburn
        Primary DNS Suffix  . . . . . . . : bigfirm.biz
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : bigfirm.biz

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adap
ter
        Physical Address. . . . . . . . . : 00-0C-76-BC-83-53
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.0.5
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.5

The following is the client:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : banan-----
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter
        Physical Address. . . . . . . . . : 00-0C-76-BC-83-53
        DHCP Enabled. . . . . . . . . . . : Ja
        IP Address. . . . . . . . . . . . : 10.0.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DHCP server........................:10.0.0.1
        DNS server............................10.0.0.5
 
On the client I opened properties for Internet protocol(TCP/IP)
Selected USE THE FOLLOWING DNS SERVER
typed 10.0.0.5
did not alter anything under advanced
OK
OK

On the server I also did precisely the same change.  I don't know if I should have left that with the original 2 external DNS addresses.

I also did what you said under the forwarders tab and put in one of the external DNS addresses.

On the INTERFACES tab I have selected only 10.0.0.5.

Under the MONITORING tab I have also done the 2 simple DNS tests and passed.

What have I done wrong??
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11767858
Hmm... everything in the ipconfig outputs looks correct. From the client workstation, if you run nslookup and query for moonburn.bigfirm.biz - does it find an IP address?
0
 

Author Comment

by:Alistair7
ID: 11767929
dlwyatt82

I found a microsoft article on exactly this problem which enabled me to get it working.

I have now managed to join the domain from the client.

I think it was the use of

ipconfig /flushdns
and
ipconfig /registerdns

which did the trick maybe.


Does the issue of private and public domains centre around whether one has an
ADSL router as opposed to an ADSL modem (publicly routable ip address)?

Why do some private addresses begin with 10.0.0.x  whilst others look like the address you mentioned above? (192.168.1.0)

0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 500 total points
ID: 11768009
There are several IP networks which are classified as "private", which means no routers on the internet will send traffic bound for those addresses.

The private network ranges are:

10.0.0.0-10.255.255.255 (class A)
172.16.0.0-172.31.255.255 (class B)
192.168.0.0-192.168.255.255 (class C)

Regarding your first question, I'm not quite sure what you mean when you say "private and public domains". If you're referring to DNS, the difference is that in the public internet, people need to be able to find your DNS server (this is accomplished by registering your domain with an orginization like InterNIC, and your second-level domain name / DNS server IP will be added to the records of the top-level DNS servers for .com, .org, or whatever). In a private DNS environment, you will be configuring your clients to point straight at your DNS server, and no one on the public internet will need to resolve the hostnames for your network, so there is no registration or public knowledge of your DNS domain at all.
0
 

Author Comment

by:Alistair7
ID: 11768062
Thanks a lot for all the help.  Much appreciated.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question