Solved

How to setup an unregistered internal AD domain whilst creating a domain controller

Posted on 2004-08-10
8
347 Views
Last Modified: 2010-04-14
I am simply trying to experiment with creating and modifying domain controllers, and learning how to use Active directory.  
I understand that DNS is integral to this in resolving names to addresses and so on. The two DNS addresses that were automatically selected on my home ADSL router are 217.13.4.24 and 217.13.7.140 which I have traced back to my service provider.  If I am setting up my own DNS under 2000, should I be disabling the DNS on my router first?

Second issue:  How do I chose and employ a ficticious domain name without getting into trouble on the WEB.  How can I be sure that my new unregistered experimental domain called BIGFIRM.BIZ will not create problems with other DNS servers on the web.  I am assuming that any DNS server on my LAN will eventually connect up with others on the WEB to confirm or inform of the existence of my new unregistered domain BIGFIRM.BIZ, and create problems.  I read something somewhere about being able to chose between an internal domain name and one which is connected to the WEB.  I have an ADSL connection both here and at school.  Does that mean that I can not have an internal domain?  As you can see I am very confused.

Third issue:  I tried to convert my win2000 advanced server to a domain controller for the first time.  Half way through the process I was warned that "No DNS server could be found" , which surprised me because "ipconfig /all" showed clearly the above 2 DNS server addresses.  "Do you want win2000 to setup a DNS server?" was the next question.  Mark Minasi wrote in his book MASTERING WIN2003 SERVER do not say yes to this option here. It only leads to problems.  Instead stop the installation and make sure the DNS server has been properly setup.  Then install the domain controller.

I did not follow his advice.  I followed Microsofts RECOMMENDED option and allowed 2000 to create the DNS server.  Then when I tried to join the new domain on another 2000 pro PC, I got the message that the domain could not be found and that perhaps I had a problem with DNS.

I would really value some answers to the above 3 points, as I need to setup 2003 server as a domain controller and 20 domain clients in the next week at school.
0
Comment
Question by:Alistair7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11762340
You need to clear up a few misunderstandings before setting up your domain.

1: Use a private network. If your computer is hooked up directly to a cable / DSL modem (meaning you have a publicly routable IP address), STOP now and pick up a cheap cable/DSL router. You will want to start with a private network range, which will probably be something like 192.168.1.0 mask 255.255.255.0 by default, if you buy a Linksys router.

2: Ignore your internet provider's DNS for now, it is only there for you to look up hosts on the public internet. For your Active Directory, you will want your own private DNS server (most likely running on your Domain Controller), which you can configure later to forward queries to the ISP if you wish (more on that later). If this is done properly, you will not have to worry about any DNS conflicts on the web, regardless of what domain name you choose (no one on the internet will ever look up DNS records from your server - it is strictly for internal use by your Active Directory on the private network).

3: Once your DC is installed, and the DNS service is up and running, your clients / member servers will need to have their NICs configured so the Domain Controller is their primary DNS server. Since you will be on a private network segment by this point, you could choose to set up the DHCP service on your domain controller and configure client addresses that way (do NOT do this if you are on a network segment that you are not responsible for - IE, in a school environment, there may already be DHCP servers on the network. If you add your own unauthorized server, you will cause problems. Make sure you are on your own isolated physical segment before installing a DHCP server).
0
 

Author Comment

by:Alistair7
ID: 11762535
I'm responsible for small 20 PC school system.

1 I do not know if we have a cable/DSL modem or a cable/DSL router.  All of our internal addresses are 10.0.0.x.  Gateway = 10.0.0.1.  Does that answer that question?

2 That was a help

3 I understand that there should only be one DHCP server unless they have different ip ranges.  I forgot about configuring the client NICs.  I will try that now.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11763780
1 - Sounds like you already have a router, since the 10.* network is private. So you've got that part covered already.

With that in mind, the Domain you already built should be nearly functional. All that's left is to configure your clients to point to the domain controller for DNS (whcih you are doing), and to configure the DNS service to forward unknown host queries on to your ISP's dns server. (Administrative Tools -> DNS. Right click the Domain Controller, select Properties. Forwarding tab. Check Enable Forwarders, and add your ISP's DNS server IPs to the list).
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:Alistair7
ID: 11767325
I am still getting the same message.  "Cannot find bigfirm.biz domain"

The following shows my server configuration:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : moonburn
        Primary DNS Suffix  . . . . . . . : bigfirm.biz
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : bigfirm.biz

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adap
ter
        Physical Address. . . . . . . . . : 00-0C-76-BC-83-53
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.0.5
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.5

The following is the client:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : banan-----
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter
        Physical Address. . . . . . . . . : 00-0C-76-BC-83-53
        DHCP Enabled. . . . . . . . . . . : Ja
        IP Address. . . . . . . . . . . . : 10.0.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DHCP server........................:10.0.0.1
        DNS server............................10.0.0.5
 
On the client I opened properties for Internet protocol(TCP/IP)
Selected USE THE FOLLOWING DNS SERVER
typed 10.0.0.5
did not alter anything under advanced
OK
OK

On the server I also did precisely the same change.  I don't know if I should have left that with the original 2 external DNS addresses.

I also did what you said under the forwarders tab and put in one of the external DNS addresses.

On the INTERFACES tab I have selected only 10.0.0.5.

Under the MONITORING tab I have also done the 2 simple DNS tests and passed.

What have I done wrong??
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11767858
Hmm... everything in the ipconfig outputs looks correct. From the client workstation, if you run nslookup and query for moonburn.bigfirm.biz - does it find an IP address?
0
 

Author Comment

by:Alistair7
ID: 11767929
dlwyatt82

I found a microsoft article on exactly this problem which enabled me to get it working.

I have now managed to join the domain from the client.

I think it was the use of

ipconfig /flushdns
and
ipconfig /registerdns

which did the trick maybe.


Does the issue of private and public domains centre around whether one has an
ADSL router as opposed to an ADSL modem (publicly routable ip address)?

Why do some private addresses begin with 10.0.0.x  whilst others look like the address you mentioned above? (192.168.1.0)

0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 500 total points
ID: 11768009
There are several IP networks which are classified as "private", which means no routers on the internet will send traffic bound for those addresses.

The private network ranges are:

10.0.0.0-10.255.255.255 (class A)
172.16.0.0-172.31.255.255 (class B)
192.168.0.0-192.168.255.255 (class C)

Regarding your first question, I'm not quite sure what you mean when you say "private and public domains". If you're referring to DNS, the difference is that in the public internet, people need to be able to find your DNS server (this is accomplished by registering your domain with an orginization like InterNIC, and your second-level domain name / DNS server IP will be added to the records of the top-level DNS servers for .com, .org, or whatever). In a private DNS environment, you will be configuring your clients to point straight at your DNS server, and no one on the public internet will need to resolve the hostnames for your network, so there is no registration or public knowledge of your DNS domain at all.
0
 

Author Comment

by:Alistair7
ID: 11768062
Thanks a lot for all the help.  Much appreciated.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows 2000 Print Server 2 1,064
Old Schema existing from Windows 2000 DC that is no longer available 14 141
OLD CPUs 12 126
Using VBScript. How to obtain the recomended paging file size? 8 106
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question