Solved

How to setup an unregistered internal AD domain whilst creating a domain controller

Posted on 2004-08-10
8
332 Views
Last Modified: 2010-04-14
I am simply trying to experiment with creating and modifying domain controllers, and learning how to use Active directory.  
I understand that DNS is integral to this in resolving names to addresses and so on. The two DNS addresses that were automatically selected on my home ADSL router are 217.13.4.24 and 217.13.7.140 which I have traced back to my service provider.  If I am setting up my own DNS under 2000, should I be disabling the DNS on my router first?

Second issue:  How do I chose and employ a ficticious domain name without getting into trouble on the WEB.  How can I be sure that my new unregistered experimental domain called BIGFIRM.BIZ will not create problems with other DNS servers on the web.  I am assuming that any DNS server on my LAN will eventually connect up with others on the WEB to confirm or inform of the existence of my new unregistered domain BIGFIRM.BIZ, and create problems.  I read something somewhere about being able to chose between an internal domain name and one which is connected to the WEB.  I have an ADSL connection both here and at school.  Does that mean that I can not have an internal domain?  As you can see I am very confused.

Third issue:  I tried to convert my win2000 advanced server to a domain controller for the first time.  Half way through the process I was warned that "No DNS server could be found" , which surprised me because "ipconfig /all" showed clearly the above 2 DNS server addresses.  "Do you want win2000 to setup a DNS server?" was the next question.  Mark Minasi wrote in his book MASTERING WIN2003 SERVER do not say yes to this option here. It only leads to problems.  Instead stop the installation and make sure the DNS server has been properly setup.  Then install the domain controller.

I did not follow his advice.  I followed Microsofts RECOMMENDED option and allowed 2000 to create the DNS server.  Then when I tried to join the new domain on another 2000 pro PC, I got the message that the domain could not be found and that perhaps I had a problem with DNS.

I would really value some answers to the above 3 points, as I need to setup 2003 server as a domain controller and 20 domain clients in the next week at school.
0
Comment
Question by:Alistair7
  • 4
  • 4
8 Comments
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11762340
You need to clear up a few misunderstandings before setting up your domain.

1: Use a private network. If your computer is hooked up directly to a cable / DSL modem (meaning you have a publicly routable IP address), STOP now and pick up a cheap cable/DSL router. You will want to start with a private network range, which will probably be something like 192.168.1.0 mask 255.255.255.0 by default, if you buy a Linksys router.

2: Ignore your internet provider's DNS for now, it is only there for you to look up hosts on the public internet. For your Active Directory, you will want your own private DNS server (most likely running on your Domain Controller), which you can configure later to forward queries to the ISP if you wish (more on that later). If this is done properly, you will not have to worry about any DNS conflicts on the web, regardless of what domain name you choose (no one on the internet will ever look up DNS records from your server - it is strictly for internal use by your Active Directory on the private network).

3: Once your DC is installed, and the DNS service is up and running, your clients / member servers will need to have their NICs configured so the Domain Controller is their primary DNS server. Since you will be on a private network segment by this point, you could choose to set up the DHCP service on your domain controller and configure client addresses that way (do NOT do this if you are on a network segment that you are not responsible for - IE, in a school environment, there may already be DHCP servers on the network. If you add your own unauthorized server, you will cause problems. Make sure you are on your own isolated physical segment before installing a DHCP server).
0
 

Author Comment

by:Alistair7
ID: 11762535
I'm responsible for small 20 PC school system.

1 I do not know if we have a cable/DSL modem or a cable/DSL router.  All of our internal addresses are 10.0.0.x.  Gateway = 10.0.0.1.  Does that answer that question?

2 That was a help

3 I understand that there should only be one DHCP server unless they have different ip ranges.  I forgot about configuring the client NICs.  I will try that now.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11763780
1 - Sounds like you already have a router, since the 10.* network is private. So you've got that part covered already.

With that in mind, the Domain you already built should be nearly functional. All that's left is to configure your clients to point to the domain controller for DNS (whcih you are doing), and to configure the DNS service to forward unknown host queries on to your ISP's dns server. (Administrative Tools -> DNS. Right click the Domain Controller, select Properties. Forwarding tab. Check Enable Forwarders, and add your ISP's DNS server IPs to the list).
0
 

Author Comment

by:Alistair7
ID: 11767325
I am still getting the same message.  "Cannot find bigfirm.biz domain"

The following shows my server configuration:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : moonburn
        Primary DNS Suffix  . . . . . . . : bigfirm.biz
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : bigfirm.biz

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adap
ter
        Physical Address. . . . . . . . . : 00-0C-76-BC-83-53
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.0.0.5
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DNS Servers . . . . . . . . . . . : 10.0.0.5

The following is the client:

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : banan-----
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter
        Physical Address. . . . . . . . . : 00-0C-76-BC-83-53
        DHCP Enabled. . . . . . . . . . . : Ja
        IP Address. . . . . . . . . . . . : 10.0.0.2
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.0.1
        DHCP server........................:10.0.0.1
        DNS server............................10.0.0.5
 
On the client I opened properties for Internet protocol(TCP/IP)
Selected USE THE FOLLOWING DNS SERVER
typed 10.0.0.5
did not alter anything under advanced
OK
OK

On the server I also did precisely the same change.  I don't know if I should have left that with the original 2 external DNS addresses.

I also did what you said under the forwarders tab and put in one of the external DNS addresses.

On the INTERFACES tab I have selected only 10.0.0.5.

Under the MONITORING tab I have also done the 2 simple DNS tests and passed.

What have I done wrong??
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11767858
Hmm... everything in the ipconfig outputs looks correct. From the client workstation, if you run nslookup and query for moonburn.bigfirm.biz - does it find an IP address?
0
 

Author Comment

by:Alistair7
ID: 11767929
dlwyatt82

I found a microsoft article on exactly this problem which enabled me to get it working.

I have now managed to join the domain from the client.

I think it was the use of

ipconfig /flushdns
and
ipconfig /registerdns

which did the trick maybe.


Does the issue of private and public domains centre around whether one has an
ADSL router as opposed to an ADSL modem (publicly routable ip address)?

Why do some private addresses begin with 10.0.0.x  whilst others look like the address you mentioned above? (192.168.1.0)

0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 500 total points
ID: 11768009
There are several IP networks which are classified as "private", which means no routers on the internet will send traffic bound for those addresses.

The private network ranges are:

10.0.0.0-10.255.255.255 (class A)
172.16.0.0-172.31.255.255 (class B)
192.168.0.0-192.168.255.255 (class C)

Regarding your first question, I'm not quite sure what you mean when you say "private and public domains". If you're referring to DNS, the difference is that in the public internet, people need to be able to find your DNS server (this is accomplished by registering your domain with an orginization like InterNIC, and your second-level domain name / DNS server IP will be added to the records of the top-level DNS servers for .com, .org, or whatever). In a private DNS environment, you will be configuring your clients to point straight at your DNS server, and no one on the public internet will need to resolve the hostnames for your network, so there is no registration or public knowledge of your DNS domain at all.
0
 

Author Comment

by:Alistair7
ID: 11768062
Thanks a lot for all the help.  Much appreciated.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now