Bruce_Leypoldt
asked on
Are both DNS and WINS neccessary when using Active Directory?
Recently, we switched from an NT based network to a Windows 2003 Server running Active Directory. We also run 2 domains, one in Iowa and one in Nebraska on a VPN.
We were told that under Active Directory, we didn't need to run WINS, but if we take the WINS settings out of our network settings, we can't browse the other domain by name, just ip address.
For instance, we have a server in Iowa cleverly named "Server". If I take the WINS out of my workstation and type in \\server, in my address bar, it won't connect, but if I type in \\10.0.2.2 it connects fine.
If I have WINS enables, it works fine.
Is there a reason not to leave WINS enables if things are working?
We were told that under Active Directory, we didn't need to run WINS, but if we take the WINS settings out of our network settings, we can't browse the other domain by name, just ip address.
For instance, we have a server in Iowa cleverly named "Server". If I take the WINS out of my workstation and type in \\server, in my address bar, it won't connect, but if I type in \\10.0.2.2 it connects fine.
If I have WINS enables, it works fine.
Is there a reason not to leave WINS enables if things are working?
hmm sounds like your DNS isnt setup properly between domains, a WINS server will only really affect your network browsing within my netowrk places (relies on netbios) the rest of it is controlled by DNS
When you say two domains are these two forests or one forest, two domains?
if you do \\server without WINS it will do
\\server.yourdomain.local
so if server doesn't have an entry in your DNS zone because it is on another zone then it fails...
Options here include:
Adding a CNAME to your DNS for server pointing at server.otherdomain.local. or an A record to the IP address
Adding a DNS suffix search list to each host -- test it one and if that helps you can roll out with a GPO:
http://support.microsoft.com/default.aspx?scid=kb;en-us;294785
if you do \\server without WINS it will do
\\server.yourdomain.local
so if server doesn't have an entry in your DNS zone because it is on another zone then it fails...
Options here include:
Adding a CNAME to your DNS for server pointing at server.otherdomain.local. or an A record to the IP address
Adding a DNS suffix search list to each host -- test it one and if that helps you can roll out with a GPO:
http://support.microsoft.com/default.aspx?scid=kb;en-us;294785
(Presumably you also can't just do PING server without WINS in place too?)
ASKER
Actually, I think we stumbled on the solution to this issue. We have a local domain (GURLEY) that needs to be accessed by another domain (CLINTON) at a remote facility 700 miles away. Conversely, Users on our local GURLEY domain need to access Files/Folders on our CLINTON domain. The two facilities are connected via an Internet VPN tunnel. The IP address of our GURLEY domain server is 10.0.1.106, and the IP address of the remote CLINTON domain server is 10.0.2.2.
I solved our problem by including a WINS address of 10.0.2.2 on all of our local (GURLEY) PC's. Conversely, I included a WINS address of 10.0.1.106 on all of our remote (CLINTON) PC's.
Thanks to all for your input,
Bruce Leypoldt
I solved our problem by including a WINS address of 10.0.2.2 on all of our local (GURLEY) PC's. Conversely, I included a WINS address of 10.0.1.106 on all of our remote (CLINTON) PC's.
Thanks to all for your input,
Bruce Leypoldt
Well that is really really BAD idea. If you'd like to know the correct way feel free to open the question again!
ASKER
Very Interesting. Does posting this comment "re-open" the question, or do I need to re-submit it.
Thanks - Bruce Leypoldt
Thanks - Bruce Leypoldt
What you are doing there if I understood correctly is meaning that each pc will be chatting to the wins server the other end of your vpn link, potentilly making it slow to use and using the connection more than needed.
If you want to re open the question to discuss further you can post a link in the community support area asking for it be reopened or start a new q I suppose.
Your correct solution would involve setting up the two WINS servers as replication partners then the WINS database on both sites would contain the same information and pcs would talk to their local wins. Only the server would replicate changes to the other server.
Will give you more details if you wish, was a quick comment before because I didn't have long...
If you want to re open the question to discuss further you can post a link in the community support area asking for it be reopened or start a new q I suppose.
Your correct solution would involve setting up the two WINS servers as replication partners then the WINS database on both sites would contain the same information and pcs would talk to their local wins. Only the server would replicate changes to the other server.
Will give you more details if you wish, was a quick comment before because I didn't have long...
Thanks Jay_Jay
Bruce, are you there still? Are these two different forests rather than two domains in one forest? We might just need to get a stub zone or secondary of the other companies DNS zones on each other's servers or look at setting up replication of the WINS servers if you decide to go the WINS way. I presume there is a trust there between the domains if in seperate forests as you say users can access things.
regards
Steve
Bruce, are you there still? Are these two different forests rather than two domains in one forest? We might just need to get a stub zone or secondary of the other companies DNS zones on each other's servers or look at setting up replication of the WINS servers if you decide to go the WINS way. I presume there is a trust there between the domains if in seperate forests as you say users can access things.
regards
Steve
ASKER
Sorry about the delay in getting back to this site. I'm relatively knew to the Server 2003 arena and am unfamiliar with the term, "Forest". Let me explain this situation again and see if I can make it more clear.
We have a 2003 Server here at our headquarters. It is our WINS server for our GURLEY domain, has an IP address of 10.0.1.106, and the Server name is "NT-Server". In addition, we have a 2003 Server at a remote facility in another state. It is a WINS server for a domain called "CLINTON". It has an IP address of 10.0.2.2 with a server name of "Server". Both domains (GURLEY and CLINTON) are setup to Trust each other. In addition, both servers communicate via an Internet VPN tunnel.
We have Users on the GURLEY domain that need to access files/folders on the CLINTON domain, and vice versa. The only way I have been able to have our GURLEY domain users "See" files/folders on the CLINTON domain is to include a WINS setting of 10.0.2.2 on their TCP/IP properties on their local XP Professional machines. Conversely, the Users on the CLINTON domain have a WINS setting of 10.0.1.106 on their TCP/IP properties on the local XP Professional machines.
Thanks - Bruce
We have a 2003 Server here at our headquarters. It is our WINS server for our GURLEY domain, has an IP address of 10.0.1.106, and the Server name is "NT-Server". In addition, we have a 2003 Server at a remote facility in another state. It is a WINS server for a domain called "CLINTON". It has an IP address of 10.0.2.2 with a server name of "Server". Both domains (GURLEY and CLINTON) are setup to Trust each other. In addition, both servers communicate via an Internet VPN tunnel.
We have Users on the GURLEY domain that need to access files/folders on the CLINTON domain, and vice versa. The only way I have been able to have our GURLEY domain users "See" files/folders on the CLINTON domain is to include a WINS setting of 10.0.2.2 on their TCP/IP properties on their local XP Professional machines. Conversely, the Users on the CLINTON domain have a WINS setting of 10.0.1.106 on their TCP/IP properties on the local XP Professional machines.
Thanks - Bruce
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The idea that you don't need WINS under AD comes from the fact that AD and domain membership uses DNS now instead of Netbios Name Resolution. Being able to Browse the network in Explorer is a different thing not actually related to AD.