Solved

Are both DNS and WINS neccessary when using Active Directory?

Posted on 2006-11-20
15
196 Views
Last Modified: 2010-03-18
Recently, we switched from an NT based network to a Windows 2003 Server running Active Directory. We also run 2 domains, one in Iowa and one in Nebraska on a VPN.
We were told that under Active Directory, we didn't need to run WINS, but if we take the WINS settings out of our network settings, we can't browse the other domain by name, just ip address.
For instance, we have a server in Iowa cleverly named "Server". If I take the WINS out of my workstation and type in \\server, in my address bar,  it won't connect, but if I type in \\10.0.2.2 it connects fine.
If I have WINS enables, it works fine.
Is there a reason not to leave WINS enables if things are working?
0
Comment
Question by:Bruce_Leypoldt
15 Comments
 
LVL 18

Expert Comment

by:Don S.
ID: 17982305
As per Microsoft - Browsing in Windows Explorer uses Netbios Name resolution.  Netbios Name resolution can be either by broadcast or with the aid of a Wins server.  If your network is small, you should be able to browse without a WINS server as long as Netbios broadcasting is enabled and working.  Otherwise, if you have a larger network with routers in it, you will need a WINS server to be able to browse to shares on the other side of the router by name.

The idea that you don't need WINS under AD comes from the fact that AD and domain membership uses DNS now instead of Netbios Name Resolution.  Being able to Browse the network in Explorer is a different thing not actually related to AD.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17982971
hmm sounds like your DNS isnt setup properly between domains, a WINS server will only really affect your network browsing within my netowrk places (relies on netbios) the rest of it is controlled by DNS
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17983944
When you say two domains are these two forests or one forest, two domains?

if you do \\server  without WINS it will do

\\server.yourdomain.local

so if server doesn't have an entry in your DNS zone because it is on another zone then it fails...

Options here include:

Adding a CNAME to your DNS for server pointing at server.otherdomain.local. or an A record to the IP address
Adding a DNS suffix search list to each host -- test it one and if that helps you can roll out with a GPO:

http://support.microsoft.com/default.aspx?scid=kb;en-us;294785
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17983956
(Presumably you also can't just do  PING server   without WINS in place too?)
0
 

Author Comment

by:Bruce_Leypoldt
ID: 17989668
Actually, I think we stumbled on the solution to this issue.  We have a local domain (GURLEY) that needs to be accessed by another domain (CLINTON) at a remote facility 700 miles away.  Conversely, Users on our local GURLEY domain need to access Files/Folders on our CLINTON domain.  The two facilities are connected via an Internet VPN tunnel.  The IP address of our GURLEY domain server is 10.0.1.106, and the IP address of the remote CLINTON domain server is 10.0.2.2.

I solved our problem by including a WINS address of 10.0.2.2 on all of our local (GURLEY) PC's.  Conversely, I included a WINS address of 10.0.1.106 on all of our remote (CLINTON) PC's.  

Thanks to all for your input,

Bruce Leypoldt
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17990197
Well that is really really BAD idea.  If you'd like to know the correct way feel free to open the question again!
0
 

Author Comment

by:Bruce_Leypoldt
ID: 17997120
Very Interesting.  Does posting this comment "re-open" the question, or do I need to re-submit it.

Thanks - Bruce Leypoldt
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17999467
What you are doing there if I understood correctly is meaning that each pc will be chatting to the wins server the other end of your vpn link, potentilly making it slow to use and using the connection more than needed.

If you want to re open the question to discuss further you can post a link in the community support area asking for it be reopened or start a new q I suppose.

Your correct solution would involve setting up the two WINS servers as replication partners then the WINS database on both sites would contain the same information and pcs would talk to their local wins.  Only the server would replicate changes to the other server.

Will give you more details if you wish, was a quick comment before because I didn't have long...

0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 18003576
Thanks Jay_Jay

Bruce, are you there still?  Are these two different forests rather than two domains in one forest?  We might just need to get a stub zone or secondary of the other companies DNS zones on each other's servers or look at setting up replication of the WINS servers if you decide to go the WINS way.  I presume there is a trust there between the domains if in seperate forests as you say users can access things.

regards

Steve
0
 

Author Comment

by:Bruce_Leypoldt
ID: 18057130
Sorry about the delay in getting back to this site.  I'm relatively knew to the Server 2003 arena and am unfamiliar with the term, "Forest".  Let me explain this situation again and see if I can make it more clear.

We have a 2003 Server here at our headquarters.  It is our WINS server for our GURLEY domain, has an IP address of 10.0.1.106, and the Server name is "NT-Server".  In addition, we have a 2003 Server at a remote facility in another state.  It is a WINS server for a domain called "CLINTON".  It has an IP address of 10.0.2.2 with a server name of "Server".  Both domains (GURLEY and CLINTON) are setup to Trust each other.  In addition, both servers communicate via an Internet VPN tunnel.

We have Users on the GURLEY domain that need to access files/folders on the CLINTON domain, and vice versa.  The only way I have been able to have our GURLEY domain users "See" files/folders on the CLINTON domain is to include a WINS setting of 10.0.2.2 on their TCP/IP properties on their local XP Professional machines.  Conversely, the Users on the CLINTON domain have a WINS setting of 10.0.1.106 on their TCP/IP properties on the local XP Professional machines.

Thanks - Bruce
0
 
LVL 43

Accepted Solution

by:
Steve Knight earned 125 total points
ID: 18057455
OK.  If we are using WINS to do this then you have a WINS server on NT-Server and one on Server.  You point the XP clients and the servers to their local server (presumably using setting pushed down through DHCP addresses) and configure the two servers to replicate.  Both servers then have all the records of WINS and your VPN WAN link doesn't have constant chatter of WINS queries and registrations, this traffic would be kept in each LAN and only replication traffic would go over the VPN link.

If each of the domains is in effect completely seperate and probably pre-existing from before Windows 200x days then they are almost certainly seperate forests.  When you create a new domain you can either create it as a new forest or as part of an existing forest.  Domains held within a forest trust each other by default.

To save complicating things until you are more familiar and as you are already working by using a WINS infastructure I won't go into deeply into possible DNS solutions to this (it may be as simple as adding a secondary or stub zone for the other domain to your servers) but

Here's a MS document on configuring WINS though it doesn't specifically deal with your issue it may be useful as background:
http://technet2.microsoft.com/WindowsServer/en/library/1e9caf38-e7a2-4faa-b8e2-564046e265571033.mspx?mfr=true

For the WINS server to server replication, from memory you want to do something like this:  On NT_Server open up WINS manager, go to Replication partners, right click, new replication prtner, enter the IP address of 'server'. Leave settings on defaults of push/pull.  Then do the same on server with the IP of nt_server.


Steve
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now