Solved

Active directory and DC acting strange

Posted on 2007-03-22
12
205 Views
Last Modified: 2010-03-17
Hi experts,
Some of you may find this question very interesting.
Background: I am running into a situation where my Active Directory is not functioning at all and I had it working very good before that. Recently I have added web service to this machine and migrated IIS from Win 2K server. BTW my AD is wrunning on Windows 2003 server.
Problem: After I have the machine runing IIS, I found out one fine day that my dns is totally messed up. The domain I used to use is no more valid one. When I run "nslookup lab.com" it gives me some weried IP address. The site "lab.com" exists in the web and as if my AD is trying to connect to that domain and earlier it was only my domain inside our subnet. Since, AD crashed, DHCP also crashed.
Questions:
Now I have been advised by my senior Computer guys, to use another existing domain for AD. This domain is named "lab.university.ca"( no chance of being duplicate). The machine that is running this domain and dns service won't be part of the domain, so I don't understand how will my  AD work as Domain controller for this domain? As far my understanding about AD I know that I have to have an operational domain and at the same time I need to have it on the same server. Am I right or wrong?
Secondly how my DNS got messed up? How can my server starts trying to talk to a domain which is not at all in our physical network. I can have similar domain like other commercial website has, but it should not be  a problem as long as I have it inside my subnet. But what could cause this kind of situation?
Finally, what should I do to configure my AD? Can I stick to my old domain " lab.com" and how or should I need to change the domain?
FYI, for few days I had all service running very smooth on the server until I come across this problem. I would appreciate all your expert comment and advice.
0
Comment
Question by:srabanti_chitte
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 4
12 Comments
 
LVL 22

Expert Comment

by:mcsween
ID: 18774885
I don't completely understand your issue, from what I can gather is you are starting over with your domain...is this correct?

If so pick a name that ends in .local as this will never resolve to a public IP.

What do you mean by:
As far my understanding about AD I know that I have to have an operational domain and at the same time I need to have it on the same server.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18775229
yeah i am a little lost here too...the problem obviously occured after importing IIS...i take it that a site within IIS matches your current domain name?
0
 

Author Comment

by:srabanti_chitte
ID: 18779459
Sorry, guys if it souns confusing.
My web service and IIS domain are working fine. But problem is with my AD domain.It resolves to public IP which is causing my DC to fail. Yes, everything started after I moved IIS to my DC.
So my first question was is it due to IIS and if so why? Is it a problem if I have IIS and DC on the same machine?
Second concern was if I use another domain name for my DC is it necessary to have the DNS running on the same server where AD is installed? Right now the DNS is running on another machine and my AD is on windows server 2003. If the DNS machine is not part of the domain can AD talk to the dns?
At this moment these are my primary issue to take care. Please ignore other information in my orginal question.
Thank you.

0
Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18791018
DNS should be on the DC yes

IIS is fine to have on a DC as well, though your naming conflicts as you have found, come from your internal domain name matching your external. Good news is its usually not to hard to fix.

IIS would have caused this in conjunction with internal domain nameing
0
 

Author Comment

by:srabanti_chitte
ID: 18793339
Thanks Jay-jay.
How to fix this IIname matching issue?
So DNS has to be running on the DC...hmm.
What would happen if DNS is running on another machine in teh same domain?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18797725
It doesnt have to be, but it should be for completeness sake

can you post an ipconfig /all of your server?
0
 

Author Comment

by:srabanti_chitte
ID: 18799587
Thanks Jay-Jay.
Here is the ipconfig information for my AD server.
C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : cfl-x
   Primary Dns Suffix  . . . . . . . : uwindsor.ca
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : uwindsor.ca

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : uwindsor.ca
   Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network Connection
   Physical Address. . . . . . . . . : 00-C0-9F-07-33-2A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 137.207.200.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 137.207.200.1
   DNS Servers . . . . . . . . . . . : 137.207.32.2
                                                 137.207.32.32
I also paste the nslookup result for my server.
C:\Documents and Settings\Administrator>nslookup mlab.com
Server:  ns2.uwindsor.ca
Address:  137.207.32.2

Non-authoritative answer:
Name:    mlab.com
Address:  66.35.215.92
So you suggest that it is bette to have DNS on the same machine..right?
Now if I need to rename my AD domain, what shall I do? Is it ok to use rename tool from Microsoft? I think if I need to use that tool, I should have dns running on the same server.
Please advise.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18855721
sorry for the late reply, dont go the rename path, it will break your domain

i think for starters that we need to put DNS on the same box
0
 
LVL 22

Accepted Solution

by:
mcsween earned 250 total points
ID: 18858377
Looking at your IPConfig:
Is this machine on a public or private network?
What is your Active Directory domain name (mlab.com or uwindsor.ca)
What is your Companys Public DNS address? (mlab.com or uwindsor.ca)

DNS should always be on your Active Directory Controller using AD Integrated forward and reverse lookup zones.
0
 
LVL 22

Expert Comment

by:mcsween
ID: 18859681
If your internet domain and AD Domain name are the same create an "A" record in your forward lookup zone called www and assign it your public IP address.  This will allow clients on your network to resolve your website correctly.
0
 

Author Comment

by:srabanti_chitte
ID: 18859822
Actually they are not same. The domain mlab.com I used for AD was exclusively for a computer lab and domain uwindsor.ca is public domain. Another point is I don't want to use mlab.com as public doomain. Thank you for your comment.
0
 
LVL 22

Expert Comment

by:mcsween
ID: 18860609
I would use mlab.local then.  MS Best Practices state not to use a domain name that can be resolved on the internet as an internal AD name.  mlab.com does resolve on the internet.

H:\>nslookup mlab.com
Server:  srwadc03.spr.spgroup.inc
Address:  192.168.1.38

Non-authoritative answer:
Name:    mlab.com
Address:  66.35.215.92
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A hard and fast method for reducing Active Directory Administrators members.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question