Solved

How Can I Add and Remove Workstations in a Different Domain Through a VPN Tunnel?

Posted on 2009-04-03
3
245 Views
Last Modified: 2012-05-06
We have a client who wants us to manage their laptops, running our custom application, through a site-to-site VPN tunnel. We will create a DNS zone hem for them in our internal DNS with some of their servers.  One of their servers is machineA.companyB.com, and another is machineB.northamerica.companyB.com.  Their domain is northamerica.companyB.com.  After creating the second one in Microsoft DNS as a host record DNS automatically created a subzone, northamerica, and placed machineB in it.  My problem is this.  I went to create a host record in companyB.com called "northamerica" and assign it the IP address of one of their domain controllers. Microsoft DNS told me the host record was successfully created but I can
not see it.  The goal was to make "northamerica.companyB.com" resolve to a DC so when joining the northamerica.companyB.com domain the managed laptop will find the DC. So I have two questions. One, is this the recommended way to setup DNS so a laptop can find a DC for a different domain over a site-to-site VPN tunnel? Two, if it is, how do I overcome the apparent inability to creat a host record called "northamerica.companyB.com" if a subzone "northamerica" exists?
0
Comment
Question by:adoughe
  • 2
3 Comments
 
LVL 3

Accepted Solution

by:
chrishudson123 earned 500 total points
ID: 24066073
If you are intending to locate Domain Controller for Active Directiry related needs,like adding/removing/editing AD objetcts,the normal host record is not enough.In DC locator process for ldap queries and updates U need corresponding SRV records.The easy way is configure conditional forwwarding in Ur DNS

1)  Click Start, point to Administrative Tools, and then click DNS.
2)  Right-click ServerName, where ServerName is the name of the server, and then click the Forwarders tab.
3) Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain for which you want to forward queries in the DNS domain box, and then click OK.
4)  In the Selected domain's forwarder IP address box, type the IP address of the first DNS server to which you want to forward, and then click Add.
5) Click OK.


If you just need to resolve northamerica.companyB.com to the DC's IP and add some more machines in each DNS zone.
1)Create a standard primary zone "companyB.com"
2)Create a domain  "NorthAmerica" under "CompanyB.com" DNS Zone.
3)Update the "Same as Parent Folder" with DC name(Same as parent folder means,if somebody is trying to resolve with zone name the DNS will give the corresponding IP as in "Same Parent Folder").The DCs of CompanyB will  be under the zone companyb.com  and NorthAmerica DCs should be Under newly created domain name
        3.a)Click Start, point to Programs or All Programs, point to Administrative Tools, and then click DNS.
         3.b)In the DNS console, expand the server object, expand the Forward Lookup Zones folder,  and then click the folder for the local domain.
         3.c)On the Action menu, click New Host.
         3.d)In the IP address text box, type the IP address of the server's local network adapter.
        3.e)Leave the Name box empty, click Create Associated PTR Record, and then click Add Host.
        3.f)When you receive the "(same as parent folder) is not a valid host name. Are you sure you want to add this record?" message, click Yes.

4)You can add any number hosts records under corresponding name space.Remember this is just to resolving the name to IPs


If you have very few clients which needs this resolution,then there is no need of creatong a DNS.Just update the hosts file(SystemRoot \System32\Drivers\ Etc folder) of each machine with corresponding records.


.
0
 
LVL 1

Author Comment

by:adoughe
ID: 24091726
chrishudson123, thanks for your reply. It was necessary though to do more than you describe. I basically had to duplicate much of what is present in our own DNS for our domain for the CompanyB domain. This included creating the "_msdcs" and other structures in DNS. I will give you credit for answering the question with that caveat. Thanks again...
0
 
LVL 3

Expert Comment

by:chrishudson123
ID: 24093887
That's why I recommended forwarder configuration in case of DC loacte process.U can configure secondary DNS zone or forwarder for this.If you just duplicate the zone details ,now it will be fine.But in future when they add/remove the new DC,U have update the records
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now