Solved

Will a secondary zone for a domain trust allow me to query by NetBIOS name or just FQDN

Posted on 2011-03-02
7
929 Views
Last Modified: 2012-05-11
I am going to be setting up a forest level trust, I already created the conditional forwarder for the other domain and can ping by FQDN.

I would like to be able to ping by NetBIOS name so I don't always have to type in the FQDN. Would creating a secondary zone allow me to do this or will I still have to use the FQDN.

Is there anything I can do to ping by NetBIOS name to save me typing?
0
Comment
Question by:ThorinO
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 250 total points
ID: 35019822
You can append DNS suffix list on client in order to provide them a complete list of domains.
Each domain name will be processed in the order until the host is found.
Since Server 2008, there is the concept of global zone to realize this:
- http://www.petri.co.il/windows-DNS-globalnames-zone.htm
- http://download.microsoft.com/download/e/2/0/e2090852-3b7f-40a3-9883-07a427af1560/dns-globalnames-zone-deployment.doc
I'm not sure if secondary zone will provide what you want to achieve.
0
 
LVL 11

Assisted Solution

by:willettmeister
willettmeister earned 250 total points
ID: 35019823
If you want to be able to ping by netbios name you are going to have to add the dns suffix for the secondary zone into your dns suffix search order.  If you are doing this on a per machine basis it's in IP settings for the NIC under DNS.  This can be done via GPo also.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020081
Nice, the DNS suffix was what I needed along with the conditional forwarder.

With regard to GNZ I browsed over the links you sent me. Would it be a true statement that GNZ is better for a larger organization that might have lots of DNS suffixes or an IPv6 environment?

We only have 1 conditional forwarder at the moment and I could only see us adding 1 maybe 2 more in the future.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 11

Assisted Solution

by:willettmeister
willettmeister earned 250 total points
ID: 35020140
From reading the offical MS document on GNZ I woudln't rely on it as it probably won't be around for long.  Go pure DNS and you will be better in the long run.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020675
OK, I am going to stick with the conditional forwarders and DNS suffix. I setup a one way external trust and I was able to confirm it works by giving RDP permissions to another user account in the other domain.

What I just tried to do that didn't work was to add user1 from domain2 to domain1into the AD domain admin groups. I only have the option to search in the local domain, do I need to change it to a forest trust instead of external?
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 250 total points
ID: 35020783
you say you added a one-way trust.
so you can add accounts from one domain to the other, but not do the reverse operation.

To do this you need a two-way external trust, or bidirectionnal forest trust.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020994
I ended up setting up a two way forest level trust after raising the forest functional level on domain2 to 2003 server and then I was able to add users from the other domain like I was looking to do, thank you.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now