?
Solved

Will a secondary zone for a domain trust allow me to query by NetBIOS name or just FQDN

Posted on 2011-03-02
7
Medium Priority
?
944 Views
Last Modified: 2012-05-11
I am going to be setting up a forest level trust, I already created the conditional forwarder for the other domain and can ping by FQDN.

I would like to be able to ping by NetBIOS name so I don't always have to type in the FQDN. Would creating a secondary zone allow me to do this or will I still have to use the FQDN.

Is there anything I can do to ping by NetBIOS name to save me typing?
0
Comment
Question by:ThorinO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 1000 total points
ID: 35019822
You can append DNS suffix list on client in order to provide them a complete list of domains.
Each domain name will be processed in the order until the host is found.
Since Server 2008, there is the concept of global zone to realize this:
- http://www.petri.co.il/windows-DNS-globalnames-zone.htm
- http://download.microsoft.com/download/e/2/0/e2090852-3b7f-40a3-9883-07a427af1560/dns-globalnames-zone-deployment.doc
I'm not sure if secondary zone will provide what you want to achieve.
0
 
LVL 11

Assisted Solution

by:willettmeister
willettmeister earned 1000 total points
ID: 35019823
If you want to be able to ping by netbios name you are going to have to add the dns suffix for the secondary zone into your dns suffix search order.  If you are doing this on a per machine basis it's in IP settings for the NIC under DNS.  This can be done via GPo also.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020081
Nice, the DNS suffix was what I needed along with the conditional forwarder.

With regard to GNZ I browsed over the links you sent me. Would it be a true statement that GNZ is better for a larger organization that might have lots of DNS suffixes or an IPv6 environment?

We only have 1 conditional forwarder at the moment and I could only see us adding 1 maybe 2 more in the future.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 11

Assisted Solution

by:willettmeister
willettmeister earned 1000 total points
ID: 35020140
From reading the offical MS document on GNZ I woudln't rely on it as it probably won't be around for long.  Go pure DNS and you will be better in the long run.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020675
OK, I am going to stick with the conditional forwarders and DNS suffix. I setup a one way external trust and I was able to confirm it works by giving RDP permissions to another user account in the other domain.

What I just tried to do that didn't work was to add user1 from domain2 to domain1into the AD domain admin groups. I only have the option to search in the local domain, do I need to change it to a forest trust instead of external?
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 1000 total points
ID: 35020783
you say you added a one-way trust.
so you can add accounts from one domain to the other, but not do the reverse operation.

To do this you need a two-way external trust, or bidirectionnal forest trust.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020994
I ended up setting up a two way forest level trust after raising the forest functional level on domain2 to 2003 server and then I was able to add users from the other domain like I was looking to do, thank you.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question