Solved

Will a secondary zone for a domain trust allow me to query by NetBIOS name or just FQDN

Posted on 2011-03-02
7
943 Views
Last Modified: 2012-05-11
I am going to be setting up a forest level trust, I already created the conditional forwarder for the other domain and can ping by FQDN.

I would like to be able to ping by NetBIOS name so I don't always have to type in the FQDN. Would creating a secondary zone allow me to do this or will I still have to use the FQDN.

Is there anything I can do to ping by NetBIOS name to save me typing?
0
Comment
Question by:ThorinO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Accepted Solution

by:
Tasmant earned 250 total points
ID: 35019822
You can append DNS suffix list on client in order to provide them a complete list of domains.
Each domain name will be processed in the order until the host is found.
Since Server 2008, there is the concept of global zone to realize this:
- http://www.petri.co.il/windows-DNS-globalnames-zone.htm
- http://download.microsoft.com/download/e/2/0/e2090852-3b7f-40a3-9883-07a427af1560/dns-globalnames-zone-deployment.doc
I'm not sure if secondary zone will provide what you want to achieve.
0
 
LVL 11

Assisted Solution

by:willettmeister
willettmeister earned 250 total points
ID: 35019823
If you want to be able to ping by netbios name you are going to have to add the dns suffix for the secondary zone into your dns suffix search order.  If you are doing this on a per machine basis it's in IP settings for the NIC under DNS.  This can be done via GPo also.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020081
Nice, the DNS suffix was what I needed along with the conditional forwarder.

With regard to GNZ I browsed over the links you sent me. Would it be a true statement that GNZ is better for a larger organization that might have lots of DNS suffixes or an IPv6 environment?

We only have 1 conditional forwarder at the moment and I could only see us adding 1 maybe 2 more in the future.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 11

Assisted Solution

by:willettmeister
willettmeister earned 250 total points
ID: 35020140
From reading the offical MS document on GNZ I woudln't rely on it as it probably won't be around for long.  Go pure DNS and you will be better in the long run.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020675
OK, I am going to stick with the conditional forwarders and DNS suffix. I setup a one way external trust and I was able to confirm it works by giving RDP permissions to another user account in the other domain.

What I just tried to do that didn't work was to add user1 from domain2 to domain1into the AD domain admin groups. I only have the option to search in the local domain, do I need to change it to a forest trust instead of external?
0
 
LVL 11

Assisted Solution

by:Tasmant
Tasmant earned 250 total points
ID: 35020783
you say you added a one-way trust.
so you can add accounts from one domain to the other, but not do the reverse operation.

To do this you need a two-way external trust, or bidirectionnal forest trust.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35020994
I ended up setting up a two way forest level trust after raising the forest functional level on domain2 to 2003 server and then I was able to add users from the other domain like I was looking to do, thank you.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question