Windows 2003 Domain Tree
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Windows 2003 Domain Tree

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Windows 2003 Domain Tree

    I got a few question about a Windows 2003 Active Directory Structure and DNS.

    I got 2 servers in two different city that I want to start a fresh installation of Windows 2003 Server. I'm wondering if my DNS and Active Directory structure are possible?

    Case #1

    Antionline.com as parent Domains
    City1.Antionline.com as child domains
    City2.Antionline.com as child domains

    Question : Can Antionline.com and City1.Antionline.com domains be on the SAME Server? I'm pretty sure for DNS, it's possible but I'm not sure if a domains tree and a domain can exist on the same server.

    My goal to achived in this case :
    1) City1 create a parent domain (Antionline.com)
    2) City1 use the same server to create a child domaine nam (City1.Antionline.com)
    3) City2 created a child domain name (City2.Antionline.com)
    4) City2 computer DNS name should be computer.city2.antionline.com
    5) City1 computer DNS name should be computer.city1.antionline.com

    Case #2

    Antionline.com as Domains
    City1.Antionline.com as Primary DNS
    City2.Antionline.com as Primary DNS

    Question : Can Antionline.com and City1.Antionline.com be on the same computer and how to force computer at city1 to have the dns name like computer.city1.antionline.com

    My goal to achived in this case :
    1) City1 created a domain (Antionline.com)
    2) City1 use the same server to create a primary dns (City1.Antionline.com)
    3) City2 created a primary dns(City2.Antionline.com)
    4) City2 computer DNS name should be computer.city2.antionline.com
    5) City1 computer DNS name should be computer.city1.antionline.com

    Thank for the answer!
    -Simon \"SDK\"

  2. #2
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    That should be possible...I'd contact your host to ask them how to set it up exactly, unless you're that host. If that's the case, I don't know enough about DNS yet to be much of any help.

    (I'm fairly sure from my experience with Server 2003 that it is possible, though.

    Good luck...
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Yeap, I want to be the host.
    -Simon \"SDK\"

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Since I don't get reply. Any of you know good site to ask this type of question? Thank you.
    -Simon \"SDK\"

  5. #5
    Member
    Join Date
    Dec 2003
    Posts
    43
    One question, why do you want to name your domains this way? It seems that you have a small network and you probably want to keep it as simple as possible.

    You can make just one Active Directory which spans both sites. Just specify your subnets and intersite transports in Active Directory Sites and Services mmc module so that replication works. Then you can have just

    example.com

    Active Directory domain, with different sites in the AD, and Organizational Units for each of the sites if you need to get fancy with rights, and group policy.


    If you are talking just about dns, sure, you can do what you want. But, if you mean Active directory as well, a single server can only host one Active Directory Domain. so, if the server in city one hosts

    example.com for a domain, it cannot also host city1.example.com

    You could call the forest in which these domains live

    example.com

    with the domains

    city1.example.com etc.

    Or you could make two domains city1.example.com and city2.example.com and create a trust relationship without having them both in the same forest(would be better if they were just in the same forest).

    Or you could just make one domain and seperate the rights and such using Organizational units and group policy.

    I have got an Active Directory domain which spans 8 offices all in "example.com".



  6. #6
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    My VPN/Internet Connection is kind of unstable. So I want be sure that my 2 sites will not go down if it cannot reach my AD. That why I'm was looking forward to 2 child domain with one parent domain.

    But I'm checking some info about the Active Directory's global catalog witch is use to to authenticate both computer and user logons. If I could recreated a global catalog at my second site like a Read-Only Copie of my AD, I would probably be happy.

    tabich; it's impossible to created a parent and child domain on the same computer? Right?
    -Simon \"SDK\"

  7. #7
    Member
    Join Date
    Dec 2003
    Posts
    43
    You can have more than one global catalog, that should not be a problem.

    As far as I know it is impossible to host parent and child active directories on the same box.

    We have a site which has an unstable connection as well, it is on the list of things to fix, but not high priority as they do not complain very loudly.

    They have a copy of the global catalog on their server, and can log in just fine.

    As far as I know you cannot make a read only version. Since in Active Directory, all domain controllers are equal, there is not really a primary/ and backup. Though there are some single master operation roles which are owned by a single dc.

  8. #8
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    global catalog are read only version of Active Directory, Right?
    -Simon \"SDK\"

  9. #9
    Member
    Join Date
    Dec 2003
    Posts
    43
    essentially, but, ANY domain controller can make changes to Active Directory by default(may be able to limit this), it is not like NT where there were clearly defined roles for domain controllers, where backups were just that, backups, and all changes needed to happen on the primary. Therefore, if you have a global catalog on each domain controller(and I believe the global catalog MUST be on a domain controller), it is NOT read only.

    The catalog may be read only, but since the dc can modify it .....

    I was just trying to say that you wont have two servers of which only one of them can modify the catalog.

    EDIT:::
    I understood you to say that you wanted one of them to be read only.

  10. #10
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    So what I need to install a global catalog in city2. Can this be done without installing AD on the server? If not, if I install a AD in city2, can it be part on the same domain that the one I created in city1?
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •