Active directory without SRV records 1

[redwhip]

I have a problem with a customer who has only one domain controller.
They have AD installed on A DC which points to a Unix box as its DNS server. This unix box does not support SRV records and is authorative for the AD domain which is a subdomain of the customers main domain name.
Now I always thought that the DNS server which is authoritive for the AD domain needs to support SRV but this network seems to run entirely using WINS. Suprisingly it works very well.
The problem is that they now need a 2nd Domain controller and I'm thinking that this 2nd domain controller won't be able to join the domain because there are no SRV records.
Is this correct?
Has anybody come across this situation before?

 

[ProfFate]

It is not possible to run AD with WINS, you have to have DNS and yes it needs to support SRV records. Double check and see where the DC and clients are pointing for their DNS. Double check to make sure DNS is or isn't running on that DC. What version of Bind is running on the Unix servers?

MikeL

 

[GlenJohnson]

ProfFate is 100% correct. AD cannot run on wins, it needs dns. The server must be a primary master controller, and the machine you want to install will be the secondary master controller. I'm guessing the dns server is pointing to itself first, and the unix box is just setting there. Good luck.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin check out Tek-Tips in Chicago, Illinois Forum.

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[redwhip]

OK the DC and the clients point to the Unix box for DNS,
I have done an nslookup query to the Unix box and no srv records are found.
I have also done this query on the DC
There is a FL zone on the DC for the domain as well but it has just the basic records in it. (No LDAP/GC/kerberos etc).
Could it be that in pre W2k Compatability mode with a single domain controller that it will just run using WINS?

I know all of the manuals say it only runs on DNS but this seems to have proved otherwise.

 

[ProfFate]

Sorry no WINS what-so-ever! Check to see what version of BIND is running on the UNIX servers. Maybe you aren't querying the UNIX servers correctly. Maybe the SRV records are there, but you aren't seeing them. Again no WINS period.

MikeL

 

[redwhip]

OK so does anybody know why the SRV records would be hidden on a FreeBSD box?
All I can see are MX, A, NS, and CNAME.

Also Proflate have you tried/experienced this before or are you just telling me what the book says?

I know how DNS works with AD and have worked with W2K server since it was released at many sites but have never seen this before. I have MCSE/DBA CCNA I know the facts from the books but there are no SRV records anywhere not even in the Unix machine zone file.

I'm now wondering now if this was changed in some way after it was installed and never put right.

 

[jrbmcse1]

Hi both,

this sounds interesting, i'm sure u could authenticate to a mixed mode domain using WINS and NTLMv2. Im sure the original domain could have been set up without SRV records, i have first hand experience of this when acidentally not setting the DC to register it's own connection but you will not be able to join another DC, there will be no replication taking place either. You will need srv records so the dfs and ntfrs process will function corectly. i reckon a small single site domain could actually function reasonably well without DNS, no DNS dependant feature will work though, ie kerberos authentication, sites, replications, etc etc



cheers

 

[redwhip]

Thanks JRB Glad I'm not the 1st person to notice this!

I'm now thinking of creating the AD subdomains (_tcp,_udp,_msdcs, and _sites) on the BSD box and somehow delegating them to the DNS server on the domain controller as they now need a 2nd DC.

I believe this is done in the zones file.

Has anybody been adventurous enough to try this before?