migrating NT 4 to 2003 and client DNS issues

[marcoz123]

Migrating from NT 4.0 to Win 2003 R2 I have used the following steps.
However, I seem to have a "lack of understanding" of the DNS system
on W2k3 and XP. After the migration steps are finished, the XP system
can not join the pre-existing domain. DNS does not resolve the domain
name from the DNS server unless the client, XP has it’s DNS pointing to
the domain controller.

The migration steps (brief).
An existing NT 4 domain is called win-dom. A second system is installed
with NT 4 server and joined the win-don domain and then promoted to
primary domain controller. This new NT 4 server PDC is then upgraded
to win 2003 R2 server. Active dir and DNS is installed. Global catalog
is changed to the new server and vuwalla, all the user accounts are there.
A clean, new hardware server is installed with win 2003 R2 and active dir
is setup so this is a domain controller. The server responsibilities for PDC
are transferred to the new, clean installed 2003 server. NETDIAG and DCDIAG
all run with out error. Some complaints about not having wins installed so that
will not be tested.

The university maintains a DNS system and all of the 300+ windows clients
I have are registered with this system. For the most part, all of these clients
get their IP, DNS, DEFgate, WINs info from the campus DHCP server. Other than
registering new systems, I have no administrator access to this bind system.

When the XP client’s dns is pointing to the campus bind system and it tries to join the
win-dom domain, an error is produced indicating that the win-dom domain can not be found. As far as I know, win-dom is a NetBIOS name used for the PDC emulator
running on the new server. Is the XP client’s dns is pointing to the system
running the PDC, a.b.c.edu, all works as expected.

Any suggestions would be greatly appreciated.

--marc

 

[Roadki11]

Probably just need to add an hostA record to the bind dns server pointing to win-dom/ip. Windows 2k3 dns is critical to network functionality, any chance you can setup the clients to look at the 2k3 server for primary dns and have the 2k3 server forward unknown lookups off to the bind server?

RoadKi11

 

[marcoz123]

Thanks RoadKi11. I’ve tried that but am a bit confused about
the difference between NetBIOS names and IP names and how
these things are resolved.

The domain name the XP clients want to join is called win-dom
while the IP name of the server is a.b.c.edu. I’ve tried adding
an alias of win-dom to the host record for a.b.c.edu but no go.

If I do as you say, “set the clients to use the w2k3 DNS server and
send other unknown requests to the campus server, it works. However,
I don’t want to visit 300+ clients! This should work with what they
get from the campus bind system.

 

[nevets2001uk]

Roadkill's suggestion of ideally getting clients using the W2K3 dns would be the preference if possible.

For AD to function it requires dynamic DNS and support for SRV records. What version of bind are you running. I believe (if my MCSE knowledge is sticking!) that version 8.2.2 has these and can support AD. I'm not sure how configuration for this would be setup but it is an option.

Steve G (MCSE / MCSA:Messaging)

 

[marcoz123]

You guys are great! Thanks for the speedy responses.

I know this sounds like the correct thing to do. And that would
be fine if Microsoft products were the only thing in the universe,
however, it’s not a very practical solution. Besides, I like the
idea of not having to fuss with IP and DNS number more than
once times 300!

The campus DNS system does not apparently support/allow
dynamic DNS updates/entries and that sort of make sense as far
as security goes. There must be another solution to this and I’m
sure my situation is not unique.

When a client wants to join a domain “win-dom” for example,
how does it resolve the name?

If the client DNS is pointing to the campus DNS server and
win-dom.b.d.edu is defined as an alias for the actual server
a.b.c.edu that’s running the PDC, it fails! Can’t find “win-dom”

If the client DNS is pointing to the actual server running the PDC,
it resolves the win-dom name correctly.
I can’t find any mention of “win-dom” in any of the PDC server’s
DNS stuff.

Thanks again for all the help

 

[Roadki11]

Try this, instead of joining the xp workstations to win-dom, try joing them to the FQDN, probably something like win-dom.something.something.edu. Now the netbios domain name can be different than the FQDN so it might not be win-dom.something.something.edu, look at the dns zone on the 2k3 server for the real domain name.

RoadKi11

 

[nevets2001uk]

One thing to note. If you did move the clients to Windows DNS you can use Secure Dynamic Updates which does mean only authenticated domain computers can register in DNS, making it pretty safe. You could use DHCP to push out the DNS settings which should make for a pretty seamless move from your current setup.

If you have to stick with your current DNS server then you can try Roadkill's suggestion. I don't know enough about BIND setup etc to help.

Steve G (MCSE / MCSA:Messaging)