when creating new Forest does it need to be published? 2

[blade10]

All-

When creating a new disparate Forest does it need to be published with an ISP in order for the administrator to create a trust to it from the Admin's corporate domain?

Is the only way to see this forest root domain is by having its parent dns name placed on an ISP's name server.


thanks for any info at all and have a Happy New Year\

blade

 

[TechyMcSe2k]

when you say disparate Forest; what are you meaning? Is it physically located somewhere else (ISP Hosting?) or what? Is it remote, but accessible through a VPN?

 

[blade10]

Techy,

I just mean that it is a physical site and carries a different parent dns namespace, in the Windows text books they call this a separate or "disparate" forest. So I would need to make a one way trust from this trusting forest to the trusted forest which is my corporate forest.

Thanks for all the info you've provided.

blade

 

[58sniper]

Well, in order to establish the trust, the two forests need to be able to get name resolution for the other. You can create lookup zones for the other forest in each forest, which generally works fine. Then, you can create your trust.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[TechyMcSe2k]

In your other post

http://www.tek-tips.com/viewthread.cfm?qid=1521697

I replied to add DNS forwarders. I believe this would pertain to this slightly different question you have here as well.

 

[blade10]

All-

Thanks again, so I set up DNS lookup zones on both trusting and trusted and created the trust..

I will not be incorporating SID filtering via netdom at this moment but that could change..

any comments on this please feel free.

thanks

blade

 

[blade10]

All-

Another brief one for those that know better, should I be creating secondary zones ? or primary ones? based on the one way trust I'm creating, I'm not sure...

thanks for any info

blade

 

[TechyMcSe2k]

Have Primaries in your root domains for those domains only. Secondaries are not needed if you set up DNS forwarders to the other domain to resolve that domain name.

 

[blade10]

Thanks Techy!

blade

 

[blade10]

techy,

let me ask you this...

my manager didn't like the name convention I used for this domain root DC.. I know it's not good practice to just rename it but there isn't anything replicating to this DC (forest root) server at this point.. how can I make sure that once I just change the name that it won't hold any old information on the box from the previous name i.e- right now I see the workstation domain name is the older name yet the computer name is reflecting the new name that I just changed it to.. is there a quick and dirty clean up tool I could use so I don't have to go thru a demotion process and start over?

thanks for any info

blade

 

[TechyMcSe2k]

There are a few cleanup tools for Group Policy and Exchange...read on to find more and I'll let you know.

http://www.msexchange.org/tutorials/Domain-Rename.html

 

[TechyMcSe2k]

http://technet.microsoft.com/en-us/windowsserver/bb405948.aspx

great docs in here down on the right side for download

 

[blade10]

Hi techy

I ended up demoting the server and starting over.. clean metadata etc..

thank you though, I appreciate your support

blade

 

[unclerico]

Star for Techy for providing yet another outstanding solution.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)