Microsoft Active Directory Support Observations and Questions
Martin McCormick
martin at dc.cis.okstate.edu
Tue Aug 10 17:11:55 UTC 2004
I am setting up bind to support Microsoft Active Directory and
using the method recommended in DNS and Bind 4TH Edition. It mostly
works, but the customer has added a new wrinkle to make things
more interesting. He has a couple of Active Directory domains within
his main domain, or at least that is the best way I can describe it.
The main domain, we'll call a.okstate.edu. Then he's got
b.a.okstate.edu and c.a.okstate.edu.
The one thing I can't stress enough is that there are no short
cuts in setting this up, or at least that is what I am learning.
I set up the 7 zones for a.okstate.edu and let the controller
for that zone update bind for all the zones. That works as expected.
I hoped that b.a.okstate.edu and c.a.okstate.edu could use the
root zone of a.okstate.edu, but no such luck. I had to make a root
zone of b.a.okstate.edu and c.a.okstate.edu as well as the 6 zones of
the general form _msdcs.c.a.okstate.edu and _sites.b.a.okstate.edu.
At the branch level of b.a.okstate.edu and c.a.okstate.edu, I
gave only the controllers for those domains permission to update them.
This morning, my customer reported that he was still seeing start
errors on the controllers. The controllers for b.a.okstate.edu and
c.a.okstate.edu wanted to update _msdcs.a.okstate.edu with a Cname
record pointing to b.a and c.a.
Does anyone know if there is any procedure I can recommend to
the client to cause his domain controllers to try to register again so
that we can speed up the fault isolation process? The controllers I
have been watching seem to retry hourly which is pretty slow when one
is trouble-shooting.
I got the impression that except for those Cname records,
everything else may be working.
If you try this sort of thing yourself, patience is a virtue.
It is easy to make and overlook mistakes because of the repetitive
nature of the setup you have to install. Shell scripts are wonderful
for automating that repetition.
Martin McCormick WB5AGZ Stillwater, OK
OSU Information Technology Division Network Operations Group
More information about the bind-users
mailing list