Discussion:
Adding multiple domains to a forest
(too old to reply)
Kevin Grigorenko
2004-11-28 17:03:01 UTC
Permalink
I've just installed 2003 server and I've installed Active Directory. When I
was installing AD, I created a new forest and a new domain in that forest
called "kevgserver.local." I have my DNS on the same computer. Now, I have
2 domains (.com's) that I would also like to administer on this DC. How do I
add top level domains into the forest that are at the same level as
kevgserver.local? I can't even seem to add a child domain to
kevgserver.local? Is there some other tool other than the three snap-in's to
create these? I tried the management console, but the only option is to
remove AD. I'm definitely confused.
John Negus
2004-11-28 17:16:34 UTC
Permalink
To create a new domain in your forest you will have to run DCPROMO on
another server, that is not already a domain controller, and select
create a new domain in an existing forest.

HTH
--
John Negus
MSEtechnology
--
Post by Kevin Grigorenko
I've just installed 2003 server and I've installed Active Directory.
When I
was installing AD, I created a new forest and a new domain in that forest
called "kevgserver.local." I have my DNS on the same computer. Now, I have
2 domains (.com's) that I would also like to administer on this DC.
How do I
add top level domains into the forest that are at the same level as
kevgserver.local? I can't even seem to add a child domain to
kevgserver.local? Is there some other tool other than the three snap-in's to
create these? I tried the management console, but the only option is to
remove AD. I'm definitely confused.
Kevin Grigorenko
2004-11-28 17:27:07 UTC
Permalink
Thanks John. Does it have to be a physical server? Or is there a way for
the same server to host multiple domains? Or virtual servers?

Also, would this new server become another DC or would there still only be
the original DC?

Thanks,
Kevin Grigorenko
Post by John Negus
To create a new domain in your forest you will have to run DCPROMO on
another server, that is not already a domain controller, and select
create a new domain in an existing forest.
HTH
--
John Negus
MSEtechnology
--
Post by Kevin Grigorenko
I've just installed 2003 server and I've installed Active Directory.
When I
was installing AD, I created a new forest and a new domain in that forest
called "kevgserver.local." I have my DNS on the same computer. Now, I have
2 domains (.com's) that I would also like to administer on this DC.
How do I
add top level domains into the forest that are at the same level as
kevgserver.local? I can't even seem to add a child domain to
kevgserver.local? Is there some other tool other than the three snap-in's to
create these? I tried the management console, but the only option is to
remove AD. I'm definitely confused.
Ulf B. Simon-Weidner [MVP]
2004-11-28 17:46:19 UTC
Permalink
Post by Kevin Grigorenko
Thanks John. Does it have to be a physical server? Or is there a way for
the same server to host multiple domains? Or virtual servers?
Also, would this new server become another DC or would there still only be
the original DC?
Hello Kevin,

There's no possibility to run multiple DCs or Domains on the same
machine, and you need at least one DC for every domain.

Additional to what John wrote: make sure that you have a solid working
DNS-Infrastructure and that the machine you want to promote as DC is
able to resolve all Domains via DNS prior to promoting the machine as
DC.
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Kevin Grigorenko
2004-11-28 17:53:07 UTC
Permalink
Post by Ulf B. Simon-Weidner [MVP]
Post by Kevin Grigorenko
Thanks John. Does it have to be a physical server? Or is there a way for
the same server to host multiple domains? Or virtual servers?
Also, would this new server become another DC or would there still only be
the original DC?
Hello Kevin,
There's no possibility to run multiple DCs or Domains on the same
machine, and you need at least one DC for every domain.
Additional to what John wrote: make sure that you have a solid working
DNS-Infrastructure and that the machine you want to promote as DC is
able to resolve all Domains via DNS prior to promoting the machine as
DC.
Thanks. First question, how do I verify your latter point? I can access
the internet, and I am using 127.0.0.1 as preferred dns on the DC, is this
enough to assume the DNS on the DC is working fine?

Also, my problem is that I am limited to only one Windows Server box. I
have multiple domains that I would like to host on this computer (one
personal and one business). This is more of an IIS/Exchange question, but
should I be able to host email and web for both domains with only one server?

Thanks so much,
Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
John Negus
2004-11-28 20:04:18 UTC
Permalink
Hello Kevin,

You could use something like Microsoft's Virtual Server to house
multiple Virtual PCs on a single server. Though I would not recommend
this for your production LAN because it would be a lot for one machine
to handle and if that machine goes down you would loose everything.

As far as DNS in concerned you would need to create forward lookup zones
for each peer root domain that you create (kevgserver.local and one for
each of the 2 com domains) and all computers need to point their DNS
resolver to the DNS Server.
--
John Negus
MSEtechnology
--
Post by Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
Post by Kevin Grigorenko
Thanks John. Does it have to be a physical server? Or is there a way for
the same server to host multiple domains? Or virtual servers?
Also, would this new server become another DC or would there still only be
the original DC?
Hello Kevin,
There's no possibility to run multiple DCs or Domains on the same
machine, and you need at least one DC for every domain.
Additional to what John wrote: make sure that you have a solid working
DNS-Infrastructure and that the machine you want to promote as DC is
able to resolve all Domains via DNS prior to promoting the machine as
DC.
Thanks. First question, how do I verify your latter point? I can access
the internet, and I am using 127.0.0.1 as preferred dns on the DC, is this
enough to assume the DNS on the DC is working fine?
Also, my problem is that I am limited to only one Windows Server box.
I
have multiple domains that I would like to host on this computer (one
personal and one business). This is more of an IIS/Exchange question, but
should I be able to host email and web for both domains with only one server?
Thanks so much,
Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Kevin Grigorenko
2004-11-28 22:21:14 UTC
Permalink
Hi John,

Thanks again (and Ulf as well, your last response was very thorough and
helpful). Now I am confused about how to setup these dns zones. I have read
a lot about DNS, but I have yet to fall on my exact situation. Let me
explain what my setup is:

I have two .com's, let's call them company.com and personal.com. I have a
LAN with a dynamic IP to broadband. I've setup dynamic dns (through
dyndns.org) to host my DNS servers for both of those and I have a windows
service which regularly posts my dynamic IP to the dyndns servers.

Now, I have created the active directory domain on my LAN called PERSONAL.
I created this as a Primary Lookup Zone. Now, I think that's where I may
have gone wrong, should that have been a Stub Zone or a secondary zone? If
anything, I'm guessing a stub zone - should I just point to my ISPs DNS
servers?

Either way, what kind of forward lookup zone should I create for company.com?

I hope what I've done so far isn't completely wrong :). But let me know if
it is.

Thanks!
Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
Hello Kevin,
You could use something like Microsoft's Virtual Server to house
multiple Virtual PCs on a single server. Though I would not recommend
this for your production LAN because it would be a lot for one machine
to handle and if that machine goes down you would loose everything.
As far as DNS in concerned you would need to create forward lookup zones
for each peer root domain that you create (kevgserver.local and one for
each of the 2 com domains) and all computers need to point their DNS
resolver to the DNS Server.
--
John Negus
MSEtechnology
--
Post by Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
Post by Kevin Grigorenko
Thanks John. Does it have to be a physical server? Or is there a way for
the same server to host multiple domains? Or virtual servers?
Also, would this new server become another DC or would there still only be
the original DC?
Hello Kevin,
There's no possibility to run multiple DCs or Domains on the same
machine, and you need at least one DC for every domain.
Additional to what John wrote: make sure that you have a solid working
DNS-Infrastructure and that the machine you want to promote as DC is
able to resolve all Domains via DNS prior to promoting the machine as
DC.
Thanks. First question, how do I verify your latter point? I can access
the internet, and I am using 127.0.0.1 as preferred dns on the DC, is this
enough to assume the DNS on the DC is working fine?
Also, my problem is that I am limited to only one Windows Server box.
I
have multiple domains that I would like to host on this computer (one
personal and one business). This is more of an IIS/Exchange question, but
should I be able to host email and web for both domains with only one server?
Thanks so much,
Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Ulf B. Simon-Weidner [MVP]
2004-11-29 07:43:33 UTC
Permalink
Post by Kevin Grigorenko
Now, I have created the active directory domain on my LAN called PERSONAL.
I created this as a Primary Lookup Zone. Now, I think that's where I may
have gone wrong, should that have been a Stub Zone or a secondary zone?
If
anything, I'm guessing a stub zone - should I just point to my ISPs DNS
servers?
Either way, what kind of forward lookup zone should I create for company.com?
Hello Kevin,

First clarify if you really want just DNS-domainnames or if you need
separate Active Directory Domains. For the later you'll need two
Servers as mentioned before. If you just need separate DNS-Domains then
configure both as Primary, put the one which reflects your AD-Domain in
AD and allow dynamic updates on that one. Putting the other into AD is
optional, but dynamic updates won't help you here.

To resolve the names internally configure them in the approbiate zone.

To resolve external names internally configure the DNS-Server to
forward to your ISPs DNS-Server.

I strongly assume that the dyndns-name is not the one you use for
accessing your server externaly - you want another DNS-Name, right? If
that is the case you'll have to ask your ISP to configure the name you
want on an external Server as CNAME (=alias) and point it to your
dyndns-name (e.g. in the external zone domain.com: www IN CNAME
yourname.dyndns.org).
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Kevin Grigorenko
2004-12-01 02:21:03 UTC
Permalink
Hi Ulf,
Post by Ulf B. Simon-Weidner [MVP]
First clarify if you really want just DNS-domainnames or if you need
separate Active Directory Domains. For the later you'll need two
Servers as mentioned before. If you just need separate DNS-Domains then
configure both as Primary, put the one which reflects your AD-Domain in
AD and allow dynamic updates on that one. Putting the other into AD is
optional, but dynamic updates won't help you here.
I only need one AD domain. I'm sure I know this, but what do you mean by
allowing dynamic updates on that AD domain?
Post by Ulf B. Simon-Weidner [MVP]
To resolve the names internally configure them in the approbiate zone.
Again, not completely sure what you mean here? Do you just mean adding the
primary forward lookup zones for each one?
Post by Ulf B. Simon-Weidner [MVP]
To resolve external names internally configure the DNS-Server to
forward to your ISPs DNS-Server.
I strongly assume that the dyndns-name is not the one you use for
accessing your server externaly - you want another DNS-Name, right? If
that is the case you'll have to ask your ISP to configure the name you
want on an external Server as CNAME (=alias) and point it to your
dyndns-name (e.g. in the external zone domain.com: www IN CNAME
yourname.dyndns.org).
I didn't know I could ask my ISP to do that. I was actually going to pay
$2/mo per domain to dyndns.org where I can use my real .com, as their
dyndns-name I am using now is just a free service. Is it true that I can
just get around dyndns and ask my ISP to point to my computer? Since I have
a dynamic IP, will that be a problem?
Post by Ulf B. Simon-Weidner [MVP]
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
Thank you!
Kevin Grigorenko
Ulf B. Simon-Weidner [MVP]
2004-12-02 20:19:55 UTC
Permalink
Hi Kevin,
Post by Kevin Grigorenko
I only need one AD domain. I'm sure I know this, but what do you mean by
allowing dynamic updates on that AD domain?
Allow dynamic updates on the properties of the zone which contains the
zone.
Post by Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
To resolve the names internally configure them in the approbiate zone.
Again, not completely sure what you mean here? Do you just mean adding
the primary forward lookup zones for each one?
No - if you want to resolve www.domain.com put a www-record in the
domain.com zone, same for e.g. domain.local.

You need a primary zone for each namespace, not for each record.
Post by Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
To resolve external names internally configure the DNS-Server to
forward to your ISPs DNS-Server.
I strongly assume that the dyndns-name is not the one you use for
accessing your server externaly - you want another DNS-Name, right? If
that is the case you'll have to ask your ISP to configure the name you
want on an external Server as CNAME (=alias) and point it to your
dyndns-name (e.g. in the external zone domain.com: www IN CNAME
yourname.dyndns.org).
I didn't know I could ask my ISP to do that. I was actually going to pay
$2/mo per domain to dyndns.org where I can use my real .com, as their
dyndns-name I am using now is just a free service. Is it true that I can
just get around dyndns and ask my ISP to point to my computer? Since I
have a dynamic IP, will that be a problem?
Yes - it will be a problem if you have a dynamic IP, but you can use
dyndns for the name, e.g. yourname.dyndns.org. Then talk to the people
which are running the authoritative zone for your external domain name,
most likely your ISP, and ask them if they are willing to set up a
CNAME (=alias) named www which points to your dyndns-name. MS is doing
the same, if you try to resolve www.microsoft.com you receive something
like

Name: www.microsoft.com.nsatc.net
Address: 207.46.245.92
Aliases: www.microsoft.com

So there is a alias for www in the microsoft.com DNS-Zone which points
to the record www.microsoft.com.nsatc.net which is a A-Record
(Hostname) for the IP 207.46.245.92. Did you ever type in or recognize
that you are surfing a website on a server which is called
www.microsoft.com.nsatc.net? Would work the same with your domain.

Note that there's only one provider which is able to host your external
namespace in it's DNS-DBs. You are able to pay dyndns to host your real
domain, but if you have a ISP which already hosts your name you'll need
to change that. Both solutions will work. However it depends mostly on
the relationship to your ISP if he's willing to configure the CNAME for
you.
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Kevin Grigorenko
2004-12-04 21:39:08 UTC
Permalink
Hi Ulf,

Everything works! Thanks for all of your help. I found something better
than dyndns.org, zonedit.com, which allows for free redirection to a dynamic
IP. I have a little windows service that publishes my IP on some interval to
zonedit.com, and now everything works. I've even got the MX records setup
correctly, and I've got mail going in and out for both dns-domains! I'm so
surprised everything went so smoothly.

The last thing is that I wanted to make sure I created the www-record
properly in DNS. I added a new primary zone with for both of my dns-names.
Should I have instead right clicked the personal.com or company.com zones and
clicked "New Domain?" What's the difference?

Thanks for all of your help!
Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
Hi Kevin,
Post by Kevin Grigorenko
I only need one AD domain. I'm sure I know this, but what do you mean by
allowing dynamic updates on that AD domain?
Allow dynamic updates on the properties of the zone which contains the
zone.
Post by Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
To resolve the names internally configure them in the approbiate zone.
Again, not completely sure what you mean here? Do you just mean adding
the primary forward lookup zones for each one?
No - if you want to resolve www.domain.com put a www-record in the
domain.com zone, same for e.g. domain.local.
You need a primary zone for each namespace, not for each record.
Post by Kevin Grigorenko
Post by Ulf B. Simon-Weidner [MVP]
To resolve external names internally configure the DNS-Server to
forward to your ISPs DNS-Server.
I strongly assume that the dyndns-name is not the one you use for
accessing your server externaly - you want another DNS-Name, right? If
that is the case you'll have to ask your ISP to configure the name you
want on an external Server as CNAME (=alias) and point it to your
dyndns-name (e.g. in the external zone domain.com: www IN CNAME
yourname.dyndns.org).
I didn't know I could ask my ISP to do that. I was actually going to pay
$2/mo per domain to dyndns.org where I can use my real .com, as their
dyndns-name I am using now is just a free service. Is it true that I can
just get around dyndns and ask my ISP to point to my computer? Since I
have a dynamic IP, will that be a problem?
Yes - it will be a problem if you have a dynamic IP, but you can use
dyndns for the name, e.g. yourname.dyndns.org. Then talk to the people
which are running the authoritative zone for your external domain name,
most likely your ISP, and ask them if they are willing to set up a
CNAME (=alias) named www which points to your dyndns-name. MS is doing
the same, if you try to resolve www.microsoft.com you receive something
like
Name: www.microsoft.com.nsatc.net
Address: 207.46.245.92
Aliases: www.microsoft.com
So there is a alias for www in the microsoft.com DNS-Zone which points
to the record www.microsoft.com.nsatc.net which is a A-Record
(Hostname) for the IP 207.46.245.92. Did you ever type in or recognize
that you are surfing a website on a server which is called
www.microsoft.com.nsatc.net? Would work the same with your domain.
Note that there's only one provider which is able to host your external
namespace in it's DNS-DBs. You are able to pay dyndns to host your real
domain, but if you have a ISP which already hosts your name you'll need
to change that. Both solutions will work. However it depends mostly on
the relationship to your ISP if he's willing to configure the CNAME for
you.
--
Gruesse - Sincerely,
Ulf B. Simon-Weidner
MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Ulf B. Simon-Weidner [MVP]
2004-12-05 13:24:28 UTC
Permalink
Post by Kevin Grigorenko
Hi Ulf,
Everything works! Thanks for all of your help. I found something better
than dyndns.org, zonedit.com, which allows for free redirection to a dynamic
IP. I have a little windows service that publishes my IP on some interval to
zonedit.com, and now everything works. I've even got the MX records setup
correctly, and I've got mail going in and out for both dns-domains! I'm so
surprised everything went so smoothly.
The last thing is that I wanted to make sure I created the www-record
properly in DNS. I added a new primary zone with for both of my dns-names.
Should I have instead right clicked the personal.com or company.com zones and
clicked "New Domain?" What's the difference?
Thanks for all of your help!
Kevin Grigorenko
Hi Kevin,

Glad that everything is working for you now.

I'm not really sure what you did since you didn't mention the names you
created. A dns-domain is just a "folder" underneath a dns-zone, and the
difference is that you are able to manage a zone separatelly, and
especially you are able to transfer a zone to other servers while a
dns-domain which is underneath a zone will always replicate to the same
servers as the zone.

If you wanted to create the www.company.com and www.personal.com
records, and you already had the company.com and personal.com zones it
would have been sufficient to create a new host record called www.
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Ulf B. Simon-Weidner [MVP]
2004-11-28 20:18:54 UTC
Permalink
Post by Kevin Grigorenko
Thanks. First question, how do I verify your latter point? I can access
the internet, and I am using 127.0.0.1 as preferred dns on the DC, is this
enough to assume the DNS on the DC is working fine?
Also, my problem is that I am limited to only one Windows Server box. I
have multiple domains that I would like to host on this computer (one
personal and one business). This is more of an IIS/Exchange question, but
should I be able to host email and web for both domains with only one server?
Hello Kevin,

First of all, set the IP-Adress in the TCP/IP-Properties of the server
to the servers real IP-Adress, not to the loopback-adress 127.0.0.1.
It's registering the adress in DNS and if it's registering 127.0.0.1
and a client requests it's ip it won't be able to connect to the server.

To verify that your DC is running correctly I'd run dcdiag /v and
netdiag /v and search the output for failed tests. If there are any,
get rid of them first.

To verify your DNS-Infrastructure use nslookup. To make real sure that
everything is working I'd run the following commands on every DC
against every other DC and domain (dc1.domain.com is the example I'm
using here):

Nslookup
Dc1.domain.com
(should give you the IP-Adress of DC1)

Set type=NS
Domain.com
(should return all DNS-Servers of domain.com)

Set type=SOA
Domain.com
(should return a DNS-Server which is able to write to the DNS-Database)

Back to your multiple domains on one DC question: Sounds like you are
talking about multiple DNS-Domains and not active directory domains.
You would be able to configure additional DNS-Domains on the same DC,
you just need to configure the records in there manually, e.g. if you
want to host the IIS for www.domain1.com and for www.domain2.com on the
same machine make sure you have the www-record in both zones pointing
to the same machine. You'd be able to use host-headers in IIS to
separate the two requests to different websites. I don't know if you
can host multiple dns-domains on one exchange box, I'd recommend you
ask that question in the exchange or SBS-Newsgroups.

Further if you want to run everything on a single box I suggest you
looking at the Small Business Server Version of Windows Server 2003.

If you want multiple Active Directory domains running on the same box
you need to get Virtual Server or VMWare and run those DCs onto
different virtual machines. This is quite expensive, since you need a
separate licence for every server, so at least 3 (one for the host and
one for every Server).
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
Weblog: http://msmvps.org/UlfBSimonWeidner
WebSite: http://www.windowsserverfaq.org
Loading...