Problem solve Get help with specific problems with your technologies, process and projects.

Tom Shinder Q&A: DNS and Active Directory

Author Tom Shinder fields questions on the role Domain Name System (DNS) plays in Microsoft Active Directory.

Author Tom Shinder fields user questions on DNS and Active Directory in a followup to his Sept. 6 searchWin2000 live expert Q&A.

Q:While installing Active Directory I got an error "The network location can not be reached." What do you think the problem is? I set up the DNS before installing AD.

A:Make sure the server is using itself as a DNS server. If this is the first Domain Controller in the domain, there won't be any information about the domain in DNS. This is a normal error and you can dismiss it. Make sure the DNS server is configured to accept Dynamic updates and when you restart the server the AD records will be placed in DNS.

Q: How much or little do you subdomain your Active Directory DNS domains? At what point do you receive negligible returns to efficiency, administration, maintenance, hardware costs (5-7 DNS subdomains on one end of the spectrum vs. 49 DNS subdomains on the opposite end) For example: the two schools of thought are 1) Subdomain down to the office level (we have 49 global locations, proposing an ADI DNS domain for each of these locations, resulting in 49 domains) OR 2) manage ADI DNS domains from a higher levelminimal approach of North,,,

A: The ideal situation is to have a single internal domain, and then, using organizational units to manage resources on the internal network. Managing domains at an office level is too unwieldy. The regional approach is best. You should also consider the link speeds that join the DCs in the same domain and the costs of those links. That might help you optimize your domain partitioning scheme.

Q: Does Win2k based DHCP need to be employed to provide consistency in the Active Direcgtory/DNS/DHCP integration, or can router based (Cisco) DHCP be employed?

A:I recommend using the Win2k DHCP. The router-based DHCP will not integrate with Active Directory or the Win2k DDNS and cannot proxy update records for downlevel clients or Win2k clients.

Q:My old NT network consisted of two domains, one for the internal network and one for the Web server. I am converting to Win2k server. Should I keep two separate domains and install AD/DNS on my Web server (separate domain). How should I configure this?

A:If you have a dedicated domain for the Web Server, you might want to leave your name resolution scheme as it is. You probably don't need DDNS for the external domain, and you can easily get away with static entries for a small zone. You will benefit more by using DDNS on your internal network, and therefore you should consider installing Active Directory and DDNS servers on the AD internal network.

Q: What is the best way to use DNS with Windows 2000 when it is already established in a UNIX environment, and the Unix team will not give up control of DNS to a Microsoft product. The UNIX DNS server is V8.2.1 or higher.

A:The best way to deal with this situation is to create a subdomain dedicated to the Win2k Active Directory environment. For example, if the corporate domain is, you can create a subdomain called or something similar. The UNIX guys can create a referred to your Win2k DNS servers for the domain.

Dig Deeper on Windows systems and network management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.