Windows Tips & Tricks UPDATE--June 28, 2004

Windows Tips &amp Tricks UPDATE, June 28, 2004, —brought to you by the Windows &amp .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com

Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This Issue Sponsored By

Dantz Development Corporation
http://www.dantz.com/windotnet

Windows & .NET Magazine
http://www.winnetmag.com/rd.cfm?code=fsep204xup

Sponsor: Dantz Development Corporation

Download Dantz Development Corporation's "Building a Backup Strategy for SMBs" white paper. The guidelines presented in this white paper can help SMBs establish a reliable backup strategy to safeguard the integrity of data and guarantee quick, easy, and accurate restores. When it comes to data protection, most SMBs do not have the technical resources that are available to larger corporations, but with careful planning, an SMB can design and implement a business-class backup strategy that protects all of the company's data. Examine the challenges SMBs face in protecting critical business data and learn about designing a reliable data protection strategy that is easy to implement and maintain. A free trial download of Retrospect backup software is also available.
http://www.dantz.com/windotnet

FAQs

Q. How can I enable a connection to a machine over RDP and through a firewall?
Q. When I use Dcpromo to create a child domain, why do I receive an error saying that the domain name is already in use when in fact no domain with that name exists?
Q. What's the DNS _msdcs zone for the forest root domain used for?
Q. How can I create the DomainDNSZones directory partition?
Q. How can I create the ForestDNSZones directory partition?

Commentary
by John Savill, FAQ Editor, [email protected]

This week, I tell you how to enable a connection to a system over RDP and through a firewall, how to resolve an error when using Dcpromo to create a child domain, and what the DNS _msdcs zone is used for. I also explain how to create the DomainDNSZones and ForestDNSZones application directory partitions.

Sponsor: Windows & .NET Magazine

Get 2 Sample Issues of Windows & .NET Magazine!
Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month!
http://www.winnetmag.com/rd.cfm?code=fsep204xup

FAQs

Q. How can I enable a connection to a machine over RDP and through a firewall?

A. RDP operates over TCP port 3389. Therefore, to enable connectivity to any machine on the network through a firewall you must open this port. Alternatively, if you have to connect to a particular system on a LAN, configure port forwarding on the firewall to send traffic from port 3389 to the specific computer to which you want to connect.

Q. When I use Dcpromo to create a child domain, why do I receive an error saying that the domain name is already in use when in fact no domain with that name exists?

A. The error you're receiving occurs when the child domain name conflicts with the name of any object. If I try to add the child domain "test" to the domain savilltech.com, I'd receive the error that the figure at http://www.winnetmag.com/content/content/43112/dcpromoerror.gif shows if any other object (e.g., a user, a group, an organization unit--OU) in the savilltech.com domain has the name "test." If you want to use an existing name for a new domain, you must rename the existing object before you name the new domain.

Q. What's the DNS _msdcs zone for the forest root domain used for?

A. Active Directory (AD) uses DNS as its locator service to support the various types of services that AD offers, such as Global Catalog (GC), Kerberos, and Lightweight Directory Access Protocol (LDAP). Other non-Microsoft services can be advertised in the DNS, including--but not restricted to--non-Microsoft implementations of LDAP and GC. However, sometimes clients might need to contact a Microsoft-hosted service. For that reason, each domain in DNS has an _msdcs subdomain that hosts only DNS SRV records that are registered by Microsoft-based services. The Netlogon process dynamically creates these records on each domain controller (DC). The _msdcs subdomain also includes the globally unique identifier (GUID) for all domains in the forest and a list of GC servers.

If you install a new forest on a system that runs Windows Server 2003 and let the Dcpromo wizard configure DNS, Dcpromo will actually create a separate zone called _msdcs.&ltforest name&gt on the DNS server. This zone is configured to store its records in a forestwide application directory partition, ForestDNSZones, which is replicated to every DC in the forest that runs the DNS service. This replication makes the zone highly available anywhere in the forest.

Q. How can I create the DomainDNSZones directory partition?

A. Windows Server 2003 typically creates an application directory partition to hold the DNS information that's replicated only to domain controllers (DCs) that are DNS hosts. If you upgraded from an earlier version of Windows, this partition might not exist. You can create it by performing these steps:

Start the Microsoft Management Console (MMC) DNS snap-in (click Start, select Programs, then click Administrative Tools, DNS).
Right-click the DNS server name and select "Create Default Application Directory Partitions." A window like the figure at http://www.winnetmag.com/content/content/43112/dnscreateapppart.gif appears.
Click Yes when asked whether you want to create a single partition for all DNS servers in the domain.

You can also create the DomainDNSZones partition from the command line. To create a partition for only the domain in which the DNS server resides, execute the command

dnscmd &ltDNS server&gt /CreateBuiltinDirectoryPartitions /Domain

where &ltDNS server&gt is the name of your DNS server. To create a partition for every domain in the forest, execute the command

dnscmd &ltDNS server&gt /CreateBuiltinDirectoryPartitions /AllDomains

Q. How can I create the ForestDNSZones directory partition?

A. Windows Server 2003 typically creates an application directory partition to hold the DNS information that's replicated only to domain controllers (DCs) that are DNS hosts in the forest. If you upgraded from an earlier version of Windows, this partition might not exist. You can create it by performing these steps:

Start the Microsoft Management Console (MMC) DNS snap-in (click Start, select Programs, then click Administrative Tools, DNS).
Right-click the DNS server name and select "Create Default Application Directory Partitions."
Click No when asked whether you want to create a single partition for all DNS servers in the domain.
Click Yes when asked whether you want to create a single partition for all DNS servers in the forest.

To create the ForestDNSZones partition from the command line, execute the command

dnscmd &ltDNS server&gt /CreateBuiltinDirectoryPartitions /Forest

where &ltDNS server&gt is the name of your DNS server.

Announcements
(from Windows &amp .NET Magazine and its partners)

Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"

This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.
http://www.WindowsITlibrary.com/ebooks/exchangeserver2003/index.cfm?code=0628emailannc

Windows Connections October 24-27, Orlando, Florida.

Save these dates for the Fall 2004 Windows Connections conference, which will run concurrently with Microsoft Exchange Connections. Register early and receive admission to both conferences for one low price. Learn firsthand from Microsoft product architects and the best third-party experts. Go online or call 800-505-1201 for more information.
http://www.winconnections.com

New--Best Practices for Managing Software Packaging and Pre-Deployment Preparation

In this free Web seminar, you'll learn best practices for managing software packaging and pre-deployment preparation. Discover how your organization can benefit from managing the workflow of the pre-deployment process to cut time and costs. Plus, you'll learn about different business scenarios that show ROI improvements from accurate workflow management. Register now!
http://www.winnetmag.com/seminars/softwaredeployment/index.cfm?code=0628emailannc

Events Central
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )

Get Smart! Evaluate Your Options in the Entry-Level Server Market

Comparing the options in the server market, including the decision to purchase an OEM-supplied server versus building your own, can be a daunting task. This free Web seminar provides an introduction to entry-level servers, evaluates the current market of entry-level servers, and assesses the value of vendor-supplied service and support. Register now!
http://www.winnetmag.com/seminars/entrylevelservers/index.cfm?code=0628emailannc

Comments

Plain text