Prev: NetUserGetLocalGroups in multi-domain AD environment
Next: Application Not installed
From: southpaw on 20 Sep 2008 11:32
Excellent info !. thank for sharing..
btw I think is a great improved in Windows 2008 AD DS . It was one of those
overlooked and easy make mistakes when adding a child domain..


"Kevin D. Goodknecht Sr. [MVP]" <admin(a)nospam.WFTX.US> wrote in message
news:%23hh4Orn1IHA.548(a)TK2MSFTNGP06.phx.gbl...
> Read inline please.
>
> In news:OEqeigl1IHA.6112(a)TK2MSFTNGP02.phx.gbl,
> - <-> wrote:
>> Greetings,
>>
>> I am upgrading our forest from 2000 to 2008. It appears that in 2008
>> adding the DC into the delegated zones is now mandatory, and that
>> seems to be a reasonable change due to the fact that this step can be
>> otherwise overlooked. However, this may present a problem in
>> practice though, because child domain admins don't have rights to
>> update the root DNS zone. Is this a "feature" that I will have to
>> work around, i.e. not installing DNS until the DCpromo is complete
>> then asking the root admin to manually update the delegated zone? I
>> guess I should add that I am of the opinion that it should not be
>> required that a root admin have to be involved in any part of a child
>> domain DCpromo. Anyway, since it's not on Google (yet) below is the
>> message:
>> ------------------------------------------------------------------------------------------------------------
>> Update DNS Delegation
>>
>> Access is denied.
>>
>> To ensure that this domain controller can be found by other computers
>> on the network, you must create a DNS delegation in the parent zone
>> for this domain (xxxxx.com). Please enter alternate credentials to
>> create this delegation.
>> ------------------------------------------------------------------------------------------------------------
>
> You should actually create the delegation before your promote the first
> child DC if the child's zone is going to be hosted on the chld DCs. This
> will prevent the child domain records being created in the parent zone
> when you promote the child DCs.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>


 | 
Pages: 1
Prev: NetUserGetLocalGroups in multi-domain AD environment
Next: Application Not installed