Heh.

As y'all probably know, I'm on the way to becoming an MCSE.

Before you all start with the *shun*s, lemme tell you that W2K + AD is a complex beast, and one that for all its "configure your server! It's so easy!" wizards, it needs a thorough knowledge of the system and its consequences to deploy properly first time out.

I can do it - but it's taken a lot of in-depth training and hands-on experience to get to that point.

Now, to address your problems.

The minimum pre-requisites for creating a Windows 2000 domain are:

1. At least one server, and preferably two.
2. An existing DNS namespace, or the ability to create one from scratch.
3. A DNS server with the minimum requirements (IXFR and SRV records - BIND 8.1.2 is the minimum non-Windows DNS server you can use, and Windows NT DNS will not do either. djbdns is not a runner.) All Windows 2000 computers that are to participate in the domain must be using this DNS server.

If you've created your domain (as a new forest) on server DC1, and you want to run DCPROMO.EXE on DC2 to make it a domain controller, then if they're not communicating I would firstly check that DNS is working correctly. I would recommend using a Windows 2000 DNS server.

If it isn't, then you need to revisit that.

If it is, then I would recommend removing AD from both servers by running DCPROMO.EXE and ensuring that forward and reverse lookups work from both computers.

In a pure Windows 2000 environment, you don't need WINS. In fact, I would recommend that you avoid WINS if possible. However, if you have pre-Windows 2000 clients, then you will need WINS because only Windows 2000 onward can use only DNS for name resolution.

So, with fully functional Windows 2000 DNS in place, we can proceed.

Run DCPROMO.EXE on the first budding domain controller, and create your domain as a new forest of domain trees.

Reboot the server.

Now, run DCPROMO.EXE on the second controller, choosing to participate in an existing domain. Choose your domain.

Reboot the server.

Add client computers to the domain, and create user accounts.

Without significant education, Group Policy (that which makes AD worth the pain) is a minefield. Ignore it.

Summary:

Broken DNS is one of the single most prevalent causes of fuxored W2K installations. And what works well enough for interweb browsing may not be sufficient for the more demanding requirements of AD.

Post #77,869 by pwhysall 1/29/03 3:04:56 PM Reply	Heh. As y'all probably know, I'm on the way to becoming an MCSE. Before you all start with the shuns, lemme tell you that W2K + AD is a complex beast, and one that for all its "configure your server! It's so easy!" wizards, it needs a thorough knowledge of the system and its consequences to deploy properly first time out. I can do it - but it's taken a lot of in-depth training and hands-on experience to get to that point. Now, to address your problems. The minimum pre-requisites for creating a Windows 2000 domain are: 1. At least one server, and preferably two. 2. An existing DNS namespace, or the ability to create one from scratch. 3. A DNS server with the minimum requirements (IXFR and SRV records - BIND 8.1.2 is the minimum non-Windows DNS server you can use, and Windows NT DNS will not do either. djbdns is not a runner.) All Windows 2000 computers that are to participate in the domain must be using this DNS server. If you've created your domain (as a new forest) on server DC1, and you want to run DCPROMO.EXE on DC2 to make it a domain controller, then if they're not communicating I would firstly check that DNS is working correctly. I would recommend using a Windows 2000 DNS server. If it isn't, then you need to revisit that. If it is, then I would recommend removing AD from both servers by running DCPROMO.EXE and ensuring that forward and reverse lookups work from both computers. In a pure Windows 2000 environment, you don't need WINS. In fact, I would recommend that you avoid WINS if possible. However, if you have pre-Windows 2000 clients, then you will need WINS because only Windows 2000 onward can use only DNS for name resolution. So, with fully functional Windows 2000 DNS in place, we can proceed. Run DCPROMO.EXE on the first budding domain controller, and create your domain as a new forest of domain trees. Reboot the server. Now, run DCPROMO.EXE on the second controller, choosing to participate in an existing domain. Choose your domain. Reboot the server. Add client computers to the domain, and create user accounts. Without significant education, Group Policy (that which makes AD worth the pain) is a minefield. Ignore it. Summary: Broken DNS is one of the single most prevalent causes of fuxored W2K installations. And what works well enough for interweb browsing may not be sufficient for the more demanding requirements of AD. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #77,879 by boxley 1/29/03 3:23:35 PM Reply	I thought you already were an MSCE you certainly have the knowledge. thanx, bill will work for cash and other incentives [link\|http://home.tampabay.rr.com/boxley/resume/Resume.html\|skill set] "The Mafia was preferable to the state, because it survived by providing services people actually wanted" Murray Rothbard
Post #77,889 by pwhysall 1/29/03 3:44:43 PM Reply	Four out of seven exams done :-) Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #77,907 by tseliot 1/29/03 4:43:21 PM Reply	Hmm. I'll have to research that one. In a pure Windows 2000 environment, you don't need WINS. In fact, I would recommend that you avoid WINS if possible. However, if you have pre-Windows 2000 clients, then you will need WINS because only Windows 2000 onward can use only DNS for name resolution. I've got a bunch of Win95/98 machines on a Win2K-servered/DDNS LAN with no WINS and they work. Or am I reading too much into that statement? I'll go read up/investigate some more. Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10
Post #77,910 by pwhysall 1/29/03 4:57:18 PM Reply	Re: Hmm. I'll have to research that one. Well, in a non-WINS environment, the boxes that rely on NetBIOS resolution will default to being B-nodes, and will broadcast all NetBIOS requests. As broadcasts stop at the router, you can't do this in a routed environment. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #77,914 by pwhysall 1/29/03 5:03:58 PM Reply	Re: Hmm. I'll have to research that one. Well, in a non-WINS environment, the boxes that rely on NetBIOS resolution will default to being B-nodes, and will broadcast all NetBIOS requests. As broadcasts stop at the router, you can't do this in a routed environment. Actually, you can - as long as you don't care about reaching anything beyond the router. End of brainfart :-) Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #77,928 by tseliot 1/29/03 5:44:45 PM Reply	Ah. Thanks for the clarification. Many fears are born of stupidity and ignorance - Which you should be feeding with rumour and generalisation. BOfH, 2002 "Episode" 10

Welcome to IWETHEY!