We have a Bind DNS and a new Active Directory. Another department controls the DNS and will not allow dynamic updates. What records need to be added to the DNS to allow the AD domain (i.e ADname) to be found without putting in the full DNS domain name (i.e ADname.domain.com)? Mr. Incredible

You are going to have a tough time without dynamic updates and no control over DNS to get AD up, running, and remain healthy. Are you using the same domain name that is being stored on the BIND server? If not, are the DNS admins open to simply creating a delegation record to DNS servers managed by you which are used by the AD domain? DNS is critical for AD, did the DNS folks not attend the planning sessions for this AD implementation? Visit: anITKB.com, an IT Knowledge Base.

Each DC creates a file called %SystemRoot%\System32\Config\Netlogon.dns that contains its entries that need to be in DNS, you can grab them from there. not saying you should do it, but if the cold hard political reality is you have no choice, then at least the DC's spit out the data for you to throw at the DNS admins.

Hi, The Active Directory Directory Service netlogon will register SRV records and host records for Kerberos/LDAP services. SRV Records That Are Registered by Net Logon SRV Resource Record Description _ldap._tcp. DnsDomainName . Enables a client to locate a server that is running the LDAP service in the domain named DnsDomainName. The server is not necessarily a domain controller — that is, the only assumption that can be made about the server is that it supports the LDAP application programming interface (API). All Windows Server 2003–based domain controllers register this SRV record (for example, _ldap._tcp.contoso.com.). _ldap._tcp. SiteName . _sites. DnsDomainName . Enables a client to locate a server that is running the LDAP service in the domain named DnsDomainName in the site named SiteName. SiteName is the relative distinguished name of the site object that is stored in the Configuration container in Active Directory. All Windows Server 2003 and later based domain controllers register this SRV record (for example, _ldap._tcp.charlotte._sites.contoso.com.). _ldap._tcp.dc._msdcs. DnsDomainName . Enables a client to locate a domain controller (dc) of the domain named DnsDomainName. All Windows Server 2003 and later based domain controllers register this SRV record. _ldap._tcp. SiteName . _sites.dc._msdcs. DnsDomainName . Enables a client to locate a domain controller for the domain named DnsDomainName and in the site named SiteName. All Windows Server 2003 and laterbased domain controllers register this SRV record. _ldap._tcp.pdc._msdcs. DnsDomainName . Enables a client to locate the server that is acting as the primary domain controller (PDC) in the mixed-mode domain named DnsDomainName. Only the PDC emulator master of the domain (the Windows Server 2003 and laterbased domain controller that advertises itself as the primary domain controller to computers that need a primary domain controller) registers this SRV record. _ldap._tcp.gc._msdcs. DnsForestName . Enables a client to locate a global catalog (gc) server for this forest. Only domain controllers that are functioning as gc servers for the forest named in DnsForestName register this SRV record (for example, _ldap._tcp.gc._msdcs.contoso.com.). _ldap._tcp. SiteName . _sites.gc._msdcs. DnsForestName . Enables a client to locate a global catalog (gc) server for this forest in the site named in SiteName. Only domain controllers that are serving as gc servers for the forest named in DnsForestName register this SRV record (for example, _ldap._tcp.charlotte._sites.gc._msdcs.contoso.com.). _gc._tcp.DnsForestName. Enables a client to locate a global catalog (gc) server for this domain. The server is not necessarily a domain controller. Only a server that is running the LDAP service and functioning as the GC server for the forest named DnsForestName registers this SRV record (for example, _gc._tcp.contoso.com.). In Windows Server 2003 and later, a GC server is a domain controller. Other implementations of directory services (that are not Windows Server 2003 or later implementations) can also register servers as GC servers. _gc._tcp.SiteName. _sites.DnsForestName. Enables a client to locate a global catalog (gc) server for this forest in the site named SiteName. The server is not necessarily a domain controller. Only a server that is running the LDAP service and functioning as the GC server for the forest named DnsForestName registers this SRV record (for example, _gc._tcp.charlotte._sites.contoso.com.). _ldap._tcp. DomainGuid . domains._msdcs. DnsForestName . Enables a client to locate a domain controller in a domain on the basis of its GUID. A GUID is a 128-bit number that is automatically generated for referencing objects in Active Directory — in this case, the domain object. This operation is expected to be infrequent; it occurs only when the DnsDomainName of the domain has changed, the DnsForestName is known, and DnsForestName has not also been renamed (for example, _ldap._tcp.4f904480-7c78-11cf-b057-00aa006b4f8f.domains. _msdcs.contoso.com.). All domain controllers register this SRV record. _kerberos._tcp. DnsDomainName . Enables a client to locate a server that is running the Kerberos KDC service for the domain that is named in DnsDomainName. The server is not necessarily a domain controller. All Windows Server 2003 and later based domain controllers that are running an RFC 1510–compliant Kerberos KDC service register this SRV record. _kerberos._udp. DnsDomainName . Same as _kerberos._tcp.DnsDomainName, except that UDP is implied. _kerberos._tcp. SiteName . _sites. DnsDomainName . Enables a client to locate a server that is running the Kerberos KDC service for the domain that is named DnsDomainName and is also in the site named SiteName. The server is not necessarily a domain controller. All Windows Server 2003 and later based domain controllers that are running an RFC 1510–compliant Kerberos KDC service register this SRV record. _kerberos._tcp.dc._msdcs. DnsDomainName . Enables a client to locate a domain controller that is running the Windows Server 2003 or later implementation of the Kerberos KDC service for the domain named in DnsDomainName. All Windows Server 2003 and later based domain controllers that are running the KDC service (that is, that implement a public key extension to the Kerberos v5 protocol Authentication Service Exchange subprotocol) register this SRV record. _kerberos.tcp. SiteName . _sites.dc._msdcs. DnsDomainName . Enables a client to locate a domain controller that is running the Windows Server 2003 implementation of the Kerberos KDC service for the domain that is named DnsDomainName and that is also in the site named SiteName. All Windows Server 2003 and later based domain controllers that are running the KDC service (that is, that implement a public key extension to the Kerberos v5 protocol Authentication Service Exchange subprotocol) register this SRV record. _kpasswd._tcp.DnsDomainName. Enables a client to locate a Kerberos Password Change server for the domain. All servers that provide the Kerberos Password Change service (which includes all Windows Server 2003 and later based domain controllers) register this name. This server must at least conform to the Kerberos Change Password Protocol. (For more information about this draft, see the Microsoft Platform SDK.) The server is not necessarily a domain controller. All Windows Server 2003 and later based domain controllers that are running an RFC 1510–compliant Kerberos KDC service register this SRV record. _kpasswd._udp.DnsDomainName. Same as _kpasswd._tcp.DnsDomainName, except that UDP is implied. Host (A) Resource Record Description DnsDomainName . Enables a non-SRV-aware client to locate any domain controller in the domain by looking up an A record. A name in this form is returned to the LDAP client through an LDAP referral. A non-SRV-aware client looks up the name; an SRV-aware client looks up the appropriate SRV resource record. gc._msdcs. DnsForestName . Enables a non-SRV-aware client to locate any global catalog server in the forest by looking up an A record. A name in this form is returned to the LDAP client through an LDAP referral. A non-SRV-aware client looks up this name; an SRV-aware client looks up the appropriate SRV resource record.

Thanks to all who responded! We have the dns delegation for our domain. However any attempt to join the domain by specifying only the domain will fail with the following error: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The domain name ds might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration. DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain ds: The query was for the SRV record for _ldap._tcp.dc._msdcs.domain The following domain controllers were identified by the query: domain.controller1.dns.name domain.controller2.dns.name Common causes of this error include: - Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We used wireshark to determine that it is getting the correct ip addresses returned from its dns query, so I am stumped. Adding the domain will result in successfully joining the domain. Thanks, in advance for any assistance. Mr. IMr. Incredible

These look like awkward FQDN names for DCs: domain.controller1.dns.name domain.controller2.dns.name So, when you attempt to join the domain if you use the NetBIOS name, the workstation will attempt to resolve the name using NetBIOS name resolution. If you provide the FQDN, such as corp.com, the workstation will attempt to resolve the name using the host name resolution process. Check your workstations IP configuration and make sure its using the correct client DNS settings. Then whatever DNS servers the client is configure to use, make sure that those DNS server either host the AD zone, or the proper delegation records are in place. Finally, use the FQDN when joining the domain. Visit: anITKB.com, an IT Knowledge Base.