what are member domains of a Forest
mmccaws2
I'm not familiar with the concept of member domains. They have
main.local forest with 1stmember.local and 2ndmember.local domains.
Are these seperate Forests?
When I do a nslookup -type=ns 2ndmember.local, I see that all the name
servers for the 3 domains are listed. However when I query each name
server the only name server that respond are in the 2ndmember.local
domain. What's not configured on the other name servers that they
don't respond with the answer?
Thanks
Mike
Phillip Windell
news:009a69ae-1912-481f...@l62g2000hse.googlegroups.com...
They are all "members" of the Forest. Any domain is going to be a member of
the Forest, it is just a matter of what "level" they exist at. A forest can
have many "trees" [Root domains],...these in your example are all domains at
the "top",...at the same "level",...with each representing its own separate
"tree" within the Forest. If you create any Child Domains under
these,...then they reflect "branches" within each "tree" that they are part
of.
I have never created a model like this,...probably never would,...so I have
no real personal experience with that one,...So,..if my illustration is
flawed then I will stand corrected by anyone who has more experience with
that model who can correct me.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
James Yeomans BSc, MCSE
if there are multiple trees. The root domain is the first domain created in
the forest and contains the schema admins and enterprise admins groups. A DC
in the root domain also holds the schema master role and the domain naming
master role.
--
James Yeomans, BSc, MCSE
mmccaws2
<JamesYeomansBScM...@discussions.microsoft.com> wrote:
> Hi, Forests can have multiple domains but they only have 1 root domain, even
> if there are multiple trees. The root domain is the first domain created in
> the forest and contains the schema admins and enterprise admins groups. A DC
> in the root domain also holds the schema master role and the domain naming
> master role.
> --
> James Yeomans, BSc, MCSE
>
> "Phillip Windell" wrote:
The name servers list that came back from nslookup -type=ns
2ndmember.local query with
ns1.2ndmember.local
ns2.2ndmember.local
ns3.2ndmember.local
ns1.1stmember.local
ns1.main.local
ns2.main.local
the only name servers that responded to the query were from the
2ndmember.local domain.
I'm trying to understand why nslookup reported that these servers were
authorative and yet when directly queried, there was no response from
the name servers from domains 1stmember.local and main.local. The
computer that ran the query was not a member of any of these domains.
Thanks
Mike
Phillip Windell
wrote in message news:626988DC-598B-4413...@microsoft.com...
> Hi, Forests can have multiple domains but they only have 1 root domain,
> even
> if there are multiple trees. The root domain is the first domain created
> in
> the forest and contains the schema admins and enterprise admins groups. A
> DC
> in the root domain also holds the schema master role and the domain naming
> master role.
Ok, so other than me refering to the trees as roots, the rest is correct?
What is the best way to describe the relationship of the first Domain (root)
to the trees?,..both including and not including the one it is in?
James Yeomans BSc, MCSE
(the ones i mentioned previously). Trees are linked by a 2 way transitive
trust that flows between the domains at the top of each tree. It actualy sits
at the same level as the rest of the domains at the top of their respective
trees and just has a bit of extra responsibility. Hope that makes sense
James :)
--
James Yeomans, BSc, MCSE
Phillip Windell
> The key to the forest root is the forst level roles and groups that it
> stores
> (the ones i mentioned previously). Trees are linked by a 2 way transitive
> trust that flows between the domains at the top of each tree. It actualy
> sits
> at the same level as the rest of the domains at the top of their
> respective
> trees and just has a bit of extra responsibility. Hope that makes sense
> James :)
Makes sense to me. It is kinda like the similar concept that two DCs in AD
are "peers" yet one (typically the first) has the PDC role so it has a
little more work to deal with.
Thanks James..
mmccaws2
> "James Yeomans BSc, MCSE" <JamesYeomansBScM...@discussions.microsoft.com>
> wrote in messagenews:20108C50-E9B4-4C10...@microsoft.com...
So, why do wouldn't all name servers listed listed in the response
(nslookup -type=ns 2ndmember.local) answer a query?
mmccaws2
It turns out there was a firewall that I wasn't aware of in-between my
computer and the dns servers .
Thanks for your help
Phillip Windell
> It turns out there was a firewall that I wasn't aware of in-between my
> computer and the dns servers .
That's why networks need to be documented or at minimum be designed and
layed out simple enough so that you can just "look at it" and know what is
there. There should not be firewalls and routers that you don't know are
there.
--
Phillip Windell
mmccaws2
> "mmccaws2" <mmcc...@comcast.net> wrote in message
Amen!!