Questions

HOw to join wind 7 to 2003 AD domain without DNS server

+
0 Votes
Locked

HOw to join wind 7 to 2003 AD domain without DNS server

dorahoney
Hi all

I am new to this stuff and have an issue which I cannot correct without causing havoc on my domain.

I have a 2003 R2 Domain which the previous IT person had not setup DNS he uses the DNS from the ISP on all the computers ( which is a mega NO NO as I know it) anyway the issue is that now I need to add windows 7 Prof clients to the domain and I am not having any luck.

Running nslookup on the windows 7 client produces the IP and name of the DNS of the ISP. I am able to ping the Domain server from the win 7 computer.

The Domain Controller does not have DNS setup at all.
There exists 6 VPN setup by the ISP toremote offices which run a custom SQL program.

As we all know wind 7 relies on DNS for mappings and so on how do I get to join this new wind 7 computer to the existing domain with the least amount of chaos now.

FYI a new server 2008 domain controller will join the domain in under a month and I was thinking on setting DNS services up on it and removing the ISP DNS from the clients then replacing the DNS IP on the clients and then setting up a forwarder on the new server DNS to the ISP's DNS.

The issue is NOW what can I do to get this wind 7 computer joined to the domain ?
Two if I do as I state above with the new server setting up DNS will I affect the VPN's??

Thanks in Advance for any help
  • +
    0 Votes
    seanferd

    Otherwise, I'm not entirely sure about how the home networking aspect of 7 works, but you should be able to join the workgroup/"domain".

    Note that your only problem here might not be the lack of a local DNS server. For example, http://support.microsoft.com/kb/926505

    I can't believe there you have a whole business network relying on NXDOMAIN responses from an ISP DNS server so that local resolution occurs. Insane! Especially since it is AD without DNS. It will be far better once you get a DNS server going.

    "Running nslookup on the windows 7 client produces the IP and name of the DNS of the ISP. I am able to ping the Domain server from the win 7 computer."

    What are you looking up? If you look up your internal "domain name" or whatever it is, the ISP DNS server should return NXDOMAIN. Then WINS or NetBIOS or whatever would take over and resolve locally. (But you won't see that via nslookup.)

    Order in which the above occurs: local resolver cache, hosts file, DNS, WINS, NetBIOS name cache, NetBIOS, lmhosts file.

    +
    0 Votes
    dorahoney

    THe hosts file was the first thing I tried but no change.

    I know that without DNS it is crazy but I did not do it I found it like that the issue is now how to make the change with the least amount of downtim and problems. There are 6 VPN to remote sites and I am afriad as I dont know what and how they are setup that if i setup a DNS internal it will effect the VPN's. If that happens then I am screwed because the remote sites will not be able to bill....

    I was thinking once I get the new server 2008 up and installed to set it up as a internal DNS and having a forwarder in the DNS to the ISP DNS.

    Now a question here is if I have a present domain as XXX.eu and I setup an internal DNS should I set it up as local.XXX.eu and then have the forwarder in DNS point to the ISP's or should I use the XXX.eu on the internal DNS as well ?? which would mean I would change the internal pc to logon to local.XXX.eu is this correct or do I have it wrong ?

    THanks for your answers

    +
    1 Votes
    Kenone

    Win 7 turns it off by default

    +
    0 Votes
    dorahoney

    Did this nochange still cannot add win 7 prof c0omputer to the domain

    +
    0 Votes
    CG IT

    no DNS zone for the domain = broken Active Directory

    Active Directory will not work without DNS services. USers can't log on to the domain, access resources through the domain...so on and so forth...

    I've not heard of any ISP that will provide DNS services to businesses for their Active Directory domain...Unless the business has specifically contracted for "Cloud" services or NOC services.

    If that's the case, it's up to the Cloud provider or NOC to allow the workstation to join the domain. Typically, the Cloud provider or NOC will ship a preconfigured workstation.

    So try again.....

    +
    0 Votes
    dorahoney

    Active DIrectory has been working for 9 years with windows xp computers being able to join the domain and share files and folders and scripts running.
    Now with WINDOWS 7 Prof we have a problem they cant join the domain.

    +
    0 Votes
    CG IT

    there has to be a DNS server for the domain zone. So, if your Active Directory is working, you have a DNS server for the domain zone.

    Here's a microsoft technet article on Active Directory and DNS and how the two are intergrated and work together.

    http://technet.microsoft.com/en-us/library/cc759550(WS.10).aspx

    Now, here's your hint of how to get Windows 7 to join a domain. Note: this information is available on Microsoft's technet in a KB article if you care to simply look.

    "Windows 7 needs the DNS suffix as a "helper" .

    +
    0 Votes

    The DNS role is installed with (or before) Active Directory. It has to be there somwehre as others have mentioned. If you run an nslookup for your domain, Windows should return a local DNS server somewhere. Since you mention all Windows Clients are using public DNS, logon to the domain controller (or a domain controller if more than one) and run a lookup, should report which DNS servers are being used.

    Once you find the local DNS server, you can fix the clients on the local network and get them using your internal DNS. For external access, create a forwarder to the ISP DNS Servers.

    This will help make your environment more secure and get Windows 7 clients to join the domain more easily.

    +
    0 Votes
    dorahoney

    OK after running a nslookup on the DC it comes back with the ISP DNS..

    Maybe it would be better to go the following route;
    At the moment I have a domain qwert.eu with a DC - ABC.qwert.eu which after running a nslookup it points the ISP DNS. All clients have the ISP DNS (setup before my time)
    All XP computers are able to join the domain without a problem however wind 7 Prof cannot.

    I am thinking of doing the following introduce a wind 2008 server with dns inside my domain. The domain will be changed to local.qwert.eu so the new domain name for the existing DC will be ABC.local.qwert.eu and will point to the new 2008 server DNS where I will setup a forwarder to the ISP DNS

    Present setup new setup

    Domain qwert.eu Domain local.qwert.eu
    DNS is ISP DNS introduce 2008 server with DNS
    2003 DC name ABC (ABC.qwert.eu) new name for 2003 DC will be
    ABC.local.qwert.eu
    All clients point to ISP DNS all clients now point to the new 2008
    server which has a forwarder to
    the ISP DNS
    Would the above setup be a good solution witht he least amount of downtime ?

    +
    0 Votes
    dorahoney

    Sorry the things got joined

    Present setup ------- new setup

    Domain qwert.eu --------- Domain local.qwert.eu
    DNS is ISP DNS ---------- introduce 2008 server with DNS
    2003 DC name ABC (ABC.qwert.eu) --------- new name for 2003 DC will be
    ABC.local.qwert.eu
    All clients point to ISP DNS --------- all clients now point to the new 2008 server which has a forwarder to the ISP DNS
    Would the above setup be a good solution with the least amount of downtime ?

    +
    0 Votes
    CG IT

    as the DNS suffix [as a helper (append DNS suffix) ] in the TPC/IP advanced DNS properties of the network card.

    if in fact the ISP hosts your DNS server thus provides name resolution for your internal company domain, it should direct the DNS query for the IP address of your domain controller to your internal company domain controller thus allow authentication and joining the workstation to the domain.

    If your ISP does not provide name resolution services for your internal company domain, then you have to find out what DNS server does. DNS simply is name resolution to IP address. when trying to join a domain, you use the domain name. If there is no DNS server which can say domain.com = IP address [of Domain controller] then the query will always fail because the workstation can not find the domain controller.

    +
    0 Votes
    rdzaman

    As I know that to join domain need to give DNS address in the workstation to point the Domain. I have seen other company to install XP Images on the PC's and joining Domain without any DNS information on the workstation.

    Right now where I am working need to implement the same procedure. If any one give me some guidence to help me out from this situation.

  • +
    0 Votes
    seanferd

    Otherwise, I'm not entirely sure about how the home networking aspect of 7 works, but you should be able to join the workgroup/"domain".

    Note that your only problem here might not be the lack of a local DNS server. For example, http://support.microsoft.com/kb/926505

    I can't believe there you have a whole business network relying on NXDOMAIN responses from an ISP DNS server so that local resolution occurs. Insane! Especially since it is AD without DNS. It will be far better once you get a DNS server going.

    "Running nslookup on the windows 7 client produces the IP and name of the DNS of the ISP. I am able to ping the Domain server from the win 7 computer."

    What are you looking up? If you look up your internal "domain name" or whatever it is, the ISP DNS server should return NXDOMAIN. Then WINS or NetBIOS or whatever would take over and resolve locally. (But you won't see that via nslookup.)

    Order in which the above occurs: local resolver cache, hosts file, DNS, WINS, NetBIOS name cache, NetBIOS, lmhosts file.

    +
    0 Votes
    dorahoney

    THe hosts file was the first thing I tried but no change.

    I know that without DNS it is crazy but I did not do it I found it like that the issue is now how to make the change with the least amount of downtim and problems. There are 6 VPN to remote sites and I am afriad as I dont know what and how they are setup that if i setup a DNS internal it will effect the VPN's. If that happens then I am screwed because the remote sites will not be able to bill....

    I was thinking once I get the new server 2008 up and installed to set it up as a internal DNS and having a forwarder in the DNS to the ISP DNS.

    Now a question here is if I have a present domain as XXX.eu and I setup an internal DNS should I set it up as local.XXX.eu and then have the forwarder in DNS point to the ISP's or should I use the XXX.eu on the internal DNS as well ?? which would mean I would change the internal pc to logon to local.XXX.eu is this correct or do I have it wrong ?

    THanks for your answers

    +
    1 Votes
    Kenone

    Win 7 turns it off by default

    +
    0 Votes
    dorahoney

    Did this nochange still cannot add win 7 prof c0omputer to the domain

    +
    0 Votes
    CG IT

    no DNS zone for the domain = broken Active Directory

    Active Directory will not work without DNS services. USers can't log on to the domain, access resources through the domain...so on and so forth...

    I've not heard of any ISP that will provide DNS services to businesses for their Active Directory domain...Unless the business has specifically contracted for "Cloud" services or NOC services.

    If that's the case, it's up to the Cloud provider or NOC to allow the workstation to join the domain. Typically, the Cloud provider or NOC will ship a preconfigured workstation.

    So try again.....

    +
    0 Votes
    dorahoney

    Active DIrectory has been working for 9 years with windows xp computers being able to join the domain and share files and folders and scripts running.
    Now with WINDOWS 7 Prof we have a problem they cant join the domain.

    +
    0 Votes
    CG IT

    there has to be a DNS server for the domain zone. So, if your Active Directory is working, you have a DNS server for the domain zone.

    Here's a microsoft technet article on Active Directory and DNS and how the two are intergrated and work together.

    http://technet.microsoft.com/en-us/library/cc759550(WS.10).aspx

    Now, here's your hint of how to get Windows 7 to join a domain. Note: this information is available on Microsoft's technet in a KB article if you care to simply look.

    "Windows 7 needs the DNS suffix as a "helper" .

    +
    0 Votes

    The DNS role is installed with (or before) Active Directory. It has to be there somwehre as others have mentioned. If you run an nslookup for your domain, Windows should return a local DNS server somewhere. Since you mention all Windows Clients are using public DNS, logon to the domain controller (or a domain controller if more than one) and run a lookup, should report which DNS servers are being used.

    Once you find the local DNS server, you can fix the clients on the local network and get them using your internal DNS. For external access, create a forwarder to the ISP DNS Servers.

    This will help make your environment more secure and get Windows 7 clients to join the domain more easily.

    +
    0 Votes
    dorahoney

    OK after running a nslookup on the DC it comes back with the ISP DNS..

    Maybe it would be better to go the following route;
    At the moment I have a domain qwert.eu with a DC - ABC.qwert.eu which after running a nslookup it points the ISP DNS. All clients have the ISP DNS (setup before my time)
    All XP computers are able to join the domain without a problem however wind 7 Prof cannot.

    I am thinking of doing the following introduce a wind 2008 server with dns inside my domain. The domain will be changed to local.qwert.eu so the new domain name for the existing DC will be ABC.local.qwert.eu and will point to the new 2008 server DNS where I will setup a forwarder to the ISP DNS

    Present setup new setup

    Domain qwert.eu Domain local.qwert.eu
    DNS is ISP DNS introduce 2008 server with DNS
    2003 DC name ABC (ABC.qwert.eu) new name for 2003 DC will be
    ABC.local.qwert.eu
    All clients point to ISP DNS all clients now point to the new 2008
    server which has a forwarder to
    the ISP DNS
    Would the above setup be a good solution witht he least amount of downtime ?

    +
    0 Votes
    dorahoney

    Sorry the things got joined

    Present setup ------- new setup

    Domain qwert.eu --------- Domain local.qwert.eu
    DNS is ISP DNS ---------- introduce 2008 server with DNS
    2003 DC name ABC (ABC.qwert.eu) --------- new name for 2003 DC will be
    ABC.local.qwert.eu
    All clients point to ISP DNS --------- all clients now point to the new 2008 server which has a forwarder to the ISP DNS
    Would the above setup be a good solution with the least amount of downtime ?

    +
    0 Votes
    CG IT

    as the DNS suffix [as a helper (append DNS suffix) ] in the TPC/IP advanced DNS properties of the network card.

    if in fact the ISP hosts your DNS server thus provides name resolution for your internal company domain, it should direct the DNS query for the IP address of your domain controller to your internal company domain controller thus allow authentication and joining the workstation to the domain.

    If your ISP does not provide name resolution services for your internal company domain, then you have to find out what DNS server does. DNS simply is name resolution to IP address. when trying to join a domain, you use the domain name. If there is no DNS server which can say domain.com = IP address [of Domain controller] then the query will always fail because the workstation can not find the domain controller.

    +
    0 Votes
    rdzaman

    As I know that to join domain need to give DNS address in the workstation to point the Domain. I have seen other company to install XP Images on the PC's and joining Domain without any DNS information on the workstation.

    Right now where I am working need to implement the same procedure. If any one give me some guidence to help me out from this situation.