2

I am in the process of purchasing a domain, but I do not own it yet. I setup my domain controller as internal.domain.com.

The problem I'm running into is in connecting my workstations to my domain. I'm wondering if the reason is because the domain is actually pointing to a different IP address when I do an nslookup from the workstation. Basically, I don't want to waste too much time trying to figure out why my workstation is telling me "The active directory domain controller (AD DC) could not be contacted..." if the reason is that I don't actually own the domain yet.

And, just so I'm sure it isn't another problem I have the following setup:

Server (DC)
==============================
IP:              192.168.0.2
Subnet Mask:     255.255.255.0
Default Gateway: 192.168.0.1
Preferred DNS:   192.168.0.2

Workstation
==============================
IP:              DHCP
Subnet Mask:     
Default Gateway: 
Preferred DNS:   192.168.0.2

So, I don't think it's the network settings...

michael
  • 171
  • 1
  • 6

1 Answers1

4

You can run an authoritative DNS server for any domain you want. "Ownership" has nothing to do with it. You describe a scenario where the client computer is using the DNS server at 192.168.0.2. This DNS server is the domain controller (DC) and, presumably, is hosting a forward lookup zone for "internal.domain.com". As such, this DNS server is considered "authoritative" for that zone and will answer requests for it. You could name your domain "microsoft.com" or "whitehouse.gov" and either would work fine even though, you clearly don't "own" either of those. What matters is the answers returned by the DNS server used by clients.

Some things to check out:

  • What is the output you see from an nslookup internal.domain.com on a client?

  • What is the output from nslookup nslookup -type=SRV _kerberos._tcp.dc._msdcs.internal.domain.com from a client?

  • What does the same output for both of the above look like on the DC? (It should look the same)

  • Open the DNS Management console on the DC and verify that there is a forward lookup zone for "internal.domain.com" and "_msdcs.internal.domain.com".

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • I gave you the checkmark because you answered the main point of the question. But, I created a new question as a follow up since your answer indicates that using a domain that I don't have ownership of (yet) doesn't matter. I've answered your followup questions in the new question: http://serverfault.com/questions/466722/what-are-all-the-possible-causes-of-the-an-active-directory-domain-controller – michael Jan 14 '13 at 00:45