Hi all,
is it possible to use two UCS Active Directory Server with an external DNS-Server? What zones i have to create manually on the external DNS so that domain logon from Win-Clients is possible?
Thank you very much for your help!
Hi,
do you mean your Windows clients use the “external” domain controller to resolve?
I would suggest to add a slave zone on your “external DNS” with the UCS as master just for the UCS domain.
This way your clients will be able to get all information they need regarding the ucs domain.
/CV
Yes. We are an university institute with an subdomain and subnet from the central it service. institute.uni.de with the subnet for example 1.1.1.0-254. we have to use the external dns, no internal domain. it works fine with microsoft active directory and win2016 server. now i want to switch to ucs. our central it service tells me that they only want the SRV-records.
Does anybody use ucs with an external dns?
Hi,
if I get it right your central service wants to be authoritative for the UCS domain? OR what do you mean with “only want the SRV records”?
Still unsure what you mean with “use the external dns”?
If you have a subdomain called “institute.uni.de” and your UCS server should be the domain controller the UCS needs to be the authoritative for this subdomain. But you will never have the possibility to edit any entries in uni.de.
So yes, you can use UCS for this scenario and give the UCS server as forward dns servers the existing servers from your IT service. Thus you will be the one administrating your subdomain and everything “outside” this domain is controlled by your IT service.
/CV
The Problem is that we have to use DHCP and DNS from our IT service. So we can`t use ucs as DNS server. Is this a problem for using ucs as domain controller? If i understand correctly the dns server tells the clients where to find the domain controller (SRV-records). So why i do have to use dns on ucs?
Hi,
You need to understand the way DNS works. You have an authoritative server who is responsible for all entries within his domain. THis is the UCS server. And he has to be as he maintains all settings regarding the domain. As far as I understood you have now two options:
Option 1:
“Give” your IT service all the names and IP addresses from your domain. Then your clients will have a working environment. As long as you do not want to change an entry.
Option 2:
Let your IT service DNS server be a slave for your subdomain. Thus, it will answer all requests and will be always up to date with the correct settings.
I would prefer option 2, obviously. IT does not have the possibility to break things in case your IT service does not update his entries fast enough.
/CV