How to reference a Domain Controller out of the Local Network?

Posted by Adrian on Server Fault See other posts from Server Fault or by Adrian
Published on 2012-08-29T17:54:25Z Indexed on 2012/08/30 3:40 UTC
Read the original article Hit count: 512

We have multiple servers scattered over different hosting providers. For learning, experimenting and, ultimately, production purposes, I set one of them as a Domain Controller.

That went well, most of our services are now authenticating via AD, which helps us a lot.

What I want to do now is to simplify the authentication for the multiple servers, by making each of them look at the Domain Controller. This way, our Devs can log into (Remote Desktop) the multiple servers with the same credentials from AD.

I know I have to configure each server to look at the Domain Controller.

But when I try to add the Domain Controller to the Computer, it cannot find it, although the Domain Controller address is a valid, reachable internet sub-domain (as in "ad.ourcompany.com").

enter image description here


This is the detailed error message:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain ad.ourcompany.com:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.ad.ourcompany.com

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

109.188.207.9
109.188.207.10

- One or more of the following zones do not include delegation to its child zone:

ad.ourcompany.com
ourcompany.com
com
. (the root zone)

For information about correcting this problem, click Help.

What am I missing?

I'm an experienced Dev, but a newbie Sysdamin experimenting with new stuff.

Disclaimer

All IP addresses and domains/subdomains were changed to preserve security. If by any chance you still can see private information, please let me know so that I can change it.

© Server Fault or respective owner

Related posts about active-directory

Related posts about subdomain