Enhance description of --no-msdcs in man page

Fixes https://fedorahosted.org/freeipa/ticket/2972

1 files changed, 25 insertions, 1 deletions

diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1
index dc48ac8c..13f11100 100644
--- a/install/tools/man/ipa-adtrust-install.1
+++ b/install/tools/man/ipa-adtrust-install.1
@@ -45,7 +45,31 @@ The IP address of the IPA server. If not provided then this is determined based
 The NetBIOS name for the IPA domain. If not provided then this is determined based on the leading component of the DNS domain name.
 .TP
 \fB\-\-no\-msdcs\fR
-Do not create DNS service records for Windows in managed DNS server
+Do not create DNS service records for Windows in managed DNS server. Since those
+DNS service records are the only way to discover domain controllers of other
+domains they must be added manually to a different DNS server to allow trust
+realationships work properly. All needed service records are listed when
+ipa\-adtrust\-install finishes and either \-\-no\-msdcs was given or no IPA DNS
+service is configured. Typically service records for the following service names
+are needed for the IPA domain which should point to all IPA servers:
+.IP
+\(bu _ldap._tcp
+.IP
+\(bu _kerberos._tcp
+.IP
+\(bu _kerberos._udp
+.IP
+\(bu _ldap._tcp.dc._msdcs
+.IP
+\(bu _kerberos._tcp.dc._msdcs
+.IP
+\(bu _kerberos._udp.dc._msdcs
+.IP
+\(bu _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
+.IP
+\(bu _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
+.IP
+\(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
 .TP
 \fB\-U\fR, \fB\-\-unattended\fR
 An unattended installation that will never prompt for user input