I've inherited a Windows 2000 Native mode environment with 10 Domain controllers in a Single forest and multi child domains and I am doing clean up. There are DNS servers on about 8 of the 10 DCs. How can I tell if this DNS infrastructure is AD Integrated? If it is not AD Integrated, what steps do i need to take to move it AD-Integrated

Also, on some of the DNS servers, when I go to the DNS MMC and right click on the server, the "configure this server" option is available to me. On others, it is not. Does it mean that it is not configured? I do see zones on these particular servers tho

Any help would be greatly appreciated. Thanks.

In news:4F69874C-F8F9-40C9-A1F7-(E-Mail Removed),
Ken <(E-Mail Removed)> posted a question
Then Kevin replied below:
> I've inherited a Windows 2000 Native mode environment with 10 Domain
> controllers in a Single forest and multi child domains and I am doing
> clean up. There are DNS servers on about 8 of the 10 DCs. How can I
> tell if this DNS infrastructure is AD Integrated? If it is not AD
> Integrated, what steps do i need to take to move it AD-Integrated?

Use the DNS console to open Forward Lookup Zones, in the right hand pane it
will list the zone name and zone type.

>
> Also, on some of the DNS servers, when I go to the DNS MMC and right
> click on the server, the "configure this server" option is available
> to me. On others, it is not. Does it mean that it is not configured?

Not necessarily, it just means the wizard has not be ran. You can run
through the wizard and it will stop the message.
The main thing that is important to configure on the DNS server is its
forwarders and removal of the Root "." Forward Lookup Zone, if it has one.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

Thanks for the reply
When I click on the Forward Lookup Zone on say server1, some say AD-Integrated and some say Secondary. Then when i goto another server, say server2 and bring up DNS, some of those same zones that said 2ndary on the first server, say AD-Integrated on the second server? How do I change it so EVERYTHING says AD-Integrated? Is there an article on this? Also is changing it to integrated as simple as changing the type? Are there prerequisite tasks to perform prior to doing this?

In other words, is it that simple to change from a 2ndary to AD-Integrated just by changing the type

Thank

----- Kevin D. Goodknecht [MVP] wrote: ----

In news:4F69874C-F8F9-40C9-A1F7-(E-Mail Removed)
Ken <(E-Mail Removed)> posted a questio
Then Kevin replied below
> I've inherited a Windows 2000 Native mode environment with 10 Domai
> controllers in a Single forest and multi child domains and I am doin
> clean up. There are DNS servers on about 8 of the 10 DCs. How can
> tell if this DNS infrastructure is AD Integrated? If it is not A
> Integrated, what steps do i need to take to move it AD-Integrated

Use the DNS console to open Forward Lookup Zones, in the right hand pane i
will list the zone name and zone type

>> Also, on some of the DNS servers, when I go to the DNS MMC and righ
> click on the server, the "configure this server" option is availabl
> to me. On others, it is not. Does it mean that it is not configured

Not necessarily, it just means the wizard has not be ran. You can ru
through the wizard and it will stop the message
The main thing that is important to configure on the DNS server is it
forwarders and removal of the Root "." Forward Lookup Zone, if it has one



--
Best regards
Kevin D4 Dad Goodknecht Sr. [MVP
Hope This Help
===========================
--
When responding to posts, please "Reply to Group" via you
newsreader so that others may learn and benefit from your issue
To respond directly to me remove the nospam. from my email
=========================================
http://www.lonestaramerica.com
=========================================
Use Outlook Express?... Get OE_Quotefix
It will strip signature out and mor
http://home.in.tum.de/~jain/software/oe-quotefix
=========================================
Keep a back up of your OE settings and folders wit
OEBackup
http://www.oehelp.com/OEBackup/Default.asp
=========================================

The change is as simple as you guessed. Make up your mind if you are going
to be AD-integrated or not. If you are, then they all need to be the same on
all the servers. It's a cosmetic requirement that prevents the kind of
confusion you are running into now.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Ken" <(E-Mail Removed)> wrote in message
news:4412CCA8-5E3E-4351-B194-(E-Mail Removed)...
> Thanks for the reply.
> When I click on the Forward Lookup Zone on say server1, some say
AD-Integrated and some say Secondary. Then when i goto another server, say
server2 and bring up DNS, some of those same zones that said 2ndary on the
first server, say AD-Integrated on the second server? How do I change it so
EVERYTHING says AD-Integrated? Is there an article on this? Also is
changing it to integrated as simple as changing the type? Are there
prerequisite tasks to perform prior to doing this?
>
> In other words, is it that simple to change from a 2ndary to AD-Integrated
just by changing the type?
>
> Thanks
>
> ----- Kevin D. Goodknecht [MVP] wrote: -----
>
> In news:4F69874C-F8F9-40C9-A1F7-(E-Mail Removed),
> Ken <(E-Mail Removed)> posted a question
> Then Kevin replied below:
> > I've inherited a Windows 2000 Native mode environment with 10
Domain
> > controllers in a Single forest and multi child domains and I am
doing
> > clean up. There are DNS servers on about 8 of the 10 DCs. How can
I
> > tell if this DNS infrastructure is AD Integrated? If it is not AD
> > Integrated, what steps do i need to take to move it AD-Integrated?
>
> Use the DNS console to open Forward Lookup Zones, in the right hand
pane it
> will list the zone name and zone type.
>
> >> Also, on some of the DNS servers, when I go to the DNS MMC and
right
> > click on the server, the "configure this server" option is
available
> > to me. On others, it is not. Does it mean that it is not
configured?
>
> Not necessarily, it just means the wizard has not be ran. You can run
> through the wizard and it will stop the message.
> The main thing that is important to configure on the DNS server is
its
> forwarders and removal of the Root "." Forward Lookup Zone, if it has
one.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your issue.
> To respond directly to me remove the nospam. from my email.
> ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
>

In news:4412CCA8-5E3E-4351-B194-(E-Mail Removed),
Ken <(E-Mail Removed)> posted a question
Then Kevin replied below:
> Thanks for the reply.
> When I click on the Forward Lookup Zone on say server1, some say
> AD-Integrated and some say Secondary. Then when i goto another
> server, say server2 and bring up DNS, some of those same zones that
> said 2ndary on the first server, say AD-Integrated on the second
> server? How do I change it so EVERYTHING says AD-Integrated? Is
> there an article on this? Also is changing it to integrated as
> simple as changing the type? Are there prerequisite tasks to perform
> prior to doing this?
>
> In other words, is it that simple to change from a 2ndary to
> AD-Integrated just by changing the type?
>

For a correct answer I need to know, are both of these DCs for the same
domain?
(Since you have AD Integrated they would have to be DCs under Windows 2000)

Under Windows 2000 AD Integrated zones will only replicate to DCs within the
same domain. Windows Server 2003 has more replication options, that are not
available under Windows 2000.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

There are 10 DC's total. They are in one forest: domain.com.
I have 2 DC's each in 4 child domains: na.domain.com; dev.domain.com; apac.domain.com; emea.domain.com

For example: NA.domain.com zon
On the NA.domain.com DNS server - it says it is AD-Integrated
On the Apac.domain.com DNS server - that same zone says it is a secondary domain

That's just one example. I would like to change all my 2ndary zones to AD integrated

Can I just simply flip a switch to make that AD-Integrated, is it as simple as changing the type? Thanks

----- Kevin D. Goodknecht [MVP] wrote: ----

In news:4412CCA8-5E3E-4351-B194-(E-Mail Removed)
Ken <(E-Mail Removed)> posted a questio
Then Kevin replied below
> Thanks for the reply
> When I click on the Forward Lookup Zone on say server1, some sa
> AD-Integrated and some say Secondary. Then when i goto anothe
> server, say server2 and bring up DNS, some of those same zones tha
> said 2ndary on the first server, say AD-Integrated on the secon
> server? How do I change it so EVERYTHING says AD-Integrated? I
> there an article on this? Also is changing it to integrated a
> simple as changing the type? Are there prerequisite tasks to perfor
> prior to doing this
>> In other words, is it that simple to change from a 2ndary t
> AD-Integrated just by changing the type


For a correct answer I need to know, are both of these DCs for the sam
domain
(Since you have AD Integrated they would have to be DCs under Windows 2000

Under Windows 2000 AD Integrated zones will only replicate to DCs within th
same domain. Windows Server 2003 has more replication options, that are no
available under Windows 2000



--
Best regards
Kevin D4 Dad Goodknecht Sr. [MVP
Hope This Help
===========================
--
When responding to posts, please "Reply to Group" via you
newsreader so that others may learn and benefit from your issue
To respond directly to me remove the nospam. from my email
=========================================
http://www.lonestaramerica.com
=========================================
Use Outlook Express?... Get OE_Quotefix
It will strip signature out and mor
http://home.in.tum.de/~jain/software/oe-quotefix
=========================================
Keep a back up of your OE settings and folders wit
OEBackup
http://www.oehelp.com/OEBackup/Default.asp
=========================================

In news:2485FA9F-9244-4C9A-A705-(E-Mail Removed),
Ken <(E-Mail Removed)> posted a question
Then Kevin replied below:
> There are 10 DC's total. They are in one forest: domain.com.
> I have 2 DC's each in 4 child domains: na.domain.com; dev.domain.com;
> apac.domain.com; emea.domain.com.
>
> For example: NA.domain.com zone
> On the NA.domain.com DNS server - it says it is AD-Integrated.
> On the Apac.domain.com DNS server - that same zone says it is a
> secondary domain.
>
> That's just one example. I would like to change all my 2ndary zones
> to AD integrated.

Using your example, only the domain contollers for na.domain.com can have a
replicating AD integrated zone for na.domain.com.
This is where it is going to confuse you, while you can make apac.domain.com
AD integrated on the na.domain.com DC, BUT it will NOT replicate from the DC
for apac.domain.com. Only the DCs in apac.domain.com domain will get a
replicated zone for apac.domain.com.

However, the method of using Secondary zones on the DCs is incorrect you are
probably getting a lot of runtime errors due to all the zone transfers,
aren't you?

Here is how ir should be done.
On the forest parent DC for domain.com create these delegations in the
domain.com zone:
na
dev
apac
emea
Make these delegations to the DCs for these domains.
Then on all the child DCs make them forward ONLY to the Forest parent DNS
server AND check the box "Do not use recursion"

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain
http://support.microsoft.com/default...b;en-us;255248

>
> Can I just simply flip a switch to make that AD-Integrated, is it as
> simple as changing the type? Thanks.
It won't work this way in Windows 2000 the zone will not replicate across
domain partitions. Win2k3 would work better in your situation because Win2k3
allows DNS replication forest wide.

In the absence of Win2k3 the best situation for your scenario is to have a
parent DC with all the delegated child names at each location with the child
DCs and forward to it. Or for that fact you can use the Parent DC for all
DNS and it will replicate to all DCs in the Parent domain at all locations.
It would be less expensive to upgrade to Win2k3.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================