adding a dns server

[James W. Long]

Hi all:

Win2000 server
main DC named X
my only active directory integrated dns server runs on dc X

I have another DC in active directory called Y
I want to add an integrated dns server to dc Y for the same domain,
there is only one domain.

How do I answer the tree/forest questions or will it know?

I just want to add a second dns server for the same domain
on this DC Y.

I'm asking because I need to set it up right the first time.

Thank you in advance

James W. Long

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi all:

Win2000 server
main DC named X
my only active directory integrated dns server runs on dc
X

I have another DC in active directory called Y
I want to add an integrated dns server to dc Y for the
same domain, there is only one domain.

How do I answer the tree/forest questions or will it know?

I just want to add a second dns server for the same domain
on this DC Y.

I'm asking because I need to set it up right the first
time.

Thank you in advance

James W. Long

Install DNS on DC Y, do _not_ create a zone that already exists on DC X
that is Active Directory Integrated. Any AD Integrated zone will replicate
to all DCs without further action from you. If you attempt to create a zone
on one DC that already exists on the other in Active Directory, you could
overwrite the existing zone and lose zone data.

 

[James W. Long]

Dear Kevin

Thanks!

James Long

In

Install DNS on DC Y, do _not_ create a zone that already exists on DC X
that is Active Directory Integrated. Any AD Integrated zone will replicate
to all DCs without further action from you. If you attempt to create a zone
on one DC that already exists on the other in Active Directory, you could
overwrite the existing zone and lose zone data.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Dear Kevin

Thanks!

No probleemo James.

 

[Michael Leone]

In

Install DNS on DC Y, do _not_ create a zone that already exists on DC X
that is Active Directory Integrated. Any AD Integrated zone will replicate
to all DCs without further action from you. If you attempt to create a
zone
on one DC that already exists on the other in Active Directory, you could
overwrite the existing zone and lose zone data.

I've done just what you say not to do - I added a new DC, and created an
AD-Integrated zone with the same name as my existing AD-Integrated zone. So
now I have a DC with an AD-Integrated zone that has no entries except
itself, and a primary and secondary server (that used to hold the
AD-Integrated zones) that have non-integrated zones (which whixh have all
the records for my domain in them).

How can I fix this? DCPROMO the new DC back to a member server? That will
make the AD-Integrated zone go away. But will I be able to change my primary
DNS to AD-Integrated? Right now, that option is grayed out.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I've done just what you say not to do - I added a new DC,
and created an AD-Integrated zone with the same name as
my existing AD-Integrated zone. So now I have a DC with
an AD-Integrated zone that has no entries except itself,
and a primary and secondary server (that used to hold the
AD-Integrated zones) that have non-integrated zones
(which whixh have all the records for my domain in them).

How can I fix this? DCPROMO the new DC back to a member
server? That will make the AD-Integrated zone go away.
But will I be able to change my primary DNS to
AD-Integrated? Right now, that option is grayed out.

Point all DCs to one DC for DNS, only. On that DC, change the zone type to
standard primary, allow dynamic updates. run this command:
net stop netlogon & net start netlogon & ipconfig /flushdns & ipconfig
/registerdns
(You can run the command by pasting it in a command prompt)
Verify on all DC that their records are registered with netdiag /test:dns /v
If not run netdiag /fix on the DCs that fail.

Using ADUC expand down to System\MicrosoftDNS container and make sure the
object with the domain name is gone or delete it. Also make sure there are
no secondary or primary zones on any other DC with this name.

Go back to the one DC that has the primary zone on it, change the zone to AD
integrated and wait for it to replicate before changing the DCs to point to
themselves or any other DC. As you have found, you can't create the zone on
another DC, this will only overwrite the existing zone in AD.

 

[Michael Leone]

In

Point all DCs to one DC for DNS, only. On that DC, change the zone type to
standard primary, allow dynamic updates. run this command:
net stop netlogon & net start netlogon & ipconfig /flushdns & ipconfig
/registerdns
(You can run the command by pasting it in a command prompt)
Verify on all DC that their records are registered with netdiag /test:dns
/v
If not run netdiag /fix on the DCs that fail.

I'm a bit confused. Here's what I have:

DC1 - primary zone, with name "mycompany.com"
DC2 - secondary zone, with name "mycompany.com"
DC3 - AD-integrated zone, with name "mycompany.com"

All DCs (and all workstations) point to DC1 for DNS. So I'm unclear to which
DC you mean for me to change the zone - DC3? Won't DC3 *and* DC1 now think
they are primary for "mycompany.com"?

Repoint all DCs to DC3 for DNS, and change DC3 zone to primary (leaving no
AD-integrated zone anywhere)? Change DC1 and DC2 to point to DC3 for DNS?

Using ADUC expand down to System\MicrosoftDNS container and make sure the
object with the domain name is gone or delete it. Also make sure there are
no secondary or primary zones on any other DC with this name.

I don't see anywhere in AD Users & Computers to go where you indicate
"System\MicrosoftDNS". I see no containers that say that. Where should it
be - under one of the DCs?

Go back to the one DC that has the primary zone on it, change the zone to
AD
integrated and wait for it to replicate before changing the DCs to point
to
themselves or any other DC. As you have found, you can't create the zone
on
another DC, this will only overwrite the existing zone in AD.

The option to change the zone to AD-integrated is grayed out on DC1 and DC2,
Do you mean that it will become available, if I have no other AD-integrated
zone, with the same name as the zones on Dc1 and DC2?

Thanks for the help.

 

[Kevin D. Goodknecht Sr. [MVP]]

In Michael Leone <[email protected]> commented
Then Kevin replied below:

I'm a bit confused. Here's what I have:

DC1 - primary zone, with name "mycompany.com"
DC2 - secondary zone, with name "mycompany.com"
DC3 - AD-integrated zone, with name "mycompany.com"

All DCs (and all workstations) point to DC1 for DNS. So
I'm unclear to which DC you mean for me to change the
zone - DC3? Won't DC3 *and* DC1 now think they are
primary for "mycompany.com"?

Repoint all DCs to DC3 for DNS, and change DC3 zone to
primary (leaving no AD-integrated zone anywhere)? Change
DC1 and DC2 to point to DC3 for DNS?


I don't see anywhere in AD Users & Computers to go where
you indicate "System\MicrosoftDNS". I see no containers
that say that. Where should it be - under one of the DCs?

Click View menu> select Advanced

The option to change the zone to AD-integrated is grayed
out on DC1 and DC2, Do you mean that it will become
available, if I have no other AD-integrated zone, with
the same name as the zones on Dc1 and DC2?

Are you sure these are domain controllers?
If they are all DCs, and the zone is AD integrated on one, the zone should
be in all other DCs in the same domain, that have DNS installed as an AD
integrated zone.