Delete Active Directory-Integrated domain

[Steve]

I have 3 domain controllers with DNS on all 3. They all
have the Active Directory-Integrated domain for our
network.

Can I delete the domain from one of the servers - Can you
delete an Active Directory-Integrated domain from a domain
controller.

Will this delete the domain from all the domain controller
servers?

Thanks

 

[Kevin D. Goodknecht [MVP]]

In

I have 3 domain controllers with DNS on all 3. They all
have the Active Directory-Integrated domain for our
network.

Can I delete the domain from one of the servers - Can you
delete an Active Directory-Integrated domain from a domain
controller.

If you do, it will delete the zone from all servers.

Will this delete the domain from all the domain controller
servers?

Yes.

If the zone is Active Directory integrated it will be replicated to all DCs
in the domain with DNS installed.
If you don't want one particular DC from hosting DNS you will need to
uninstall DNS on that DC or use standard primary zones which is not
recommended if DDNS is enabled.

 

[Ace Fekay [MVP]]

In

In

If you do, it will delete the zone from all servers.



Yes.

If the zone is Active Directory integrated it will be replicated to
all DCs in the domain with DNS installed.
If you don't want one particular DC from hosting DNS you will need to
uninstall DNS on that DC or use standard primary zones which is not
recommended if DDNS is enabled.

Not sure what you mean here Kevin. If you delete the zone from one of the
DC/DNS servers, even if the zone is AD Integrated, you're only removing it
from that specific DC/DNS server and not from the actual AD database. So the
zones will still remain on the other DC/DNS servers and remain AD
Integrated.

Never tested it, but I believe if you remove the zone from all DNS servers,
I believe the zone will still remain in the AD database, which can be
verified with ADSI Edit. I guess I'll have to test it one day. I think the
only way to remove it from the AD database is if on any of the servers, you
change the zone type to a Primary, then it yanks it out of AD (which the
change gets replicated to the other DCs).

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Deji Akomolafe]

Ace, that is not correct. If it's AD-intg, deleting it from one server will
delete it from the other servers.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace, that is not correct. If it's AD-intg, deleting it from one
server will delete it from the other servers.

Deleting the zone or making it Primary then deleting it?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Ace, that is not correct. If it's AD-intg, deleting it from one
server will delete it from the other servers.

I haven't tested this, but I can't see why deleting the zone on one DC/DNS
server would affect the others, unless it interprets it as the zone being
deleted out of AD?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Herb Martin]

It won't. If someone is worried, they can first make it
a secondary and then delete that -- takes 10 seconds.

 

[Stev]

-----Original Message-----
In Kevin D. Goodknecht [MVP] <[email protected]> posted their thoughts,
then I offered mine



Not sure what you mean here Kevin. If you delete the zone from one of the
DC/DNS servers, even if the zone is AD Integrated, you're only removing it
from that specific DC/DNS server and not from the actual AD database. So the
zones will still remain on the other DC/DNS servers and remain AD
Integrated.

Never tested it, but I believe if you remove the zone from all DNS servers,
I believe the zone will still remain in the AD database, which can be
verified with ADSI Edit. I guess I'll have to test it one day. I think the
only way to remove it from the AD database is if on any of the servers, you
change the zone type to a Primary, then it yanks it out of AD (which the
change gets replicated to the other DCs).

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


.

What I am trying to accomplish is the following:

I want to remove the AD-Integrated zone on one server only
and create a Standard Primary for the same domain name but
with external IP addresses. This way I can assign this
server as one of my Public DNS Servers.

But I do not want to delete the zone if it will replicate
and delete the AD-Integrated zone from all servers

Thank for any help

 

[Herb Martin]

I want to remove the AD-Integrated zone on one server only

and create a Standard Primary for the same domain name but
with external IP addresses. This way I can assign this
server as one of my Public DNS Servers.

You shouldn't have a "publicly accessible DC" so DCPromo to
non-DC and switching to Primary (easy) will work.

Also you really should let your Registrar hold your external
DNS if that is a choice -- ISP is second best. You doing it
is a poor choice except for the largest companies (large in
terms of Internet presence.)

 

[stev]

If its an AD-Integrated zone you can't make a secondary

 

[Ace Fekay [MVP]]

In

If its an AD-Integrated zone you can't make a secondary

Why not?

Yes you can, unless I am misinterpreting your statement?

An AD Integrated zone *also* acts as a Primary zone for zone transfers. You
can allow zone transfers no matter what sort of zone type (AD Integrated or
not).

If the zone you want a copy of is on another DC/DNS server in the same
domain (on W2k), then it's suggested to make it AD Integrated anyway. If on
a DC/DNS from another domain, then you can make a secondary of the zone. ALl
you have to do is just allow zone transfer on the AD Integrated zone.

However, W2k3 allows replication of zone data to other domain application
partitions across the forest.




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

What I am trying to accomplish is the following:

I want to remove the AD-Integrated zone on one server only
and create a Standard Primary for the same domain name but
with external IP addresses. This way I can assign this
server as one of my Public DNS Servers.

But I do not want to delete the zone if it will replicate
and delete the AD-Integrated zone from all servers

Thank for any help

I agree with Herb. You do NOT want to mix private and public data to begin
with. Mixing it up can cause issues with the private IPs on the Internet.
You also do not want to expose your private data (AD info) to the Internet.
If you do want to host your stuff on the Internet, I would suggest to get a
separate server to host your domain. .

It's really easier and less headaches and much more secure to just let your
registrar or ISP host your domain name.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Herb Martin]

If its an AD-Integrated zone you can't make a secondary

Of course you can -- what gave you that idea?

Zones are freely transformable as to type and any
DNS server can have a secondary, even a secondary.