DNS and AD

G

Guest

I have an AD integrated DNS system running. I noticed the other day that when
I went into the DNS MMC that all my servers are saying that DNS hasn't been
configured. I had a suspicion that something might be wrong becasue HOST and
PTR records weren't updating. After deleting HOST and PTR records on one
server, it never replicated to the others. Is this normal? Should the DNS MMC
report that DNS is not configured? DNS seems to work ok, as we don't have any
problems with WEB services or email.
 
H

Herb Martin

Mark Blum said:
I have an AD integrated DNS system running. I noticed the other day that when
I went into the DNS MMC that all my servers are saying that DNS hasn't been
configured.
Click to expand...

There is a difference between configuring an MMC
and the DNS server itself (you can add many DNS
servers to one MMC) but assuming you mean the
DNS server itself...
I had a suspicion that something might be wrong becasue HOST and
PTR records weren't updating. After deleting HOST and PTR records on one
server, it never replicated to the others. Is this normal?
Click to expand...

Not if the servers hold the same zone are properly configured:

1) One Primary & (optional) Secondaries
or
2) Set of AD Integrated & (optional) Secondaries

Don't mix Primary and AD-integrated (or 2 Primaries) on an
single internal DNS zone. (Each zone of course has it's own
set of Primary etc. of course.)

Should the DNS MMC
report that DNS is not configured? DNS seems to work ok, as we don't have any
problems with WEB services or email.
Click to expand...

That sounds like just the MMC is not configured.

Try adding the appropriate servers to the MMC.
 
C

Chriss3 [MVP]

Hello, it should replicate to your other domain controllers running DNS, if
you are using Active Directory on Windows 2000 DNS replicates with the
directory.

Use the command line based tool repadmin to ensure replication working.
repadmin is included in Windows Support tools, found on your Windows Server
CD. use the follow syntax:

repadmin /showreps /v

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
G

Guest

Server 1 shows connections to server 2 and 3 via RPC
Server 2 shows same connections
Server 3 shows connections to 1 and 3 via RPC
Server 4 shows connections to 1 and 2 via RPC in addition to a non existant
server.

None show connection to all 4.
 
C

Cary Shultz [A.D. MVP]

I would suggest that you take a look at ntdsutil and do a MetaData Cleanup.
One of the keys is that you bind to an existing Domain Controller, not to
the one that you are trying to delete.

You - or someone in your organization - removed a Domain Controller at some
point in time but did not do it properly. This happens a lot so no worries.
Even though it is not physically there Active Directory thinks that it is
still there so......

Remember that Active Directory replication is based on incoming connection
objects.

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
H

Herb Martin

Cary Shultz said:
I would suggest that you take a look at ntdsutil and do a MetaData Cleanup.
One of the keys is that you bind to an existing Domain Controller, not to
the one that you are trying to delete.
Click to expand...

Cary is right -- and I know exactly what he means by
'bind' but because so many newcomers are confused
by the terminology allow me to specify the actual wording:

Connect to the working DC.
Select the non-working (dead) DC or Domain.

This is just tool specific.
You - or someone in your organization - removed a Domain Controller at some
point in time but did not do it properly. This happens a lot so no worries.
Even though it is not physically there Active Directory thinks that it is
still there so......

Remember that Active Directory replication is based on incoming connection
objects.
Click to expand...
 
H

Herb Martin

Cary Shultz said:
Herb,

Opps! Sorry! I know that this is one of your pet-peeves. I should have
clarified what 'bind' means! Thank you for catching this and
clarifying.....
Click to expand...

This (knowing the names) is not really a peeve of mine
-- more of an irritation that the names are so similar and
not explained very well in the help.

Too many people write in claiming they cannot accomplish
the task due to reversing them.

Now if you want peeve, the try me on FQDN and namespace
for a name without a dot or a name tree. <GRIN>
 
G

Guest

After checking around, a server, (one with all roles) was removed due to the
server failing. The roles were forced to another server, but nothing was done
for DNS.

Thanks.
 
H

Herb Martin

Mark Blum said:
After checking around, a server, (one with all roles) was removed due to the
server failing. The roles were forced to another server, but nothing was done
for DNS.
Click to expand...

This SHOULD happen for the roles.

It is correct that it will NOT happen for the DNS
nor for the GC(s).

Roles will NOT be moved however if you already
have problems (.e.g, messed up DNS) where the DCs
are not authenticating or cannot find each other.

It also is the DCs choice (probably in order of installation
or in GUID order) which other DC will take the roles.

For these reasons, I suggest that you always move the
roles manually to insure their transfer AND to know
precisely where they are kept.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS on Active Directory 3
ADS and DNS issues 2
DC/DNS 4
DNS Issues 1
AD and DNS Subnet Ordering 1
DNS and DHCP 1
No access to Win2003 domain 0
DNS - A and PTR records 7

Top