Solved

Windows 2003 AD DNS best practices

Posted on 2004-08-25
3
1,510 Views
Last Modified: 2013-12-19
We are days away from upgrading our domain to a Windows 2003 Active Directory.  This is how I propose to perform the upgrade

We have the following scenario

1 X NT4 PDC
1 x NT4 BDC

1 x Windows 2003 Server which hosts Pri DNS and which will be the eventual main DC, FSMO master
1 x Windows 2003 Server which hosts Sec DNS and which will be the second DC

I have already created the neccesary zones, namely,
_msdcs.mycompany.co.uk
 _sites.mycompany.co.uk
_tcp.mycompany.co.uk
_udp.mycompany.co.uk
ForestDNSZones.mycompany.co.uk
DomainDNSZones.mycompany.co.uk

all zones support dynamic updates

So, when I upgrade our PDC, DNS setup will complete without a hitch using the existing DNS server.  I will then run dcpromo on the Pri DNS once I am happy with the upgrade.

Anyway, this is my question.  The zones above are all Standard Primary on the Pri DNS server with the Sec DNS Server listed as additional nameserver.  Should I

1) Set up secondary zones on the Sec DNS server then once I have promoted both servers to DCs change the zone types to AD Integrated
2) Leave the zones just residing on the Pri DNS server.  Then, once I have promoted the first server, change the zone type to AD integrated and then promote the second.

I know it probably seems like a very subtle distinction, but I would appreciate some input.
0
Comment
Question by:hstiles
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 23

Assisted Solution

by:rhandels
rhandels earned 50 total points
ID: 11893304
Hi,

I would say use the second option, this will make your live easier. If the first DNS server works and you make it AD integrated, then you're sure the second will also work (because of AD integration). If something goes awire on you in option 1, you have a big problem..

Only thing to take into account (not sure if this is necesarry though), i would delete the secondary DNS zone from the other DC, else you might get conflicts because it has a secondary zone and needs to be AD integrated..
0
 
LVL 37

Accepted Solution

by:
bbao earned 75 total points
ID: 11898639
agree with rhandels.

FYI, the OFFICIAL bast practice, hehe :)

Best Practice Active Directory Design for Managing Windows Networks
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/plan/bpaddsgn.mspx

Best Practice Methods for Windows 2000 Domain Controller Setup
http://support.microsoft.com/?id=kb;en-us;216899

hope it helps,
bbao
0
 
LVL 13

Author Comment

by:hstiles
ID: 11988961
Extra point sfor bbao for those handy links
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
An article on effective troubleshooting
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question