Solved

DNS advice on W2k Reorganization needed...

Posted on 2004-09-24
17
233 Views
Last Modified: 2010-04-14
Hello all!  I just took over a small network (25 workstations) that is quite a mess, and will be doing some significant reorganizing.  We have 2 DC's.  DC1 has DNS, that had a standard primary zone.  DC2 did not have DNS set up, and does not hold any FSMO roles.  DHCP is currently being done by the router, which I would like to change to DC2.  I wish to make DC2 the main DC with all roles (most likely), and to have active directory integrated zones.  Once I transfer all the roles (using ntdsutil) to DC2, I will demote DC1 to a member server.  I will then promote another computer to a secondary DC, with DNS (we'll call it DC3).  I tried setting up DNS on DC2, adding an AD integrated forward-lookup zone, and it said that it couldn't, that the zone already exists.  What is the best way to get all the zone info from DC1 to DC2, before I go through all the role transfers, etc.?  And what would be the best sequence to make this reorganization possible? Thank you highly for any help you can provide.  I have to make this happen tomorrow (Saturday morning), and I want to be as prepared as possible.
0
Comment
Question by:redmanjb
  • 8
  • 8
17 Comments
 
LVL 14

Expert Comment

by:dlwyatt82
Comment Utility
Convert the DNS zone on DC1 to an Active Directory Integrated zone first, before loading DNS on DC2. Then you will be able to install DNS on DC2 (as active directory integrated), the zone information will already be replicated via AD, and you can transfer FSMO roles off DC1 and demote it per the rest of your plan.
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
For the most part what you are trying to do makes sense to me, except the part about setting up DNS on DC2.  What type of zone were you trying to create? In one sentence you say that you want to create an AD integrated zone and in the next you talk about transferring the zone from DC1. This cannot be done,, an ad zone gets its records from ad and a standard zone gets its records either manually or from transfers. IE you cant transfer between the two as they are differnt types of zones.  I would set up DC2 as an AD zone, and set up dynamic DNS with DHCP.
0
 

Author Comment

by:redmanjb
Comment Utility
I appreciate the quick response! :).  DNS was already installed on DC2, but there were no zones.    I changed the zones on DC1 to AD integrated yesterday.  Should I remove DNS on DC2, then reinstall?  I just don't see anything in DNS on DC2, maybe it's not replicating?  Do I have to do anything with the IP configs on both DCs to make them point to eachother?
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
Comment Utility
i would uninstall DNS on DC2 and see what happens.

when you say " I just don't see anything in DNS on DC2, maybe it's not replicating" im confused,,, how can it replicate if it isn't even set up?  or were you talking about AD replication and not DNS replication. Please be as specific as possible.  if you are concerned about replication (DNS or AD) check the event viewer logs.
0
 

Author Comment

by:redmanjb
Comment Utility
I appreciate your patience mikeleebrla.  I'm pretty new at this.  My concern is that in DNS on DC2, I do not see any zones or anything.  I was expecting, since it is an AD integrated zone on DC1, that the zones would automatically appear in DNS on DC2, that I would actually see the forward lookup zone on DC2 with all the info that DC1's DNS has.  When I had tried to add a forward-lookup zone on DC2, with the same name as the forward-lookup on DC1, it said it could not because it already exists.  I know I'm missing some of how this actually works, but if I remove DNS from DC2, then reinstall, will the zones appear?
0
 

Author Comment

by:redmanjb
Comment Utility
Hi mikeleebrla.  I removed DNS from DC2, then reinstalled, and everything is there as I had hoped.  However, what did you mean by setting up dynamic DNC with DHCP?  
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
if you are using dynamic dns, all of your dhcp clients' dns records are updated automatically by communication between the dns/dhcp servers and clients so you dont have to manually enter the dns records in the dns server.  So the result is that IP addresses and DNS records stay in synch so that you can use DNS and DHCP together seamlessly.  

go to the DHCP server and open the scope properties,, on the DNS tab check "automatically update DHCP client info in DNS"

0
 

Author Comment

by:redmanjb
Comment Utility
very good mikeleebrla, i did that.  now that I have DHCP and DNS running on DC2, is there anything else I should do before transferring the FSMO roles from DC1 to DC2 (and afterwards, demoting DC1, then promoting DC3)?  And since our router is also handling DHCP, is any concern for the two to co-exist?  Should I just have DC2 doing the DHCPing?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
i would also make sure that both DCs have a copy of the global catalog., this is done from active directory sites and services,, browse to your server, then go to the NTDS properties and check global catalog.... since you only have one domain in your forrest you dont have to worry about the FSMO rule about having the Global Catalog on the same DC that holds the infrastucture role.
0
 

Author Comment

by:redmanjb
Comment Utility
Great mikeleebrla.  I checked the GC box on DC2.  About the router, is it ok if the router is handling DHCP (it's been set up this way for quite some time), and to have DHCP running on DC2?  They have different scopes.  Or would it be more beneficial if DC2 only handles DHCP, and the router doesn't?
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
NO only have the DHCP server handle the addresses,,, otherwize  you will have 2 sets of DHCP address,, and since the DNS server will only know about the DHCP address that were created by the DHCP, some will have DNS records and some won't and you will have a nightmare on your hands.
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
NO only have the DHCP server handle the addresses,,, otherwize  you will have 2 sets of DHCP address,, and since the DNS server will only know about the DHCP address that were created by the DHCP, some will have DNS records and some won't and you will have a nightmare on your hands.
0
 

Author Comment

by:redmanjb
Comment Utility
ahhh....that makes sense.  since the router has been handling dhcp, and since all the clients are set to obtain an ip address automatically, should i just turn off the router's dhcp server, and do a "ipconfig /flushdns, and /registerdns" on the new dns server, dc2?  I'm not sure if this is entirely correct, just kinda guessing :).  Will this update all the clients with all the needed info?
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
turn off the routers dhcp feature

what you need to do from the CLIENTS is run:

ipconfig /release           this will release them from the routers dhcp address
ipconfig /renew              this will give them a new DHCP address from the windows DHCP server
ipconfig /registerdns      this will register them with the dns server
0
 

Author Comment

by:redmanjb
Comment Utility
You have been most helpful mikeleebrla.  Thank you so much.  One last thing and I'll leave you alone I promise :).  With this reorganization I am doing, I am not only swapping DCs, but I'm also going to swap a huge 160gig drive which is now the C drive on DC2 (which will be the main DC), with a smaller 40gig drive.  I have already set up DC2 (thanks to you) with everything I need to get ready to seize the roles from DC1.  Do you see any potential problems with cloning the C drive (using Acronis MigrateEasy) to the other?  Is this something I should do right now, instead of waiting until after I seize the roles?  If I go ahead and clone the drive now, will I have to set the services (dhcp, dns, etc) up again?
0
 
LVL 25

Expert Comment

by:mikeleebrla
Comment Utility
i couldn't tell you since ive never used that program
0
 

Author Comment

by:redmanjb
Comment Utility
well hey, again, thank you very much for your help!  you've been most patient :)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now