ESSGroup
asked on
DNS question regarding AD with server 2003 Domain Controllers for upgrading existing workgroup
I have the task of upgrading our network to Active Directory that currently uses a workgroup. I will be installing 2 new Domain Controllers (Windows server 2003) and want to use Active Directory integrated DNS. My plan is to let the first Server's promotion happen via dcpromo and let it install DNS for itself. After that I want to promote the second server via dcpromo as a second DC in the domain. I want to install DNS on the second DC as well for redundancy but am unsure as to what type of zones to create. Will AD integrated primary zones on the second DC create new zones, making it neccessary for secondary zones instead? Also after this is done how should the DNS IP settings be for the DC's.
ASKER
I've tried in my testing environment (Windows server 2003) using active directory integrated primary zones on both machines and it lists each machine as its own Start of Authority (im not sure if this matters). After creating a test account (A record) on the Global Catalog machine and leaving it over night, the account was not replicated to the second server until I manually reload the zone the next day. Does an Active Directory integrated DNS scheme not replicate DNS data automatically when changes to the Directory like this occur?
If you are using AD Integrated DNS, the DNS database is located in Active Directory. This means that the DNS database is replicated automatically to each DC in your environment.
The basic overview of the process of installation is this:
You have two stand alone servers....now need to convert these to a domain.
1) DCPROMO the first server (Server1)
2) During the installation allow the DCPROMO wizard to install DNS (Ad Integrated)
3) After the installation completes, you will have a domain and DNS running automatically (By the way, keep the default and name your domain domainname.local or domainname-int.com...or something other then your registered Internet Domain Name.)
4) Now you can join you second server (Server2) to the domain.
5) if you want, you can run DCPROMO on the Server2. Create an additional domain controller in an existing domain. (Don't worry about DNS during this installation)
6) After the DCPROMO wizard completes, you will have a copy of the DNS database in Active Directory; however, the DNS service will not be installed. Therefore, only Server1 will be "working" as a DNS server. In order to use Server2 as a DNS server, simply install the DNS service. Once the DNS service is installed, clients can be pointed to either Server1 or Server2.
Automatically, the DCPROMO wizard will create one Forward Lookup Zone for you. This forward lookup zone will have the name of your domain (i.e. domainname.local). You do not need to worry about zone transfers or creating any other specail DNS zones for your AD environment to work (Although, you might want to create a reverse lookup zone for your subnet-optional). DNS replication is automatic when you use AD Integrated DNS (Most people use AD Integrated because the replication is automatic and the DNS database is backup up on every DC).
-hope this helps...
Joe Poandl MCSE
The basic overview of the process of installation is this:
You have two stand alone servers....now need to convert these to a domain.
1) DCPROMO the first server (Server1)
2) During the installation allow the DCPROMO wizard to install DNS (Ad Integrated)
3) After the installation completes, you will have a domain and DNS running automatically (By the way, keep the default and name your domain domainname.local or domainname-int.com...or something other then your registered Internet Domain Name.)
4) Now you can join you second server (Server2) to the domain.
5) if you want, you can run DCPROMO on the Server2. Create an additional domain controller in an existing domain. (Don't worry about DNS during this installation)
6) After the DCPROMO wizard completes, you will have a copy of the DNS database in Active Directory; however, the DNS service will not be installed. Therefore, only Server1 will be "working" as a DNS server. In order to use Server2 as a DNS server, simply install the DNS service. Once the DNS service is installed, clients can be pointed to either Server1 or Server2.
Automatically, the DCPROMO wizard will create one Forward Lookup Zone for you. This forward lookup zone will have the name of your domain (i.e. domainname.local). You do not need to worry about zone transfers or creating any other specail DNS zones for your AD environment to work (Although, you might want to create a reverse lookup zone for your subnet-optional). DNS replication is automatic when you use AD Integrated DNS (Most people use AD Integrated because the replication is automatic and the DNS database is backup up on every DC).
-hope this helps...
Joe Poandl MCSE
ASKER
Thanks guys this is all very helpful stuff.
I really want to make sure that I have some redundancy in DNS here to prevent single points of failure and want to know what is the best type of DNS zone to specify on my second Domain controller to prevent problems DNSwise in the event of a crash on the first Domain Controller. I understand now that DNS data is replicated automatically to all DC's in the domain, I just want the DNS service to continue to run in case of DC 1 going down.
Thanks in advance for your help and patience with me.
I really want to make sure that I have some redundancy in DNS here to prevent single points of failure and want to know what is the best type of DNS zone to specify on my second Domain controller to prevent problems DNSwise in the event of a crash on the first Domain Controller. I understand now that DNS data is replicated automatically to all DC's in the domain, I just want the DNS service to continue to run in case of DC 1 going down.
Thanks in advance for your help and patience with me.
"I understand now that DNS data is replicated automatically to all DC's in the domain, I just want the DNS service to continue to run in case of DC 1 going down."
Yes, when you use AD Integrated DNS, the DNS database is incorporated into Active Directory. The advantage of this is that the DNS database is replicated onto every Domain Controller in your environment. This provides a great deal of protection for your DNS database.
Although the DNS database is protected (because copies exist on each DC), this doesn't mean that each DC automatically provide DNS resolution functions. In order to active DNS functionality on your DC, you will have to ADD the DNS SERVICE.
Every DC that has the DNS service installed, can handle DNS resolution requests.
So in your environment, I would make sure that I have multiple DC's running the DNS service. This way, your DNS service is redundant.
Also, you will have to make sure that your client have multiple DNS server listed in thier TCP/IP properites.
To load balance the load on the DNS servers, make sure that you configure half your DHCP scopes to list DNS server1 first and DNS server2 second. In another scope list DNSserver2 first and then DNS server1.
-later
Joe Poandl MCSE
Yes, when you use AD Integrated DNS, the DNS database is incorporated into Active Directory. The advantage of this is that the DNS database is replicated onto every Domain Controller in your environment. This provides a great deal of protection for your DNS database.
Although the DNS database is protected (because copies exist on each DC), this doesn't mean that each DC automatically provide DNS resolution functions. In order to active DNS functionality on your DC, you will have to ADD the DNS SERVICE.
Every DC that has the DNS service installed, can handle DNS resolution requests.
So in your environment, I would make sure that I have multiple DC's running the DNS service. This way, your DNS service is redundant.
Also, you will have to make sure that your client have multiple DNS server listed in thier TCP/IP properites.
To load balance the load on the DNS servers, make sure that you configure half your DHCP scopes to list DNS server1 first and DNS server2 second. In another scope list DNSserver2 first and then DNS server1.
-later
Joe Poandl MCSE
ASKER
Sorry to keep this going. What type of DNS zone do I specify during installation of the 2nd servers DNS? The first servers DNS is Active Directory integrated primary.
1. Active Directory Integrated Primary
2. Primary
3. Secondary
4. Stub
We use static ip's for clients mostly(with only about 5-10 using dhcp)
1. Active Directory Integrated Primary
2. Primary
3. Secondary
4. Stub
We use static ip's for clients mostly(with only about 5-10 using dhcp)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for all of your help. I truely appreciate it.
I would install DNS and then DCPROMO one server and install Active Directory:
http://www.petri.co.il/how_to_install_active_directory_on_w2k.htm
This server will now have to point to itself for DNS resolution, and should have a static IP address.
Then you can Install DNS and DCPROMO the other server, or vice versa, it's not really important, but both(all) DNS servers should be AD-Integrated for proper replication. The second DNS server should point to the first DNS server as the preferred one, and then itself as a secondary.