Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS question regarding AD with server 2003 Domain Controllers for upgrading existing workgroup

Posted on 2004-09-29
8
Medium Priority
?
236 Views
Last Modified: 2010-03-18
I have the task of upgrading our network to Active Directory that currently uses a workgroup. I will be installing 2 new Domain Controllers (Windows server 2003) and want to use Active Directory integrated DNS. My plan is to let the first Server's promotion happen via dcpromo and let it install DNS for itself. After that I want to promote the second server via dcpromo as a second DC in the domain. I want to install DNS on the second DC as well for redundancy but am unsure as to what type of zones to create. Will AD integrated primary zones on the second DC create new zones, making it neccessary for secondary zones instead? Also after this is done how should the DNS IP settings be for the DC's.
0
Comment
Question by:ESSGroup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12189606

I would install DNS and then DCPROMO one server and install Active Directory:
http://www.petri.co.il/how_to_install_active_directory_on_w2k.htm

This server will now have to point to itself for DNS resolution, and should have a static IP address.


Then you can Install DNS and DCPROMO the other server, or vice versa, it's not really important, but both(all) DNS servers should be AD-Integrated for proper replication.  The second DNS server should point to the first DNS server as the preferred one, and then itself as a secondary.
0
 

Author Comment

by:ESSGroup
ID: 12194074
I've tried in my testing environment (Windows server 2003) using active directory integrated primary zones on both machines and it lists each machine as its own Start of Authority (im not sure if this matters). After creating a test account (A record) on the Global Catalog machine and leaving it over night, the account was not replicated to the second server until I manually reload the zone the next day. Does an Active Directory integrated DNS scheme not replicate DNS data automatically when changes to the Directory like this occur?
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 12199619
If you are using AD Integrated DNS, the DNS database is located in Active Directory.  This means that the DNS database is replicated automatically to each DC in your environment.

The basic overview of the process of installation is this:

You have two stand alone servers....now need to convert these to a domain.

1) DCPROMO the first server (Server1)
2) During the installation allow the DCPROMO wizard to install DNS (Ad Integrated)
3) After the installation completes, you will have a domain and DNS running automatically (By the way, keep the default and name your domain domainname.local or domainname-int.com...or something other then your registered Internet Domain Name.)
4) Now you can join you second server (Server2) to the domain.
5) if you want, you can run DCPROMO on the Server2.  Create an additional domain controller in an existing domain.  (Don't worry about DNS during this installation)
6) After the DCPROMO wizard completes, you will have a copy of the DNS database in Active Directory; however, the DNS service will not be installed.  Therefore, only Server1 will be "working" as a DNS server.  In order to use Server2 as a DNS server, simply install the DNS service.  Once the DNS service is installed, clients can be pointed to either Server1 or Server2.

Automatically, the DCPROMO wizard will create one Forward Lookup Zone for you.  This forward lookup zone will have the name of your domain (i.e. domainname.local).  You do not need to worry about zone transfers or creating any other specail DNS zones for your AD environment to work  (Although, you might want to create a reverse lookup zone for your subnet-optional).  DNS replication is automatic when you use AD Integrated DNS (Most people use AD Integrated because the replication is automatic and the DNS database is backup up on every DC).

-hope this helps...

Joe Poandl MCSE
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:ESSGroup
ID: 12202670
Thanks guys this is all very helpful stuff.

I really want to make sure that I have some redundancy in DNS here to prevent single points of failure and want to know what is the best type of DNS zone to specify on my second Domain controller to prevent problems DNSwise in the event of a crash on the first Domain Controller. I understand now that DNS data is replicated automatically to all DC's in the domain, I just want the DNS service to continue to run in case of DC 1 going down.

Thanks in advance for your help and patience with me.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 12202857
"I understand now that DNS data is replicated automatically to all DC's in the domain, I just want the DNS service to continue to run in case of DC 1 going down."

Yes, when you use AD Integrated DNS, the DNS database is incorporated into Active Directory.  The advantage of this is that the DNS database is replicated onto every Domain Controller in your environment.  This provides a great deal of protection for your DNS database.  

Although the DNS database is protected (because copies exist on each DC), this doesn't mean that each DC automatically provide DNS resolution functions.  In order to active DNS functionality on your DC, you will have to ADD the DNS SERVICE.

Every DC that has the DNS service installed, can handle DNS resolution requests.  

So in your environment, I would make sure that I have multiple DC's running the DNS service.  This way, your DNS service is redundant.

Also, you will have to make sure that your client have multiple DNS server listed in thier TCP/IP properites.

To load balance the load on the DNS servers, make sure that you configure half your DHCP scopes to list DNS server1 first and DNS server2 second.  In another scope list DNSserver2 first and then DNS server1.

-later

Joe Poandl MCSE

0
 

Author Comment

by:ESSGroup
ID: 12203998
Sorry to keep this going. What type of DNS zone do I specify during installation of the 2nd servers DNS? The first servers DNS is Active Directory integrated primary.

1. Active Directory Integrated Primary
2. Primary
3. Secondary
4. Stub

We use static ip's for clients mostly(with only about 5-10 using dhcp)
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 2000 total points
ID: 12216319
All DNS Servers should be installed as "1. Active Directory Integrated Primary"

0
 

Author Comment

by:ESSGroup
ID: 12218149
Thank you for all of your help. I truely appreciate it.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question