Change DNS to Active Directory Integrated

I have a 2003 DC that is the primary DNS server and a 2003 DC that is the FSMO role holder and the secondary DNS server.  The Primary DNS server DC is having issues.  I want to change DNS to Active Directory integrated.  I know I can do that from the DNS properties page.
My questions are:
Do I remove DNS from the FSMO DC secondary DNS server first and then make the change to AD integrated on the Primary DNS server?  
Will I have to reboot the Primary DNS server to make the changes take effect?  
How long will it take for the changes to take effect?  
If I removed DNS from the FSMO DC do I just reinsatall it after making the change to AD integrated?
Once the change to AD integrated DNS is made can I set the FSMO DC as the primary DNS server in DHCP?  
Will this effect my XP users?  
Will This effect my Exchange 2003 member server?  Once I get DNS to AD integrated I can then rebuild the DC with the issuses.
Can I do this with users logged in?
Who is Participating?
jonsey5090Connect With a Mentor Commented:
What I suggest you do then is convert your primary DNS server to AD integrated first, this will give you an idea of what the process involves.

Once you've converted it to AD integrated, as long as you enable zone transfers then the secondary will still work, but like you say you want this one to be the primary server. There is no reason why you can't convert the secondary to AD Integrated ONCE you've converted your current primary DNS server. It will then replicate all the records.

If you do it the other way round, your primary DNS server will stop functioning (as you can't have a primary and an AD integrated for the same zone) and this will most likely cause you problems.

You're correct in only transferring the server IP's in DHCP once you've converted the zones. Remember to make sure all clients have released and renewed their DHCP leases prior to taking the first server offline though! =)

Your secondary DNS does not need to know that the primary is now AD integrated, as it will still be able to replicate (as long as you configure it correctly on the primary).

Hope this helps.

Hi CJA, sounds like you've got quite a job on your hands.

I don't think that your going to encounter any issues with your FSMO. Even if you convert your primary DC to AD integrated your FSMO will still function correctly. This is because it's running a secondary zone, all it will do is try and request zone transfers from your primary DC which will refuse them (unless you enable zone transfers).

I'm unsure about the implications of changing your zone type. My gut feeling is that you won't require a restart. The amount of time it will require will depend on the number of resource records in your domain. I imagine if you only have 2 servers your database is going to be quite small so it shouldn't take too much time.

I seriously doubt that you're XP users will be affected. You wont need to log them out. You may get some slow response times whilst the conversion is being completed but if you complete the conversion later in the day, the clients are likely to have stored the required RR's in their DNS Cache and therefore wont need to query your server.
cja131Author Commented:
I have zone transfers enabled.  
Will the secondary DNS still be a secondary after I convert to Ad Integrated DNS?  
Do I have to make any changes to the secondary,like remove DNS and then reinstall or delete anything from the secondary?
My goal here is to remove the current Primary DNS DC from the network and rebuild it so I will need to have the current secondary DNS FSMO DC be the Primary DNS, which if the zone is AD Integrated wont really be the primary but it will have a writable copy of DNS entries.  
I am going to change the DNS entry in DHCP to give the current secondary DNS server IP to all machines logging in, but I can't do that until both DNS servers have AD integrated DNS, is that correct?  So back to original questions:  How do I make the secondary DNS know that DNS is now AD integrated?

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

cja131Author Commented:
When I look at the DNS properties page, on the Primary I have the option to change to Ad integrated, on the secondary I do not, it is grayed out.  If I understand, once I make the change on the primary DNS to AD integrated I will have the same option on the secondary.  Is that correct?
Yes you will do. You only have the option to turn it into a AD integrated zone if the primary zone is AD integrated aswell. Otherwise you will end up in the situation I mentioned in my previous post.
Make sure that you remove the primary DC from the AD before you do anything drastic.

cja131Author Commented:
I don't understand your post (biljax).  Please explain.  Thanks
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.