?
Solved

Change DNS to Active Directory Integrated

Posted on 2005-04-28
8
Medium Priority
?
457 Views
Last Modified: 2012-05-05
I have a 2003 DC that is the primary DNS server and a 2003 DC that is the FSMO role holder and the secondary DNS server.  The Primary DNS server DC is having issues.  I want to change DNS to Active Directory integrated.  I know I can do that from the DNS properties page.
My questions are:
Do I remove DNS from the FSMO DC secondary DNS server first and then make the change to AD integrated on the Primary DNS server?  
Will I have to reboot the Primary DNS server to make the changes take effect?  
How long will it take for the changes to take effect?  
If I removed DNS from the FSMO DC do I just reinsatall it after making the change to AD integrated?
Once the change to AD integrated DNS is made can I set the FSMO DC as the primary DNS server in DHCP?  
Will this effect my XP users?  
Will This effect my Exchange 2003 member server?  Once I get DNS to AD integrated I can then rebuild the DC with the issuses.
Can I do this with users logged in?
Thanks
cja13161
0
Comment
Question by:cja131
  • 3
  • 3
7 Comments
 
LVL 1

Expert Comment

by:jonsey5090
ID: 13884976
Hi CJA, sounds like you've got quite a job on your hands.

I don't think that your going to encounter any issues with your FSMO. Even if you convert your primary DC to AD integrated your FSMO will still function correctly. This is because it's running a secondary zone, all it will do is try and request zone transfers from your primary DC which will refuse them (unless you enable zone transfers).

I'm unsure about the implications of changing your zone type. My gut feeling is that you won't require a restart. The amount of time it will require will depend on the number of resource records in your domain. I imagine if you only have 2 servers your database is going to be quite small so it shouldn't take too much time.

I seriously doubt that you're XP users will be affected. You wont need to log them out. You may get some slow response times whilst the conversion is being completed but if you complete the conversion later in the day, the clients are likely to have stored the required RR's in their DNS Cache and therefore wont need to query your server.
0
 

Author Comment

by:cja131
ID: 13885100
I have zone transfers enabled.  
Will the secondary DNS still be a secondary after I convert to Ad Integrated DNS?  
Do I have to make any changes to the secondary,like remove DNS and then reinstall or delete anything from the secondary?
My goal here is to remove the current Primary DNS DC from the network and rebuild it so I will need to have the current secondary DNS FSMO DC be the Primary DNS, which if the zone is AD Integrated wont really be the primary but it will have a writable copy of DNS entries.  
I am going to change the DNS entry in DHCP to give the current secondary DNS server IP to all machines logging in, but I can't do that until both DNS servers have AD integrated DNS, is that correct?  So back to original questions:  How do I make the secondary DNS know that DNS is now AD integrated?
Thanks
cja131


Thanks
cja131
0
 
LVL 1

Accepted Solution

by:
jonsey5090 earned 750 total points
ID: 13886098
What I suggest you do then is convert your primary DNS server to AD integrated first, this will give you an idea of what the process involves.

Once you've converted it to AD integrated, as long as you enable zone transfers then the secondary will still work, but like you say you want this one to be the primary server. There is no reason why you can't convert the secondary to AD Integrated ONCE you've converted your current primary DNS server. It will then replicate all the records.

If you do it the other way round, your primary DNS server will stop functioning (as you can't have a primary and an AD integrated for the same zone) and this will most likely cause you problems.

You're correct in only transferring the server IP's in DHCP once you've converted the zones. Remember to make sure all clients have released and renewed their DHCP leases prior to taking the first server offline though! =)

Your secondary DNS does not need to know that the primary is now AD integrated, as it will still be able to replicate (as long as you configure it correctly on the primary).

Hope this helps.

Jonesy.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:cja131
ID: 13886814
When I look at the DNS properties page, on the Primary I have the option to change to Ad integrated, on the secondary I do not, it is grayed out.  If I understand, once I make the change on the primary DNS to AD integrated I will have the same option on the secondary.  Is that correct?
thanks
Cja131
0
 
LVL 1

Expert Comment

by:jonsey5090
ID: 13887183
Yes you will do. You only have the option to turn it into a AD integrated zone if the primary zone is AD integrated aswell. Otherwise you will end up in the situation I mentioned in my previous post.
0
 
LVL 6

Expert Comment

by:BILJAX
ID: 13904333
Make sure that you remove the primary DC from the AD before you do anything drastic.



AC
0
 

Author Comment

by:cja131
ID: 13907955
I don't understand your post (biljax).  Please explain.  Thanks
cja131
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question