ajmcqueen
asked on
NT4 to W2003 Upgrade Issues with DNS
Hi
I am looking at updating our NT4 domain to W2003 AD. I've tested doing an in-place upgrade of an NT4 PDC to W2003. Then what I want to do (as I hate relying on in-place upgrades) is build a fresh W2003 server, promote to DC, move all the FSMO roles over and then trash the original upgraded DC from NT4. Finally I plan to introduce at least one more W2003 DC as a backup and probably set it up as Global Catalog in addition to the first one. Both DCs would also host DNS integrated into AD and ultimately I plan to upgrade our Exchange 5.5 to Exchange 2003, once the AD network has settled down and is stable.
I have done parts of this but one thing puzzles me. Although the first in-place upgrade prompts to install a DNS server as first in site and sets up integration with AD, how do I do the same with the next (and ultimately primary) server? When I run dcpromo from the command line (or the AD wizard - I assume it amounts to the same thing), neither prompts to install and integrate DNS with AD. All the help I read says make sure you integrate DNS with AD but no-one explains how that is meant to happen - do you simply install DNS before running dcpromo and the integration is done silently, or afterwards and it just does it? Or are you supposed to install DNS in a specific way or run dcpromo in a specific way?
I hope someone can elighten me. Also, any gotchas/hints on the whole upgrade process where Exchange 5.5 and Citrix SP3/FR3 on W2K servers are in the domain would be handy.
Regards
Mac
I am looking at updating our NT4 domain to W2003 AD. I've tested doing an in-place upgrade of an NT4 PDC to W2003. Then what I want to do (as I hate relying on in-place upgrades) is build a fresh W2003 server, promote to DC, move all the FSMO roles over and then trash the original upgraded DC from NT4. Finally I plan to introduce at least one more W2003 DC as a backup and probably set it up as Global Catalog in addition to the first one. Both DCs would also host DNS integrated into AD and ultimately I plan to upgrade our Exchange 5.5 to Exchange 2003, once the AD network has settled down and is stable.
I have done parts of this but one thing puzzles me. Although the first in-place upgrade prompts to install a DNS server as first in site and sets up integration with AD, how do I do the same with the next (and ultimately primary) server? When I run dcpromo from the command line (or the AD wizard - I assume it amounts to the same thing), neither prompts to install and integrate DNS with AD. All the help I read says make sure you integrate DNS with AD but no-one explains how that is meant to happen - do you simply install DNS before running dcpromo and the integration is done silently, or afterwards and it just does it? Or are you supposed to install DNS in a specific way or run dcpromo in a specific way?
I hope someone can elighten me. Also, any gotchas/hints on the whole upgrade process where Exchange 5.5 and Citrix SP3/FR3 on W2K servers are in the domain would be handy.
Regards
Mac
I will first address your question about installing dns on the server that will be new from scratch. It is your choice if you want to install dns before or during the dcpromo. Either way, the dcpromo will configure the AD integrated zone you are asking about. The only difference is that if dns is not already installed when you run dc promo, you will get a prompt during the dcpromo asking you to make a choice of one of three items, I recommend selecting "install dns and configure it for me". You can always setup an AD integrated zone in dns by simply right clicking on forward lookup zones, typing in the name of your local domain and selecting active directory integrated zone.
When you bring the first ad server up in the domain, it has to be pointed to itself for dns so that the srv records are created. I have always been told that you should make any server with active directory point to itself for dns, but I was on a microsoft call the other day, and they recommended that the primary server holding the fsmo roles be pointed to itself, then the other ad server point to this server for dns.
ASKER
I know what you mean about the prompt about installing DNS when running dcpromo but what I meant to say (and obviously didn't clearly enough) was that I got this prompt with the first in-place upgrade but not the second new-build DC when I was running some installation tests. I think this must be because the second DC already a TCP/IP DNS entry pointed at the first before I ran dcpromo. It needed this DNS entry to join the domain and then I think this supressed the option for installing DNS via dcpromo. I thought this at the time and removed the DC role, removed the DNS entry and then ran dcpromo again but it still didn't prompt to install DNS. I think this may have been because it had cached the DNS link even though I had removed it. To be honest I have installed and removed both a DNS server and added and removed the DC role a few times to try and get the DNS prompt without luck. Probably the server (and AD as a whole) is now completely confused which just means I'll go back to my original disk images and start testing again!
Keen to hear if you agree with my ideas of why I didn't see the DNS install prompt within dcpromo.
Also, from what you said above, if a local DNS server is already installed before running dcpromo it does the AD integration anyway - is that right?
Finally, I too have heared that any additional DCs should point to the fsmo server for DNS. However are they saying that only one server should have DNS installed? We currently have both an ADSL line and a leased line out to the internet through different ISPs in our NT4 domain. There are two internal DNS servers, one uses external DNS servers on the ADSL and the other uses those on the leased line. All internal clients have both local DNS servers in their TCP/IP setups for redundancy. I was hoping to do the same in AD - is this a bad idea?
Mac
Keen to hear if you agree with my ideas of why I didn't see the DNS install prompt within dcpromo.
Also, from what you said above, if a local DNS server is already installed before running dcpromo it does the AD integration anyway - is that right?
Finally, I too have heared that any additional DCs should point to the fsmo server for DNS. However are they saying that only one server should have DNS installed? We currently have both an ADSL line and a leased line out to the internet through different ISPs in our NT4 domain. There are two internal DNS servers, one uses external DNS servers on the ADSL and the other uses those on the leased line. All internal clients have both local DNS servers in their TCP/IP setups for redundancy. I was hoping to do the same in AD - is this a bad idea?
Mac
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I never have any of my internal machines (server or otherwise) point outside for dns. With NT, you had WINS to communicate inside and dns to communicate outside. Now that WINS is obselete (only needed if there are NT 4.0 or earlier network OS's) windows 2000 and 2003 use dns for internal and externl name resolution.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.