DNS server deleted during DC demotion.  No running DNS server on Domain.  How do I rebuild?

Posted on 2006-07-18
Last Modified: 2010-04-18
I have 3  Win2003 servers.  I demoted my PDC so I could set it up with Exchange 2003.  It was also my DNS server.  The demotion went fine (well, maybe not) but the DNS deleted as well.  There are no longer any zones configured.  Active directory on my new PDC looks complete.  How do I rebuild my DNS?

Question by:srsdtech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
LVL 84

Expert Comment

ID: 17130777
What exactly do you mean with "demoted my PDC" and "AD on my new PDC looks complete"? What was your setup (DNS, AD) before you demoted the machine, what is your current state now? What is the "final state" you want to have?
As to what happened: your zones were AD integrated, so they're only available if the DNS server is running AD as well.

Author Comment

ID: 17130852
I only had two real servers on the network.  The rest were in different states of rebuild and phase-out and have limited network functionality.  Fileserver and Netserver were both DCs with AD and global catalog (win2003).  Netserver had the 5 FSMO roles, timeserver role, and DNS.  I transferred the first 6 roles to fileserver and then removed active directory from netserver without intentionally changing DNS in any way.  After the demotion, I looked at my event logs to see how things went.  I had a bunch of 4015, 4000, and 4001 errors in DNS, so looked at my DNS to see what was happening.  There were no zones configured.  That brings you up to about 15 minutes ago.

Author Comment

ID: 17130896
Re "AD looks complete"

The AD now resides on fileserver, the only DC currently on the network.

There seemed to be fewer columns displayed for the objects than I remember, but all the entries were there and a spot check of records revealed that all the information appeared to be there as well.
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 26

Expert Comment

ID: 17130992
The original PDC you demoted probably had an Active Directory integrated DNS zone.  When you removed AD from the box, so went DNS as this is stored in AD.
If you want DNS to remain on this box, you will need to make it a secondary DNS server pointing to your new PDC.


Author Comment

ID: 17131075
Pber--that rings a bell.


The problem is that was the only server running DNS.  Is it a big deal rebuilding my DNS from scratch on an existing domain?  I am researching that as I do this (this forum is part of my research) but have not settled on a course of action yet.
LVL 84

Accepted Solution

oBdA earned 500 total points
ID: 17131163
So no DNS on the new DC? That's bad. For the quickest resolution (assuming NewDC and all the other machines in your network are currently pointing to OldDC for DNS, and assuming you want DNS on NewDC from now on), create a new forward lookup zone for your AD domain on OldDC, enable dynamic updates for the zone. Allow zone transfers to NewDC.
On NewDC, open a command prompt and enter "ipconfig /registerdns", and restart the netlogon service. Run ipconfig /registerdns on any other vital server that needs to be resolved by your clients.
That should get you going again; the next steps don't need to happen immediately.
Install DNS on NewDC; create a secondary zone with OldDC as master. Let the zone replicate.
Change your clients to use NewDC as DNS server.
Change NewDC to use itself as DNS server, and finally change the zone type of the secondary zone on NewDC to primary and AD integrated.
Check if everything works OK, and delete the zones from OldDC.

Author Comment

ID: 17131519
Thanks, oBdA.  I'll start on that now and re-post as soon as I complete the steps.  

Author Comment

ID: 17131897
Wow.  Well, I started messing around and discovered DNS was up and running on the new PDC.  Apparently, it was installed as part of the demotion process of the old PDC. (?)

I feel a little foolish, but never thought to look there because I knew I had not intentionally installed DNS on the new PDC myself.

Before I close this, I will ask one more question.  The DNS is set up on the new DC as AD-integrated.  Will the old DC (which no longer runs AD) work okay as a backup DNS server, or should I remove the DNS role from the old DC and use my third server (which will have AD installed on it) as the backup DNS?

What I am actually asking is:  Is it best to run DNS on a server that runs AD?
LVL 84

Expert Comment

ID: 17131981
Then you had the DNS service already installed on NewDC; that's the benefit of AD integrated zones.
Anyway, if you have another DC, then yes, it's best to run DNS on it as well. Keeping OldDC as DNS server would require to create a secondary zone on OldDC and replicate this the old-fashioned way. AD integrated zones have the big advantage (apart from secure updates) that each DNS server is SOA ad can write to the zone.

Author Comment

ID: 17132033
Thanks.  I'll remove DNS and set it up on the third server then.  Appreciate your prompt attention to this.

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question