I have setup a DC (DC2) in a remote site connected over a WAN.
The DC was setup as a child domain (child.bn.com) in its own subnet.
The forest contains a DC (DC1) and has fully AD integrated DNS zones.
The problem is that I think I setup the child domain DNS in the wrong order. Current situation is this:
- In the child domain on DC2 when I promoted it to domain controller, I hadnt delegated any zone on the parent domain for it at that point. Therefore the child domain now has its own AD integrated zone (child.bn.com) - this only appears on DC2.
- I then created a conditional forward on DC2 so lookups to bn.com get forwarded to the parent DNS server (DC1).
- In the parent domain on DC1, I have had to import the child domain (child.bn.com) as a secondary zone. This was the only way I could get lookups working from the parent domain to the child.
- Deleting this secondary zone & creating a delegation within our parent zone (bn.com) for the child zone doesnt work - it creates the zone but with no records. And this is the correct way to do it I believe?!?
So now I can lookup computer names from the child domain -> parent domain fine. This way its working normally.
But from the parent domain -> child domain I have to use the FQDN when doing lookups.
This is not good in my environment as users from both sites are sharing resources. I could cheat and created a conditional forward from the parent -> child, but I dont think this is a good idea.
What steps should I take to fix this? Should I completely remove the AD Integrated DNS on the child domain, remove the secondary zones from the parent, re-create a delegation for the child on the parent & then re-install DNS on the child? (I would rather not do this).
Or is there an easier way? i.e. i can see on the child zone that its possible to change the replication to "To all DNS servers in the AD Forest BN.com". Would this fix the problem?