Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS on 2nd DC

Posted on 2008-06-17
12
Medium Priority
?
503 Views
Last Modified: 2013-12-05
This appears to already be partially covered in other questions but I want to make sure all goes well.  I just successfully added a second DC that I intend to become the master and retired the DC/DNS server.  I keep seeing mention of DNS intergrated AD and I am confused since my new DC does not appear to have DNS installed but I can see AD objects.  Should I have installed DNS first?  How do I make my new DC the DNS server?  Should it become a global catalog first?  Thanks.
0
Comment
Question by:hckynt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 5

Assisted Solution

by:HeinoSkov
HeinoSkov earned 600 total points
ID: 21807826
Just install the DNS Server role and it automatically loads the zone info from AD.

Global Catalog has nothing to do with DNS, but if your planning to remove the first server you should definately make the new one a GC also.

Remember to check your DHCP settings on which DNS server your clients connects to and change that as well.

Also remember the FSMO roles in AD. They need to be transfered to the new AD server as well. Look at this article:
http://support.microsoft.com/kb/324801

Regards
Heino
0
 
LVL 70

Accepted Solution

by:
KCTS earned 1400 total points
ID: 21807938
DNS is NOT installed automatically on a second DC - but its normally a very good idea to make a second DC both a DNS server and Global Catalog.

Make the new machine a DC FIRST as you have, theno once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will be replicated from the other DC/DNS automatically.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

All the clients (and the domain controllers themselves) need to have their Preferred DNS server and alternate DNS server set. The DNS servers should point to themselves as preferred DNS server and to each other as alternate DNS server. Clients should have on DNS server at the preferred server and the other as alternate - if does not matter which - This can be set in the TCP/IP settings for static IPs or by listing the DNS servers in the DHCP options

If you are not getting rid of the existing DC there is absolutely no need to transfer any FSMO roles.
0
 

Author Comment

by:hckynt
ID: 21817257
Thank you both, that makes sense.  So if I install the DNS server component, set the GC option, and finally the FSMO then the original server is no longer needed at all for DC roles?  Also, I want to make this my new DHCP server too (the original DC did that too).  If I setup the new DC exactly like the first, i.e. scope, exclusions, etc. adn down the orginal server will all be fine or is there something tricky to moving the DHCP too?  Thanks a bunch!
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 70

Expert Comment

by:KCTS
ID: 21817305
0
 

Author Comment

by:hckynt
ID: 21817319
OK, let me get the FSMO and DHCP going before I close this question.  I may have other questions, thanks!
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21817351
Don't forget to point the new server and all clients to the new machine for their DNS
0
 

Author Comment

by:hckynt
ID: 21817380
I already changed the new DNS server to look at itself and I got internet so I assume it is working.  All my clients are set to automatically receive this info.  When I take the old DNS server down, will they "find" the new DNS server automatically?

Is there any change of causing a problem if I transfer the FSMO roles during business times?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21817528
You need to chnage the preferred DNS server settings on the clients - if its a static IP on the TCP/IP properties. For DHCP clients, add the new DNS server to the DNS servers in the DHCP options in DHCP
0
 

Author Closing Comment

by:hckynt
ID: 31468162
Thank you!
0
 

Author Comment

by:hckynt
ID: 21822015
One more thing....
I have finished setting up the new domain server and now want to remove the old domain controller and setup a new server as the replica.  How do I remove the old server in preparation of taking it permanently off-line?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21822055
If you really want rid of the old DC then:-

Transfer all the FSMO roles to the new DC: See http://www.petri.co.il/transferring_fsmo_roles.htm

Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors

If you want to remove the machine from the domain then you can do so one it's DC role has been removed

To install another server as an "additional domain controller", essentially just repeat the process you have just done ie

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.



0
 

Author Comment

by:hckynt
ID: 21822162
KCTS,
I have already completely setup the new DC, transferred FSMO, installed DNS, and restored my DHCP server DB to the new DC.  All went very well with your help, thanks.

How will the new DHCP server know to look at the new DNS server?

The old DC is also the exchange server so a bit tricky to down.  If I ran dcpromo to remove the server as a DC and started having problems, would the fix just be to run dcpromo to set it backup as a DC while I resolve the issue?  I dont think this is the case because everything seemed to go flawlessly with the new DC setup and role transfer process.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question