Solved

DNS on 2nd DC

Posted on 2008-06-17
12
493 Views
Last Modified: 2013-12-05
This appears to already be partially covered in other questions but I want to make sure all goes well.  I just successfully added a second DC that I intend to become the master and retired the DC/DNS server.  I keep seeing mention of DNS intergrated AD and I am confused since my new DC does not appear to have DNS installed but I can see AD objects.  Should I have installed DNS first?  How do I make my new DC the DNS server?  Should it become a global catalog first?  Thanks.
0
Comment
Question by:hckynt
  • 6
  • 5
12 Comments
 
LVL 5

Assisted Solution

by:HeinoSkov
HeinoSkov earned 150 total points
Comment Utility
Just install the DNS Server role and it automatically loads the zone info from AD.

Global Catalog has nothing to do with DNS, but if your planning to remove the first server you should definately make the new one a GC also.

Remember to check your DHCP settings on which DNS server your clients connects to and change that as well.

Also remember the FSMO roles in AD. They need to be transfered to the new AD server as well. Look at this article:
http://support.microsoft.com/kb/324801

Regards
Heino
0
 
LVL 70

Accepted Solution

by:
KCTS earned 350 total points
Comment Utility
DNS is NOT installed automatically on a second DC - but its normally a very good idea to make a second DC both a DNS server and Global Catalog.

Make the new machine a DC FIRST as you have, theno once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will be replicated from the other DC/DNS automatically.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

All the clients (and the domain controllers themselves) need to have their Preferred DNS server and alternate DNS server set. The DNS servers should point to themselves as preferred DNS server and to each other as alternate DNS server. Clients should have on DNS server at the preferred server and the other as alternate - if does not matter which - This can be set in the TCP/IP settings for static IPs or by listing the DNS servers in the DHCP options

If you are not getting rid of the existing DC there is absolutely no need to transfer any FSMO roles.
0
 

Author Comment

by:hckynt
Comment Utility
Thank you both, that makes sense.  So if I install the DNS server component, set the GC option, and finally the FSMO then the original server is no longer needed at all for DC roles?  Also, I want to make this my new DHCP server too (the original DC did that too).  If I setup the new DC exactly like the first, i.e. scope, exclusions, etc. adn down the orginal server will all be fine or is there something tricky to moving the DHCP too?  Thanks a bunch!
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
0
 

Author Comment

by:hckynt
Comment Utility
OK, let me get the FSMO and DHCP going before I close this question.  I may have other questions, thanks!
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
Don't forget to point the new server and all clients to the new machine for their DNS
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:hckynt
Comment Utility
I already changed the new DNS server to look at itself and I got internet so I assume it is working.  All my clients are set to automatically receive this info.  When I take the old DNS server down, will they "find" the new DNS server automatically?

Is there any change of causing a problem if I transfer the FSMO roles during business times?
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
You need to chnage the preferred DNS server settings on the clients - if its a static IP on the TCP/IP properties. For DHCP clients, add the new DNS server to the DNS servers in the DHCP options in DHCP
0
 

Author Closing Comment

by:hckynt
Comment Utility
Thank you!
0
 

Author Comment

by:hckynt
Comment Utility
One more thing....
I have finished setting up the new domain server and now want to remove the old domain controller and setup a new server as the replica.  How do I remove the old server in preparation of taking it permanently off-line?
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
If you really want rid of the old DC then:-

Transfer all the FSMO roles to the new DC: See http://www.petri.co.il/transferring_fsmo_roles.htm

Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors

If you want to remove the machine from the domain then you can do so one it's DC role has been removed

To install another server as an "additional domain controller", essentially just repeat the process you have just done ie

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.



0
 

Author Comment

by:hckynt
Comment Utility
KCTS,
I have already completely setup the new DC, transferred FSMO, installed DNS, and restored my DHCP server DB to the new DC.  All went very well with your help, thanks.

How will the new DHCP server know to look at the new DNS server?

The old DC is also the exchange server so a bit tricky to down.  If I ran dcpromo to remove the server as a DC and started having problems, would the fix just be to run dcpromo to set it backup as a DC while I resolve the issue?  I dont think this is the case because everything seemed to go flawlessly with the new DC setup and role transfer process.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now