[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 562
  • Last Modified:

AD DNS SOA with 2 DCs

I added a new domain controller. I can't remember the exact errors anymore but I'm certain everything didn't go as it should have.

Are there specific steps I should take to verify that adding the second DC worked correctly? One thing I'm not certain of is if DNS was set up correctly. I go the the DNS domain properties in each DC and both say that the Primary server is themselves. Is this as it should be?

I've set the NIC properties to point to their own IPs. Things like this I'm trying to see if everything is working.

thanks! (the better your list of checkmarks, the better the points!)
0
GCIT_Manager
Asked:
GCIT_Manager
  • 5
  • 3
  • 3
  • +1
3 Solutions
 
Mike KlineCommented:
You can run dcdiag on the new domain controller and see if you get any errors there.
In active directory users and computers verify the second DC is now in the domain controller OU
Make sure you have ntds.dit, edb.log, res1.log and res2.log file on your new DC (you should have specified the location during dcpromo --c:\windows is the default)
On the new DC verify that the sysvol share is there
You can also check the dcpromoui.log file to see if ther were any errors.
When you go into DNS and right click on your domain under forward lookup zone and select properties.  On the general tab are you saying that the type is Primary on both servers?
Thanks
Mike
 
0
 
balmasriCommented:
Try DNSlint.exe
it will check the DNS,AD health state.

http://support.microsoft.com/kb/321045
0
 
GCIT_ManagerAuthor Commented:
I have a major deadline for this and thus I have reverted (using our SAN) to pre-AD for all our servers. This issue is one of many I've been having. I'm praying this doesn't happen on the second try. If so I will definitely do your suggestions.

Anyway, if any other ideas please post because there's a chance the issues will come back once I install AD again.

One other question: Do you think I should configure all the roles and features before I add servers to the domain or add them to AD and then add the features and roles? things like IIS, Application Role, etc.

Thanks!Accept and Award Points Accept as Solution
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
GCIT_ManagerAuthor Commented:
I have a major deadline for this and thus I have reverted (using our SAN) to pre-AD for all our servers. This issue is one of many I've been having. I'm praying this doesn't happen on the second try. If so I will definitely do your suggestions.

Anyway, if any other ideas please post because there's a chance the issues will come back once I install AD again.

One other question: Do you think I should configure all the roles and features before I add servers to the domain or add them to AD and then add the features and roles? things like IIS, Application Role, etc.

Thanks!Accept and Award Points Accept as Solution
0
 
Mike KlineCommented:
If you can try to keep other applications of your DC but if you have to have them on there I'd add them after the server is part of the domain but either way will work.
Good luck on try two.
So right now there is no active directory?  Just trying to figure out your setup.
Thanks
Mike
0
 
Chris DentPowerShell DeveloperCommented:

Just a tiny note...

> I go the the DNS domain properties in each DC and both say that the Primary server is themselves.
> Is this as it should be?

Referring to the SOA record for AD Integrated zones: Yes, that is exactly as it should be.

In the traditional DNS model (standard zones) the SOA is the only system to hold a writeable copy of the zone. In the multi-master model used with AD Integration this means that each server hosting the zone must also consider itself to be the Start of Authority (SOA) for the zone if it is to accept dynamic updates.

Chris
0
 
GCIT_ManagerAuthor Commented:
Chhris-Dent:

Thanks for the reply. So in my past experience I saw the AD admin incrememnt the SOA priority number each time he changed DNS. Should I be doing this? And thus make sure whichever DNS server I make the change on I increment to be higher than the other one and it should replicate those changes automatically?

Mkline71:

Yeah, one of our other domain controllers is also going to be backup SQL server. Can't afford lots of separate servers.
0
 
Chris DentPowerShell DeveloperCommented:

> Should I be doing this?

Not necessary for an AD Domain, it auto-increments. Even then, it's only important if you hold a Secondary copy of the zone somewhere (via a Zone Transfer rather than AD Integration).

> it should replicate those changes automatically?

Replication of object data via AD, the Serial in the SOA is ignored :) You'll find that the Serial differs between servers, which makes sense as the SOA record differs as well.

Chris
0
 
GCIT_ManagerAuthor Commented:
Thanks. So in DNS, should I allow zone transfers (as picture shows) in an AD only environment? I've selected only those in the Name Servers tab as the setting. Then there's the "automatically notify secondary servers" popup too (on top in picture).

Thanks!
Zone-Transfers.JPG
0
 
Chris DentPowerShell DeveloperCommented:

> So in DNS, should I allow zone transfers (as picture shows) in an AD only environment?

No. Only if you have a non-AD Integrated secondary DNS server (which you won't in a pure AD environment).

All replication of DNS data is performed along with AD replication, the DNS service simply has to read the data from Active Directory but that's the extent of its involvement.

Chris
0
 
Mike KlineCommented:
What type of zone do you have now?   If you have a primary you can convert that to AD Integrated
http://support.microsoft.com/kb/816101
How To Convert DNS Primary Server to Active Directory Integrated
Thanks
Mike
0
 
GCIT_ManagerAuthor Commented:
Thanks. We're already AD integrated. I'll uncheck both those screens now...

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now