Solved

Active Directory sites and DNS replication.

Posted on 2009-04-15
12
204 Views
Last Modified: 2012-05-06
I have one domain, I created 6 domain controllers, 2 of the DCs( DCA and DCB) are DNS servers. so the zones (ADIntegrated) were replicated to each DNS.

I created 4 more DCs, but they are DNS servers.


I created  3 AD sites, and put 2 DCs in each site.

 on site1 I put DCA and DCB
 on site 2 I put DCC and DCD
on site 3 I put DCE and DCF
the 3 sites are in different subnets.

then I installed DNS on the DCs that were not DNS servers( DCC and DCD and DCE and DCF)
I created the forward lookup zone manually on DCC and DCD and DCE and DCF.
Now I want the zone to ve replicated to all of the DNS servers. but when I go to DCA for instance and try to add to Name servers the DCC so that the zone transfer can happen, it gives me an error "an IP associaated with the given name server record can not be found"

Do I need to create a record manually for the DCC in DCA?

any idea on how the zone can be replicated between all DCs automatically?

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24147395

> I created the forward lookup zone manually on DCC and DCD and DCE and DCF.

If the zone you made is AD Integrated and already existed elsewhere then your new version is likely to overwrite any existing version.

AD Integrated Zones will appear on a new DNS server after a short period (after replication has occurred).

Zone Transfers are not used for AD Integrated zones, it's all internal to AD. The DC just loads the zone from AD as if it were a file on the server.

Chris
0
 

Author Comment

by:jskfan
ID: 24147993
the 2 first DNS servers that were created through DCpromo, have their zone replicates between each other.
the 4 other DCs I installed DNS servers on them manually and created the zone manually which has the same name as the zone in the 2 first DNS servers.

The last 4 DNS servers they replicate the zone between themselves, but they don't replicate the zone to the 2 first DNS servers. and the 2 first DNS servers don't replicate their zone to the 4 DNS servers.

What I have noticed though the 2 first DNS servers have Replication: To all DNS servers in the Active Directory Domain
but the 4 other DNS servers have Replication: To All Domain Controllers in the Active Directory Domain

I can't change any of them to make them all similar. I tried and it threw an error "The replication scope couldn't be set for more information see <DNS Zone replication in Active Directory>"
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24148057

Yeah, not surprised.

You now have two versions of the same zone, which is bad. Delete one of them, there's no way the new DCs will get the copy of the zone from "all DNS Servers in the AD Domain" while loading the version from "all Domain Controllers ... ".

You will probably find the DNS servers are throwing an error with event ID 4515 if you look in the event log.

Chris
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jskfan
ID: 24148103
Actually, I just managed to change the first 2 DCs replication :To All Domain Controllers in the Active Directory Domain. Now all of the 6 DCs(DNS servers) have replication set to To All Domain Controllers in the Active Directory Domain.

but still the first 2 don't replicate to the remaining 4 and vice-versa

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24148204

DCDiag and "RepAdmin /ShowReps" will show you if you're having replication errors. There's a fairly high chance of that if DNS isn't intact, after all, how will the first two find the last four if their information isn't in DNS?

Personally I would set the new DCs to look at the old ones for DNS resolution until full replication has occurred.

Chris
0
 

Author Comment

by:jskfan
ID: 24148707
in AD Users and Computers , in the domain controllers OU , all DC show up in all 6 DCs

DCs : A,B,C,D,E,F

A and B DNS was installed through DCpromo
A and B in subnet 1

C and D in Subnet 2 DNS installed through ADD/Remove program and the zone created manually
C and D zone replicate automatically without even adding the names to Name server(NS)


E and F in subnet 3 installed through ADD/Remove program and the zone created manually
E and F zone replicate automatically without even adding the names to Name server(NS)

In C and D I had to add manually the record of E and F then add the E and F at the NS( names server)
to make the E and F replicate to C and D

In E and F I had to add manually the record of C and D then add the C and D at the NS( names server)
to make the C and D replicate to E and F

But in C,D,E,F even though I added the A and B Record manually and added the A an B to NS , there is no replication and and from C,D,E,F to A and B no replication.

0
 

Author Comment

by:jskfan
ID: 24148852
even in AD sites when I try to replicate manually between DC in different subnets it throw an error:


""The following error occurred during the attempt to synchronize naming
context domainname.com from domain controller DC1 to domain controller
DC4
The naming context is in the process of being removed or is not replicated
from the specified server"
0
 

Author Comment

by:jskfan
ID: 24148940
let me see if this could be the issue causing replication:

DCA and DCB are in the sam subnet
DCA has as preferred DNS server it's own IP address and the alternate is the IP address of DCB
DCB has as preferred DNS server it's own IP address and the alternate is the IP address of DCA

DCC and DCD are in the sam subnet
DCC has as preferred DNS server it's own IP address and the alternate is the IP address of DCD
DCD has as preferred DNS server it's own IP address and the alternate is the IP address of DCC

DCEand DCF are in the sam subnet
DCE has as preferred DNS server it's own IP address and the alternate is the IP address of DCF
DCF has as preferred DNS server it's own IP address and the alternate is the IP address of DCE

would that be the issue?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24155480

If each are in the same domain I would change every one of them to use DCA as preferred DNS until each of them is fully established as a DC.

Chris
0
 

Author Comment

by:jskfan
ID: 24155503
<<If each are in the same domain I would change every one of them to use DCA as preferred DNS until each of them is fully established as a DC.>>>

That's what I did,  I set the DNS IP address of all the DCs to one DNS server, then made sure the replication is working fine, then I went back I reset each DC in each site to point to the local DNS.
so far it works
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24155509

Good stuff :) There used to be a problem with Win 2000 where you could end up with isolated DCs if they only referred to themselves for DNS. It's improved quite a lot since and it's much harder to do that with 2003 once everything is in place.

Chris
0
 

Author Closing Comment

by:jskfan
ID: 31570391
thanks so much!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question