Solved

Active Directory sites and DNS replication.

Posted on 2009-04-15
12
199 Views
Last Modified: 2012-05-06
I have one domain, I created 6 domain controllers, 2 of the DCs( DCA and DCB) are DNS servers. so the zones (ADIntegrated) were replicated to each DNS.

I created 4 more DCs, but they are DNS servers.


I created  3 AD sites, and put 2 DCs in each site.

 on site1 I put DCA and DCB
 on site 2 I put DCC and DCD
on site 3 I put DCE and DCF
the 3 sites are in different subnets.

then I installed DNS on the DCs that were not DNS servers( DCC and DCD and DCE and DCF)
I created the forward lookup zone manually on DCC and DCD and DCE and DCF.
Now I want the zone to ve replicated to all of the DNS servers. but when I go to DCA for instance and try to add to Name servers the DCC so that the zone transfer can happen, it gives me an error "an IP associaated with the given name server record can not be found"

Do I need to create a record manually for the DCC in DCA?

any idea on how the zone can be replicated between all DCs automatically?

Thanks
0
Comment
Question by:jskfan
  • 7
  • 5
12 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24147395

> I created the forward lookup zone manually on DCC and DCD and DCE and DCF.

If the zone you made is AD Integrated and already existed elsewhere then your new version is likely to overwrite any existing version.

AD Integrated Zones will appear on a new DNS server after a short period (after replication has occurred).

Zone Transfers are not used for AD Integrated zones, it's all internal to AD. The DC just loads the zone from AD as if it were a file on the server.

Chris
0
 

Author Comment

by:jskfan
ID: 24147993
the 2 first DNS servers that were created through DCpromo, have their zone replicates between each other.
the 4 other DCs I installed DNS servers on them manually and created the zone manually which has the same name as the zone in the 2 first DNS servers.

The last 4 DNS servers they replicate the zone between themselves, but they don't replicate the zone to the 2 first DNS servers. and the 2 first DNS servers don't replicate their zone to the 4 DNS servers.

What I have noticed though the 2 first DNS servers have Replication: To all DNS servers in the Active Directory Domain
but the 4 other DNS servers have Replication: To All Domain Controllers in the Active Directory Domain

I can't change any of them to make them all similar. I tried and it threw an error "The replication scope couldn't be set for more information see <DNS Zone replication in Active Directory>"
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24148057

Yeah, not surprised.

You now have two versions of the same zone, which is bad. Delete one of them, there's no way the new DCs will get the copy of the zone from "all DNS Servers in the AD Domain" while loading the version from "all Domain Controllers ... ".

You will probably find the DNS servers are throwing an error with event ID 4515 if you look in the event log.

Chris
0
 

Author Comment

by:jskfan
ID: 24148103
Actually, I just managed to change the first 2 DCs replication :To All Domain Controllers in the Active Directory Domain. Now all of the 6 DCs(DNS servers) have replication set to To All Domain Controllers in the Active Directory Domain.

but still the first 2 don't replicate to the remaining 4 and vice-versa

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24148204

DCDiag and "RepAdmin /ShowReps" will show you if you're having replication errors. There's a fairly high chance of that if DNS isn't intact, after all, how will the first two find the last four if their information isn't in DNS?

Personally I would set the new DCs to look at the old ones for DNS resolution until full replication has occurred.

Chris
0
 

Author Comment

by:jskfan
ID: 24148707
in AD Users and Computers , in the domain controllers OU , all DC show up in all 6 DCs

DCs : A,B,C,D,E,F

A and B DNS was installed through DCpromo
A and B in subnet 1

C and D in Subnet 2 DNS installed through ADD/Remove program and the zone created manually
C and D zone replicate automatically without even adding the names to Name server(NS)


E and F in subnet 3 installed through ADD/Remove program and the zone created manually
E and F zone replicate automatically without even adding the names to Name server(NS)

In C and D I had to add manually the record of E and F then add the E and F at the NS( names server)
to make the E and F replicate to C and D

In E and F I had to add manually the record of C and D then add the C and D at the NS( names server)
to make the C and D replicate to E and F

But in C,D,E,F even though I added the A and B Record manually and added the A an B to NS , there is no replication and and from C,D,E,F to A and B no replication.

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:jskfan
ID: 24148852
even in AD sites when I try to replicate manually between DC in different subnets it throw an error:


""The following error occurred during the attempt to synchronize naming
context domainname.com from domain controller DC1 to domain controller
DC4
The naming context is in the process of being removed or is not replicated
from the specified server"
0
 

Author Comment

by:jskfan
ID: 24148940
let me see if this could be the issue causing replication:

DCA and DCB are in the sam subnet
DCA has as preferred DNS server it's own IP address and the alternate is the IP address of DCB
DCB has as preferred DNS server it's own IP address and the alternate is the IP address of DCA

DCC and DCD are in the sam subnet
DCC has as preferred DNS server it's own IP address and the alternate is the IP address of DCD
DCD has as preferred DNS server it's own IP address and the alternate is the IP address of DCC

DCEand DCF are in the sam subnet
DCE has as preferred DNS server it's own IP address and the alternate is the IP address of DCF
DCF has as preferred DNS server it's own IP address and the alternate is the IP address of DCE

would that be the issue?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24155480

If each are in the same domain I would change every one of them to use DCA as preferred DNS until each of them is fully established as a DC.

Chris
0
 

Author Comment

by:jskfan
ID: 24155503
<<If each are in the same domain I would change every one of them to use DCA as preferred DNS until each of them is fully established as a DC.>>>

That's what I did,  I set the DNS IP address of all the DCs to one DNS server, then made sure the replication is working fine, then I went back I reset each DC in each site to point to the local DNS.
so far it works
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24155509

Good stuff :) There used to be a problem with Win 2000 where you could end up with isolated DCs if they only referred to themselves for DNS. It's improved quite a lot since and it's much harder to do that with 2003 once everything is in place.

Chris
0
 

Author Closing Comment

by:jskfan
ID: 31570391
thanks so much!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is my first article in EE and english is not my mother tongue so any comments you have or any corrections you would like to make, please feel free to speak up :) For those of you working with AD, you already are very familiar with the classi…
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now