Solved

Active Directory sites and DNS replication.

Posted on 2009-04-15
12
205 Views
Last Modified: 2012-05-06
I have one domain, I created 6 domain controllers, 2 of the DCs( DCA and DCB) are DNS servers. so the zones (ADIntegrated) were replicated to each DNS.

I created 4 more DCs, but they are DNS servers.


I created  3 AD sites, and put 2 DCs in each site.

 on site1 I put DCA and DCB
 on site 2 I put DCC and DCD
on site 3 I put DCE and DCF
the 3 sites are in different subnets.

then I installed DNS on the DCs that were not DNS servers( DCC and DCD and DCE and DCF)
I created the forward lookup zone manually on DCC and DCD and DCE and DCF.
Now I want the zone to ve replicated to all of the DNS servers. but when I go to DCA for instance and try to add to Name servers the DCC so that the zone transfer can happen, it gives me an error "an IP associaated with the given name server record can not be found"

Do I need to create a record manually for the DCC in DCA?

any idea on how the zone can be replicated between all DCs automatically?

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24147395

> I created the forward lookup zone manually on DCC and DCD and DCE and DCF.

If the zone you made is AD Integrated and already existed elsewhere then your new version is likely to overwrite any existing version.

AD Integrated Zones will appear on a new DNS server after a short period (after replication has occurred).

Zone Transfers are not used for AD Integrated zones, it's all internal to AD. The DC just loads the zone from AD as if it were a file on the server.

Chris
0
 

Author Comment

by:jskfan
ID: 24147993
the 2 first DNS servers that were created through DCpromo, have their zone replicates between each other.
the 4 other DCs I installed DNS servers on them manually and created the zone manually which has the same name as the zone in the 2 first DNS servers.

The last 4 DNS servers they replicate the zone between themselves, but they don't replicate the zone to the 2 first DNS servers. and the 2 first DNS servers don't replicate their zone to the 4 DNS servers.

What I have noticed though the 2 first DNS servers have Replication: To all DNS servers in the Active Directory Domain
but the 4 other DNS servers have Replication: To All Domain Controllers in the Active Directory Domain

I can't change any of them to make them all similar. I tried and it threw an error "The replication scope couldn't be set for more information see <DNS Zone replication in Active Directory>"
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24148057

Yeah, not surprised.

You now have two versions of the same zone, which is bad. Delete one of them, there's no way the new DCs will get the copy of the zone from "all DNS Servers in the AD Domain" while loading the version from "all Domain Controllers ... ".

You will probably find the DNS servers are throwing an error with event ID 4515 if you look in the event log.

Chris
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:jskfan
ID: 24148103
Actually, I just managed to change the first 2 DCs replication :To All Domain Controllers in the Active Directory Domain. Now all of the 6 DCs(DNS servers) have replication set to To All Domain Controllers in the Active Directory Domain.

but still the first 2 don't replicate to the remaining 4 and vice-versa

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24148204

DCDiag and "RepAdmin /ShowReps" will show you if you're having replication errors. There's a fairly high chance of that if DNS isn't intact, after all, how will the first two find the last four if their information isn't in DNS?

Personally I would set the new DCs to look at the old ones for DNS resolution until full replication has occurred.

Chris
0
 

Author Comment

by:jskfan
ID: 24148707
in AD Users and Computers , in the domain controllers OU , all DC show up in all 6 DCs

DCs : A,B,C,D,E,F

A and B DNS was installed through DCpromo
A and B in subnet 1

C and D in Subnet 2 DNS installed through ADD/Remove program and the zone created manually
C and D zone replicate automatically without even adding the names to Name server(NS)


E and F in subnet 3 installed through ADD/Remove program and the zone created manually
E and F zone replicate automatically without even adding the names to Name server(NS)

In C and D I had to add manually the record of E and F then add the E and F at the NS( names server)
to make the E and F replicate to C and D

In E and F I had to add manually the record of C and D then add the C and D at the NS( names server)
to make the C and D replicate to E and F

But in C,D,E,F even though I added the A and B Record manually and added the A an B to NS , there is no replication and and from C,D,E,F to A and B no replication.

0
 

Author Comment

by:jskfan
ID: 24148852
even in AD sites when I try to replicate manually between DC in different subnets it throw an error:


""The following error occurred during the attempt to synchronize naming
context domainname.com from domain controller DC1 to domain controller
DC4
The naming context is in the process of being removed or is not replicated
from the specified server"
0
 

Author Comment

by:jskfan
ID: 24148940
let me see if this could be the issue causing replication:

DCA and DCB are in the sam subnet
DCA has as preferred DNS server it's own IP address and the alternate is the IP address of DCB
DCB has as preferred DNS server it's own IP address and the alternate is the IP address of DCA

DCC and DCD are in the sam subnet
DCC has as preferred DNS server it's own IP address and the alternate is the IP address of DCD
DCD has as preferred DNS server it's own IP address and the alternate is the IP address of DCC

DCEand DCF are in the sam subnet
DCE has as preferred DNS server it's own IP address and the alternate is the IP address of DCF
DCF has as preferred DNS server it's own IP address and the alternate is the IP address of DCE

would that be the issue?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24155480

If each are in the same domain I would change every one of them to use DCA as preferred DNS until each of them is fully established as a DC.

Chris
0
 

Author Comment

by:jskfan
ID: 24155503
<<If each are in the same domain I would change every one of them to use DCA as preferred DNS until each of them is fully established as a DC.>>>

That's what I did,  I set the DNS IP address of all the DCs to one DNS server, then made sure the replication is working fine, then I went back I reset each DC in each site to point to the local DNS.
so far it works
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24155509

Good stuff :) There used to be a problem with Win 2000 where you could end up with isolated DCs if they only referred to themselves for DNS. It's improved quite a lot since and it's much harder to do that with 2003 once everything is in place.

Chris
0
 

Author Closing Comment

by:jskfan
ID: 31570391
thanks so much!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question