Solved

Issue with 2nd DNS Controller Zone

Posted on 2009-05-07
9
280 Views
Last Modified: 2012-05-06
I have a new DC on 2003R2 that I am building to replace existing 2003 DC. I am at the stage of setting up DNS. I want to build the DNS on the new box from scratch instead of pulling over the old existing one. Since I can't create a zone on the new DC with the same Zone name of "OurDomain" that is currently running on the dying DC, I have some questions.

Does the zone have to be the same name as our Domain?  Is there anything I should be aware of by introducing a new DNS zone name? Can I have both running temporarily until finished transfering fsmo roles to the new box?
0
Comment
Question by:MushroomStamp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24330275

The zone name you create must match your AD Domain, you can't create an arbitrary zone name here, there's no point.

You could change the zone type on the current server to Standard Primary (remove the AD Integrated tick). Then you can have two zones of the same name (one on each server).

May I ask why you want to drop the current zone?

Chris
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24330343
Is your current zone AD Integrated?  You could change it to primary and export it (to be safe) then the new ADI zone could have the same name.
The ADI zone will populate the new entries
What is wrong with your current zone?
Thanks
Mike
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24330376
Man o Man...a coworker came by and I didn't refresh in time.... wait I never surf EE at work haha
I should have known Chris would have been all over the DNS questions
 nicely done Chris :)
Thanks
Mike
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24330385

lol no worries, happens to everyone :)

Chris
0
 

Author Comment

by:MushroomStamp
ID: 24330623
The current zone "OurDomain" is on the current DC. I am replacing the current DC with a new one.  Part of the process of setting up the new one is setting up the DNS server. I DO NOT want all the old garbage from the current DNS server, hence the reason I want to start from scratch. I am following the MS Tech steps for replacing a DC. Before I transfer FSMO roles and such I need to setup the new DNS server.  I can not setup the new DNS server using the same zone name while the current one is still in use.
0
 

Author Comment

by:MushroomStamp
ID: 24330686
We have had a multitude of problems with the current DNS server... it's pretty much bubble gummed with things such as entries that can't be gotten rid of and setttings that don't take.. plenty of problems with it.

How would I seamlessly have the new DC (soon to be the only) take over the DNS role from current garbage. I don't want to important anything from current setup. I will manually enter the values of each fixed IP on the network (about 15). I can't have any down time
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24330696

You can if you change the zone to Standard Primary (in the Zone Properties within the DNS Console, select Change next to Type, and remove the tick from Store in Active Directory). It being integrated with AD is optional and counter productive in this instance.

You absolutely cannot use a zone name that is different from the AD Domain Name. It won't do you a bit of good.

If it's causing such problems you may as well just delete the existing zone now. Change all clients and servers to refer to the DNS service on the new DC, it will repopulate there. Then delete the current zone. That way you can add a new AD Integrated zone without being troubled by the old one.

As you're going to need to talk to the current DC to maintain replication you'll want the old DC to register Service Records and Names on the new DNS Service.

Chris
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 24330713

If you can't have downtime change the zone to Standard Primary. The new zone you create will also have to be Standard Primary (not stored in AD) until you have everything in place or it will overwrite the old zone on the old DC.

After it's populated you can change the zone to AD Integrated and it will copy the current zone over without anyone noticing.

Chris
0
 

Author Closing Comment

by:MushroomStamp
ID: 31579179
Thank you sir for your quick attention to my issue.  I love this site, you guys save me so much time.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question