• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 331
  • Last Modified:

Proper DNS config in AD with mulit remote site servers

Would someone please shed some light on proper DNS configs in Active Directory..........

We have (6) DCs.

Each DC has it's own DNS pointing to itself and a random other DC as it's secondary.

There are times when we cannot add clients to the domain unless we point the DNS to an offsite DC.

Are there other steps/procedures when configuring DNS in the domain?

My apologies for the vague details.

Thanks
0
Gig-A-Dee
Asked:
Gig-A-Dee
  • 4
  • 3
1 Solution
 
JBond2010Commented:
When you install Active Directory for the time you create a new Forest and the first DC holds all 5 FSMO Roles. When you install more DCs you have the option to create a new Domain in a existing Forest. These would be Child Domains.  Or you could choose a Forest with a single Domain. For example Domain.local would be your Forest Root Domain, and lets say you want to create a new domain in the Forest - Sales.Domain.local, this would be a Child Domain. So, your Active Directory Topology would be a Parent - Child Domain.

In this senario, when you create a Child Domain this Domain would 3 FSMO Roles - The PDC Emulator Role, the RID Master Role and the Infrastructure Master Role. These 3 FSMO Roles are Domain Wide and the Schema Master Role and the Domain Naming Master Role are Forest Wide. These 5 FSMO Roles are all part of the replication process in Active Directory.

If you choose a Forest with a single domain you have 5 FSMO Roles - as oppose to every Child Domain that would each have 3 FSMO and there can only be 2 Forest Wide FSMO Roles. Automatically there are 2 way transitive trusts setup when you create Child Domains and you have configured the replication links in Sites and Subnets.
0
 
Gig-A-DeeAuthor Commented:
We choose the option of installing an additional DC in the domain...............

Thanks
0
 
Mike KlineCommented:
Yes the other accepted way is to point to another DC/DNS as primary and itself as secondary (this helps prevents race condition issues).

The DS team talked about this here

http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx

See (also see the comments, I asked about the loopback recommendation)

Question

What is Microsoft's best practice for where and how many DNS servers exist? What about for configuring DNS client settings on DC’s and members?


Thanks

Mike
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Gig-A-DeeAuthor Commented:
When adding an additional DC in a domain are there any special entries needed in the DNS manager? Forwarders, etc.?
0
 
JBond2010Commented:
That's fine. Some organisations choose mulitple domains for administrative reasons. Other reasons for choosing multiple domains might be because of slow WAN links in geographical regions and this would ease the burden on replication through out the Forest. When designing Active Directory there is alot to consider.
0
 
JBond2010Commented:
Remember that when you add new DCs that all the SRV records are in place and also if these DCs are in different sites that you have the DCs configured as Global Catalogs Servers as this enable searches through out Active Directory. The most important thing to note is that Active Directory depends on DNS to provide locator services such as Netlogon Servers - Domain Controllers.
0
 
JBond2010Commented:
Also, if you do have mulitple sites make sure your the sites and the subnets are setup correctly in Active Directory Sites and Subnets.
0
 
Gig-A-DeeAuthor Commented:
Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now