[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Virtualize Primary DNS

Posted on 2011-04-21
46
Medium Priority
?
609 Views
Last Modified: 2012-06-27
We have ESX4.0 and we currently have two DNS servers:

DNS1- physical and primary
DNS2 - virtual and secondary

Both server 2003 OS

I would like to make DNS1 into a vm as well.

1. What would be the best way in doing this?
2. Would physical to virtual be easier or would creating a new vm from scratch be better?
3. What if I wanted to make DNS1 reside on  server 2008 instead of 2003?
4.Would that cause any issue with DNS2?
0
Comment
Question by:MECIT
  • 19
  • 16
  • 9
  • +1
46 Comments
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35442037
P2V would be the fastest way.  If you want to go to 2008 I would definitely recommend a fresh install.  It's really preference when it comes down to it.  Server 2008 and 2003 servers can co-exist, so it won't cause any issues for your other server.
0
 
LVL 124
ID: 35442063
Is Server DNS1 an Active Directory server?

0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35442068
Jus a question is DNS1 just a dns server or does it host any other roles?  I know we made a mistake in the past of putting a PDC in a blade and our secondary DC was a VM on a blade in the same blade chassis and we had our network switch int he chassis go down... and all hell broke loose.  If it is just DNS you should be able to migrate the role to another server and 08 should not be a problem.  You just might make sure if these are the only 2 DNS servers to not put them on the same ESX server.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 124
ID: 35442110
Because normally, you integrate DNS into AD!
0
 

Author Comment

by:MECIT
ID: 35442165
DNS1 is also  an active Directory server.

We have two hosts and currently DNS2 on host 2.
The hosts are in a cluster with HA and DRS enabled.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35442183
With HA and DRS going imho you should be golden to either build a clean 08 server and migrate the DNS role or do a p2v conversion.
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35442263
With DRS and HA make sure to set a rule to keep DNS1 and DNS2 seperate that way if you lose 1 host you won't lose both DNS VMs.
0
 

Author Comment

by:MECIT
ID: 35442285
Are there documents on how to install AD and DNS on a secondary server on  a server 2008?

Could I have three servers and promote the 08 server to primary and then remove the physical server?
0
 

Author Comment

by:MECIT
ID: 35442293
Where would I create the rule ?
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35442302
There's no "primary" and "secondary" domain controllers anymore since Windows 2000.  As far as DNS goes, any DNS server can be set as either primary or secondary.  You can have 3 or more existing at one time.
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35442312
To create the rule in VMware go to vCenter, right click the Cluster, select Edit Settings, then under DRS click Rules, then Add, then type is "Separate Virtual Machines", click Add, select the 2 VMs you want, and save.
0
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 35442422
All of a sudden we seem to have gone, OFF Topic, onto another Question about HA and DRS!

anyway back to the original question asked, if you are interested anymore!

okay, the simple answer to this is as follows:-

1. Do not P2V. (up to you if you P2V, if you do you need to do it COLD)
2. Create a new VM, with Win2k3 or Win2k8
3. Add the Active Direcotry role. (if you select Win2k8, you need to do some more work).
4. Wait for AD to Sync.
5. Add the DNS role.
6. Wait for replication.
7. Transfer All the AD roles from the physical server.
8. Demote Physical server.
9. Decommision Physical Server.
10. Done.

Personally, I wouldn't P2V, I would build a new Win2k8 DC. If you want to do the quick and dirty P2V, that's up to you and your organisation.
0
 

Author Comment

by:MECIT
ID: 35443281
I have a 2008 server vm  ready.  When adding the AD role, which roles to I select.

AD Certificate Services
AD domain Services
AD Federation services
AD lightweight directory service
AD rights management service
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35443304
Add the AD Domain Services role, then once it's installed run DCPROMO.
0
 

Author Comment

by:MECIT
ID: 35443356
I receive the following error
 AD Pop-up
0
 
LVL 10

Assisted Solution

by:Larry Larmeu
Larry Larmeu earned 1500 total points
ID: 35443394
If this is your first 2008 domain controller, you will have to run ADPREP.  Put your Windows 2008 CD in one of your existing 2003 domain controllers and run adprep /forestprep from the \sources\adprep folder.  If your existing domain controller is a 32 bit machine, you will have to run adprep32 /forestprep instead.  It does the same thing, it's just compiled for 32 bit instead of 64 bit.
0
 

Author Comment

by:MECIT
ID: 35443433
By running ADPREP, what will it do and how does this affect our existing environment?

Is there anything else I have to do before adding the 2008 DC?
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35443448
I believe adprep would be your last step.  It modifies your Active Directory schema.  Basically, Active Directory is like a database and this will add new tables to the database to allow it to store additional information to support new features.
0
 

Author Comment

by:MECIT
ID: 35443466
Just to be sure this will not affect our users. If I was to do this now , users are not going to have an issue or nothing could could go wrong by doing this.
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35443503
It is safe to do.  I would recommend having a full backup of your Active Directory beforehand as there is always a possibility for problems, but in general it is a very safe procedure.  Here's a TechNet article that goes over the process:

http://technet.microsoft.com/en-us/library/cc753437(WS.10).aspx
0
 

Author Comment

by:MECIT
ID: 35443626
Do I need to do the following:



Note

If you plan to add a read-only domain controller (RODC) to the forest, you can run adprep /rodcprep right after you run adprep /forestprep and then verify that both operations have replicated throughout the forest. Both commands require Enterprise Admin credentials; therefore, you might prefer to run them consecutively.
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35443683
Not at the moment.  If you decide later to add a Read Only Domain Controller, you can do that later.
0
 

Author Comment

by:MECIT
ID: 35443988
I was reading around and in an article it states :

When done, you'll be prompted. Make sure you let the existing Domain Controllers replicate all the changes throughout the entire forest BEFORE proceeding to the next step

Next, go to the Infrastructure Master of each domain that you wish to upgrade and insert the DVD media of Windows Server 2008 into the DVD drive

Do I need to do this to DNS2 or can I run the ad domain services wizard?
0
 

Author Comment

by:MECIT
ID: 35444019
I forgot to put what it stated to run  adprep /domainprep.
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35444028
It would be a good idea to go force replication.
0
 

Author Comment

by:MECIT
ID: 35444070
If it states Active Directory Domain Services has replicated the connections .

Did this force the replication and now should I run the wizard on the 08 server
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35444109
Yes, you should be good to do the DCPROMO now.
0
 

Author Comment

by:MECIT
ID: 35444142
I ran it and now it is telling me to do adprep/domainprep.
Do I have to run this on DNS1 or DNS2 or both?
0
 
LVL 124
ID: 35444151
DNS1
0
 
LVL 10

Assisted Solution

by:Larry Larmeu
Larry Larmeu earned 1500 total points
ID: 35444152
You should have run /forestprep and then /domainprep.  You only have to do it on 1 of the servers.
0
 

Author Comment

by:MECIT
ID: 35444251
Do I need to run adprep /domainprep /ggprep?
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35444261
That is an optional step.  If you do not need to take advantage of the 2008 Group Policy extensions you do not need to do that step at this time.
0
 

Author Comment

by:MECIT
ID: 35444278
Under additional domain controller Options

Do I select DNS Server and Global catalog?
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35444281
Yes.
0
 

Author Comment

by:MECIT
ID: 35444310
Is this Correct:

Configure this server as an additional Active Directory domain controller for the domain
domain.org.

Site: Default-First-Site-Name

Additional Options:
  Read-only domain controller: No
  Global catalog: Yes
  DNS Server: Yes

Update DNS Delegation: No

Source domain controller: any writable domain controller

Database folder: C:\Windows\NTDS
Log file folder: C:\Windows\NTDS
SYSVOL folder: C:\Windows\SYSVOL

The DNS Server service will be installed on this computer.
The DNS Server service will be configured on this computer.
This computer will be configured to use this DNS server as its preferred DNS server
0
 
LVL 10

Expert Comment

by:Larry Larmeu
ID: 35444316
yes
0
 

Author Comment

by:MECIT
ID: 35444416
Everything looks good .
Is there anything else I should do.
Is there a way I can test it ?
0
 
LVL 124
ID: 35444491
check eventlogs.

install windows support tools, and run dcdiag, replmon.

0
 
LVL 124
ID: 35444496
check replication, every 24 hours for issues
0
 

Author Comment

by:MECIT
ID: 35459642
I ran dcdiag this morning and all tests passed except this portion

Starting test: NCSecDesc
   Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
   access rights for the naming context:
   DC=ForestDnsZones,DC=Domain,DC=org
   Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
   access rights for the naming context:
   DC=DomainDnsZones,DC=Domain,DC=org
   ......................... SERVER3 failed test NCSecDesc

Found out this is an expected issue when a 2008 DC is promoted in a windows server 2003 domain without preparing RODC. If you do not plan to add an RODC to the forest it is safe to ignore it, otherwise run sdprep/rodcprep.

I also ran repadmin and everything was successful.

Checked event viewer and everything is good as well.
0
 
LVL 124
ID: 35459655
Glad it's all working for you, keep and eye on the event logs.
0
 

Author Comment

by:MECIT
ID: 35459791
Now that I have the vm up and working . I am on step 7. Transfer All the AD roles from the physical server.

How would I do this?
0
 
LVL 10

Assisted Solution

by:Larry Larmeu
Larry Larmeu earned 1500 total points
ID: 35459862
I assume you are talking about the FSMO roles?  Follow this from Microsoft:

http://support.microsoft.com/kb/324801
0
 
LVL 124
ID: 35459872
Personally, I wouldn't rush it, and I would leave for five days.
0
 
LVL 124
ID: 35459883
and to be fair, I think the question has gone way off topic from the original asked. I think you should close this question and start another linked to this one.
0
 

Author Closing Comment

by:MECIT
ID: 35460006
Thank you eveyone for helping out.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Teach the user how to rename, unmount, delete and upgrade VMFS datastores. Open vSphere Web Client: Rename VMFS and NFS datastores: Upgrade VMFS-3 volume to VMFS-5: Unmount VMFS datastore: Delete a VMFS datastore:
Teach the user how to configure vSphere Replication and how to protect and recover VMs Open vSphere Web Client: Verify vsphere Replication is enabled: Enable vSphere Replication for a virtual machine: Verify replicated VM is created: Recover replica…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question