Solved

How can I determine the preferred AD DNS server?

Posted on 2011-09-28
6
290 Views
Last Modified: 2012-06-27
Points of My Scenario:
1. I am admin of a Windows Server 2003 domain: mydomain.com
2. There are 5 domain controllers: A, B, C, D & E
3. All domain controllers are also DNS servers for the domain.
4. Client workstations are configured (via DHCP) to use as preferred DNS servers: A & B
5. However, clients resolve "mydomain.com" consistently to domain controller D.
QUESTION: How can I make clients resolve "mydomain.com" to domain controllers A or B instead?
0
Comment
Question by:waltforbes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 12

Expert Comment

by:nsx106052
ID: 36719750
First create sites in AD(active directy sites and services) if you have more than one location.  Then move the domain controllers to the appropriate site.  Once the site is created add the proper subnets for each site.

Then I would double check your DHCP settings to use the proper DNS servers.  Typically you should place the two closest DNS servers in the DHCP scope. You can add additional ones as a backup if you prefer.

If you only have one location you don't need to configure site and services just your DHCP scopes.
0
 

Author Comment

by:waltforbes
ID: 36720154
To nsx106052 - please note the site/subnet layout:
(1) There are three sites (Site1, Site2, and Site3)
(2) Site1 contains three subnets + domain controllers A, B and E - all in one building
(3) Site2 contains one subnet + domain controller C - separate building
(4) Site3 contains one subnet + domain controller D - yet another (3rd) building
My Actions:
(1) Based on your advice, I added client subnets (2 of them) to Site1, using AD Sites and Services - since all are in same building
(2) I replicated the changes using AD Sites and Services also.
(3) I flushed DNS cache with "ipconfig /flushdns" at the clients
Results: Nothing changed - mydomain.com is still resolves to domain controller D.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36812994
Your DHCP clients use only specified DNS servers in scope option no. 006 :) (that's for sure) and gets DNS respond only from them :) ... but specified DNS servers contain all necessary records of your domain.local

By default Round-Robin mechanism is working for that
http://en.wikipedia.org/wiki/Round-robin_DNS
http://technet.microsoft.com/en-us/library/cc787484%28WS.10%29.aspx

so, according to your structure

DC-A
DC-B
DC-C
DC-D
DC-E

DNS issues IP address of DC during authentication, next client will get IP address of another DC from the list (Round Robin)

If you want to check if that's true, log on to that PC, open command-line and run test

ipconfig /flushdns
ping domain.local

repeat this action several times and compare IP output for the domain  :)

Regards,
Krzysztof
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36812999
You may be also interested in Netmask ordering feature. This is very good MS article for that
http://support.microsoft.com/kb/842197

Krzysztof
0
 

Author Closing Comment

by:waltforbes
ID: 36816961
Many thanks, iSiek.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36817364
You're welcome :)

Krzysztof
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question