Solved

How can I determine the preferred AD DNS server?

Posted on 2011-09-28
6
289 Views
Last Modified: 2012-06-27
Points of My Scenario:
1. I am admin of a Windows Server 2003 domain: mydomain.com
2. There are 5 domain controllers: A, B, C, D & E
3. All domain controllers are also DNS servers for the domain.
4. Client workstations are configured (via DHCP) to use as preferred DNS servers: A & B
5. However, clients resolve "mydomain.com" consistently to domain controller D.
QUESTION: How can I make clients resolve "mydomain.com" to domain controllers A or B instead?
0
Comment
Question by:waltforbes
  • 3
  • 2
6 Comments
 
LVL 12

Expert Comment

by:nsx106052
ID: 36719750
First create sites in AD(active directy sites and services) if you have more than one location.  Then move the domain controllers to the appropriate site.  Once the site is created add the proper subnets for each site.

Then I would double check your DHCP settings to use the proper DNS servers.  Typically you should place the two closest DNS servers in the DHCP scope. You can add additional ones as a backup if you prefer.

If you only have one location you don't need to configure site and services just your DHCP scopes.
0
 

Author Comment

by:waltforbes
ID: 36720154
To nsx106052 - please note the site/subnet layout:
(1) There are three sites (Site1, Site2, and Site3)
(2) Site1 contains three subnets + domain controllers A, B and E - all in one building
(3) Site2 contains one subnet + domain controller C - separate building
(4) Site3 contains one subnet + domain controller D - yet another (3rd) building
My Actions:
(1) Based on your advice, I added client subnets (2 of them) to Site1, using AD Sites and Services - since all are in same building
(2) I replicated the changes using AD Sites and Services also.
(3) I flushed DNS cache with "ipconfig /flushdns" at the clients
Results: Nothing changed - mydomain.com is still resolves to domain controller D.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36812994
Your DHCP clients use only specified DNS servers in scope option no. 006 :) (that's for sure) and gets DNS respond only from them :) ... but specified DNS servers contain all necessary records of your domain.local

By default Round-Robin mechanism is working for that
http://en.wikipedia.org/wiki/Round-robin_DNS
http://technet.microsoft.com/en-us/library/cc787484%28WS.10%29.aspx

so, according to your structure

DC-A
DC-B
DC-C
DC-D
DC-E

DNS issues IP address of DC during authentication, next client will get IP address of another DC from the list (Round Robin)

If you want to check if that's true, log on to that PC, open command-line and run test

ipconfig /flushdns
ping domain.local

repeat this action several times and compare IP output for the domain  :)

Regards,
Krzysztof
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36812999
You may be also interested in Netmask ordering feature. This is very good MS article for that
http://support.microsoft.com/kb/842197

Krzysztof
0
 

Author Closing Comment

by:waltforbes
ID: 36816961
Many thanks, iSiek.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36817364
You're welcome :)

Krzysztof
0

Featured Post

The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question