Solved

Active Directory DNS issue

Posted on 2013-05-10
5
333 Views
Last Modified: 2013-06-04
I have a server2003 Domain and trying to get ready to move to 2008 domain. I have already completed the prep etc... I changed my DNS to active directory integrated. I have 3 DNS servers on my domain. One of my DNS servers is still showing that it is a secondary rather than active directory integrated. The other 2 DNS servers both show AD integrated. I am not sure why the 3rd is not changing. It has been over a week and I thought maybe a replication problem. I cant figure it out. ANy help is greatly appreciated!
0
Comment
Question by:eli290
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 39155385
When Windows DNS server is installed on at least one domain controller and has Active Directory–integrated zones, the zone data is always replicated to every domain controller in the domain.
0
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 39155393
DNS domains and Active Directory domains share identical domain names, it is easy to confuse their roles. The difference is that the two namespaces, although sharing an identical domain structure, store different data and, therefore, manage different objects: DNS stores zones and resource records and Active Directory stores domains and domain objects. Both systems use a database to resolve names.

Did you try restarting the Netlogon service?  

Paste the events or screenshots.
0
 

Author Comment

by:eli290
ID: 39155415
Ok one thing I did just notice is that the DNS server in question is not a DC... That would make sense why it would not be recognizing the Active Directory integrated DNS....

Would you suggest doing a dcpromo on this server and make it an DC or just go back to the way it was before with the primary/secondary setup?
0
 
LVL 10

Expert Comment

by:jmanishbabu
ID: 39155819
Of course The system should be DC if you need the AD - DNS integrated .
0
 
LVL 10

Accepted Solution

by:
jmanishbabu earned 500 total points
ID: 39155830
The Primary - Secondary Concept and AD integrated DNS have a lot of difference.

AD-Integrated DNS stores its information in the NTDS.DIT file with AD database, so it provide same security & central point of administration. Dns information replication is taken by AD replication mechanism & it doesn't require manual creation of DNS zone on each DC with DNS service installed where as Non AD-Integrated DNS zone information is stored in separate DNS file located at system32/dns folder & it is limited to the server where its been created or you have to use zone transfer to replicate DNS data to another DNS server or manually create the zone on all the DNS server.
using AD integrated zones you can benefit from:

    Replication of the zones using AD replication
    Securing the zone as you can only only secure updates
    Having more than one primary zone for your domain
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question