Solved

Install DNS on DC

Posted on 2013-06-24
6
193 Views
Last Modified: 2013-07-03
Hello,

I just recently moved departments and inherited an AD setup that was not setup the best.  What I found today was that the primary DC looks to be set up just fine with all FSMO roles, DFS and SQL.  On the secondary DC, the person installed AD, but did not install DNS.  I thought something was wrong when I went to connect to the secondary DC from the first's ADUC and it didn't show up.

So, now my questions is this: Can I simply add the role of DNS on the secondary server?  If so, how do I do this so that I ensure it is AD integrated.  Once all of that is done and replication works in ADUC (which it does not now), I'll then point the Secondary DC to itself for primary DNS and to the primary DC for secondary DNS, or should I reverse that?  If so, should I do that on the primary: point to itself first and the secondary second for DNS?  I know there are many Microsoft articles that say it does not matter or contradict each other.  

These servers are Server 2008 service pack 2.

Thanks,
0
Comment
Question by:soadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 39273274
If you open the DNS console on the existing DC, right click and select properties, it will tell you if its AD Integrated or not - if not then just change it.

All you have to do then is install the DNS role on the other DC, the DNS zone data will replicate automatically with the AD Replication,
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39273363
I would also agree with KCTS, you will need to add the role first, then do the following...
- add the DNS role to the secondary DC
- login to the PDC
- open DNS console
- right click the internal domain zone, select properties
- beside replication click the change button and make sure its replicating to all DNS servers on domain controllers
- Click the Name servers tab and make sure that the secondary DC is listed in there
- If your DC's are on the same LAN segment DNS should replicate fairly quick.

Hope this helps!
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39273428
I would suggest is this is not setup in a typical way (and even if it is, whenever you "inherit" a network) you should run DCDIAG /C /E /V to get a comprehensive diagnostic on AD and start resolving any issues you may have.  While it's generally a best practice to run DNS on a DC, if you have 5 DCs and 2 or 3 are DNS servers, then it's not necessary (of course, if you have 5 DCs in one site, then you are either General Electric, Microsoft, or in desperate need of removing some of the DCs to lighten your administrative load because that many are almost certainly unnecessary.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39274458
If your primary server DNS is AD integrated the same will be replicated to seconadsry DNS aftre installing the DNS role on it.Also ensure correct dns setting on DC to avoid DNS misconfig.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 

Author Comment

by:soadmin
ID: 39275116
Thanks everyone.  In looking at things this morning, I do not believe the appropriate firewall ports are open since the DC are on different subnets.  389 looks open, but DNS is not...this is going to be a mess.  Here are the ports that I think I need to open but just wanted to run it by all of you for a quick verification:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

Thx
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39275364
Yes you are refering to correct link for AD port requirement.Here is one more link.

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question