• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

Install DNS on DC

Hello,

I just recently moved departments and inherited an AD setup that was not setup the best.  What I found today was that the primary DC looks to be set up just fine with all FSMO roles, DFS and SQL.  On the secondary DC, the person installed AD, but did not install DNS.  I thought something was wrong when I went to connect to the secondary DC from the first's ADUC and it didn't show up.

So, now my questions is this: Can I simply add the role of DNS on the secondary server?  If so, how do I do this so that I ensure it is AD integrated.  Once all of that is done and replication works in ADUC (which it does not now), I'll then point the Secondary DC to itself for primary DNS and to the primary DC for secondary DNS, or should I reverse that?  If so, should I do that on the primary: point to itself first and the secondary second for DNS?  I know there are many Microsoft articles that say it does not matter or contradict each other.  

These servers are Server 2008 service pack 2.

Thanks,
0
soadmin
Asked:
soadmin
1 Solution
 
Brian PiercePhotographerCommented:
If you open the DNS console on the existing DC, right click and select properties, it will tell you if its AD Integrated or not - if not then just change it.

All you have to do then is install the DNS role on the other DC, the DNS zone data will replicate automatically with the AD Replication,
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
I would also agree with KCTS, you will need to add the role first, then do the following...
- add the DNS role to the secondary DC
- login to the PDC
- open DNS console
- right click the internal domain zone, select properties
- beside replication click the change button and make sure its replicating to all DNS servers on domain controllers
- Click the Name servers tab and make sure that the secondary DC is listed in there
- If your DC's are on the same LAN segment DNS should replicate fairly quick.

Hope this helps!
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
I would suggest is this is not setup in a typical way (and even if it is, whenever you "inherit" a network) you should run DCDIAG /C /E /V to get a comprehensive diagnostic on AD and start resolving any issues you may have.  While it's generally a best practice to run DNS on a DC, if you have 5 DCs and 2 or 3 are DNS servers, then it's not necessary (of course, if you have 5 DCs in one site, then you are either General Electric, Microsoft, or in desperate need of removing some of the DCs to lighten your administrative load because that many are almost certainly unnecessary.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
SandeshdubeySenior Server EngineerCommented:
If your primary server DNS is AD integrated the same will be replicated to seconadsry DNS aftre installing the DNS role on it.Also ensure correct dns setting on DC to avoid DNS misconfig.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 
soadminAuthor Commented:
Thanks everyone.  In looking at things this morning, I do not believe the appropriate firewall ports are open since the DC are on different subnets.  389 looks open, but DNS is not...this is going to be a mess.  Here are the ports that I think I need to open but just wanted to run it by all of you for a quick verification:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

Thx
0
 
SandeshdubeySenior Server EngineerCommented:
Yes you are refering to correct link for AD port requirement.Here is one more link.

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now