Solved

Install DNS on DC

Posted on 2013-06-24
6
186 Views
Last Modified: 2013-07-03
Hello,

I just recently moved departments and inherited an AD setup that was not setup the best.  What I found today was that the primary DC looks to be set up just fine with all FSMO roles, DFS and SQL.  On the secondary DC, the person installed AD, but did not install DNS.  I thought something was wrong when I went to connect to the secondary DC from the first's ADUC and it didn't show up.

So, now my questions is this: Can I simply add the role of DNS on the secondary server?  If so, how do I do this so that I ensure it is AD integrated.  Once all of that is done and replication works in ADUC (which it does not now), I'll then point the Secondary DC to itself for primary DNS and to the primary DC for secondary DNS, or should I reverse that?  If so, should I do that on the primary: point to itself first and the secondary second for DNS?  I know there are many Microsoft articles that say it does not matter or contradict each other.  

These servers are Server 2008 service pack 2.

Thanks,
0
Comment
Question by:soadmin
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 39273274
If you open the DNS console on the existing DC, right click and select properties, it will tell you if its AD Integrated or not - if not then just change it.

All you have to do then is install the DNS role on the other DC, the DNS zone data will replicate automatically with the AD Replication,
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39273363
I would also agree with KCTS, you will need to add the role first, then do the following...
- add the DNS role to the secondary DC
- login to the PDC
- open DNS console
- right click the internal domain zone, select properties
- beside replication click the change button and make sure its replicating to all DNS servers on domain controllers
- Click the Name servers tab and make sure that the secondary DC is listed in there
- If your DC's are on the same LAN segment DNS should replicate fairly quick.

Hope this helps!
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39273428
I would suggest is this is not setup in a typical way (and even if it is, whenever you "inherit" a network) you should run DCDIAG /C /E /V to get a comprehensive diagnostic on AD and start resolving any issues you may have.  While it's generally a best practice to run DNS on a DC, if you have 5 DCs and 2 or 3 are DNS servers, then it's not necessary (of course, if you have 5 DCs in one site, then you are either General Electric, Microsoft, or in desperate need of removing some of the DCs to lighten your administrative load because that many are almost certainly unnecessary.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39274458
If your primary server DNS is AD integrated the same will be replicated to seconadsry DNS aftre installing the DNS role on it.Also ensure correct dns setting on DC to avoid DNS misconfig.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 

Author Comment

by:soadmin
ID: 39275116
Thanks everyone.  In looking at things this morning, I do not believe the appropriate firewall ports are open since the DC are on different subnets.  389 looks open, but DNS is not...this is going to be a mess.  Here are the ports that I think I need to open but just wanted to run it by all of you for a quick verification:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

Thx
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39275364
Yes you are refering to correct link for AD port requirement.Here is one more link.

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now