Solved

Install DNS on DC

Posted on 2013-06-24
6
190 Views
Last Modified: 2013-07-03
Hello,

I just recently moved departments and inherited an AD setup that was not setup the best.  What I found today was that the primary DC looks to be set up just fine with all FSMO roles, DFS and SQL.  On the secondary DC, the person installed AD, but did not install DNS.  I thought something was wrong when I went to connect to the secondary DC from the first's ADUC and it didn't show up.

So, now my questions is this: Can I simply add the role of DNS on the secondary server?  If so, how do I do this so that I ensure it is AD integrated.  Once all of that is done and replication works in ADUC (which it does not now), I'll then point the Secondary DC to itself for primary DNS and to the primary DC for secondary DNS, or should I reverse that?  If so, should I do that on the primary: point to itself first and the secondary second for DNS?  I know there are many Microsoft articles that say it does not matter or contradict each other.  

These servers are Server 2008 service pack 2.

Thanks,
0
Comment
Question by:soadmin
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 39273274
If you open the DNS console on the existing DC, right click and select properties, it will tell you if its AD Integrated or not - if not then just change it.

All you have to do then is install the DNS role on the other DC, the DNS zone data will replicate automatically with the AD Replication,
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39273363
I would also agree with KCTS, you will need to add the role first, then do the following...
- add the DNS role to the secondary DC
- login to the PDC
- open DNS console
- right click the internal domain zone, select properties
- beside replication click the change button and make sure its replicating to all DNS servers on domain controllers
- Click the Name servers tab and make sure that the secondary DC is listed in there
- If your DC's are on the same LAN segment DNS should replicate fairly quick.

Hope this helps!
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39273428
I would suggest is this is not setup in a typical way (and even if it is, whenever you "inherit" a network) you should run DCDIAG /C /E /V to get a comprehensive diagnostic on AD and start resolving any issues you may have.  While it's generally a best practice to run DNS on a DC, if you have 5 DCs and 2 or 3 are DNS servers, then it's not necessary (of course, if you have 5 DCs in one site, then you are either General Electric, Microsoft, or in desperate need of removing some of the DCs to lighten your administrative load because that many are almost certainly unnecessary.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39274458
If your primary server DNS is AD integrated the same will be replicated to seconadsry DNS aftre installing the DNS role on it.Also ensure correct dns setting on DC to avoid DNS misconfig.

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 

Author Comment

by:soadmin
ID: 39275116
Thanks everyone.  In looking at things this morning, I do not believe the appropriate firewall ports are open since the DC are on different subnets.  389 looks open, but DNS is not...this is going to be a mess.  Here are the ports that I think I need to open but just wanted to run it by all of you for a quick verification:

http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

Thx
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39275364
Yes you are refering to correct link for AD port requirement.Here is one more link.

Active Directory Firewall Ports - Let's Try To Make This Simple
http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question