EA-170
asked on
AD DNS Move Zone
Hello,
Currently I have two AD Domains with their own DNS and we want to eliminate one of them as the second domain is no longer needed.
Domain 1 and Domain 2 have a full trust setup between them. I have already disjoined and re-joined all the machines from Domain 2 into Domain 1. Most of the machines in Domain 2 are statically assigned IPs - their DNS info has been updated to point to Domain 1 AD/DNS servers. The rest are setup through DHCP and DHCP as been updated with Domain 1 info for DNS settings.
The problem I am running into is for the IP range the former Domain 2 machines have been assigned the reverse lookup zone still is tied to Domain 2 and I am wondering how I can move it into Domain 1?
Domain 1 is a Windows 2008R2 Domain and Domain 2 is a Windows 2003R2 Domain.
Some background info:
Domain 2 was a turnkey solution from a vendor - so the domain/application was dropped into the environment way before my time. Recently we did a hardware refresh with the vendor and during that process the new servers were joined to domain 1. The only thing was we needed to use the same IP addresses. So the DC/App server IP addresses of Domain 2 were reused for the new App servers that were joined to Domain 1. So Domain 2 DCs were re-ip'd and currently sitting idle as we have confirmed the app/hw refresh went well now I just need to finish the cleanup.
Let me know if any other details are needed.
thanks in advance
Currently I have two AD Domains with their own DNS and we want to eliminate one of them as the second domain is no longer needed.
Domain 1 and Domain 2 have a full trust setup between them. I have already disjoined and re-joined all the machines from Domain 2 into Domain 1. Most of the machines in Domain 2 are statically assigned IPs - their DNS info has been updated to point to Domain 1 AD/DNS servers. The rest are setup through DHCP and DHCP as been updated with Domain 1 info for DNS settings.
The problem I am running into is for the IP range the former Domain 2 machines have been assigned the reverse lookup zone still is tied to Domain 2 and I am wondering how I can move it into Domain 1?
Domain 1 is a Windows 2008R2 Domain and Domain 2 is a Windows 2003R2 Domain.
Some background info:
Domain 2 was a turnkey solution from a vendor - so the domain/application was dropped into the environment way before my time. Recently we did a hardware refresh with the vendor and during that process the new servers were joined to domain 1. The only thing was we needed to use the same IP addresses. So the DC/App server IP addresses of Domain 2 were reused for the new App servers that were joined to Domain 1. So Domain 2 DCs were re-ip'd and currently sitting idle as we have confirmed the app/hw refresh went well now I just need to finish the cleanup.
Let me know if any other details are needed.
thanks in advance
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Will Szymkowski
Basically what i just said isn't it?
LOL, Yes but your comment wasn't posted when I went to answer.
You were first, the OP will see that.
John
You were first, the OP will see that.
John
ASKER
thanks for the replies
I guess I have a clarification - so the domain 1 AD -DNS has a reverse lookup zone for the IP range but there is nothing in it other than the original NS from domain 2. Just want to make sure doing the export and import won't cause any issues....
I guess I have a clarification - so the domain 1 AD -DNS has a reverse lookup zone for the IP range but there is nothing in it other than the original NS from domain 2. Just want to make sure doing the export and import won't cause any issues....
It should just create the new records and not disturb any existing records.
Does that address your concerns?
John
Does that address your concerns?
John
ASKER
So when I try to add domain 1 NS to the zone I get the server with this IP address is not authoritative for the required zone. Will doing the export and import give domain 1 authoritative access to the zone? Sorry as I should have included this in the original info
Doing the export import will not give you authoritative access. To get authoritative access you need to create a new zone on the server.
Are you trying to have domain1.local answer for domain2.local? If so, you need to spoof domain2.local on domain1.local by creating a new primary zone.
Does that make sense?
Are you trying to have domain1.local answer for domain2.local? If so, you need to spoof domain2.local on domain1.local by creating a new primary zone.
Does that make sense?
ASKER
yea - I am not trying to have domain1 answer for domain2 as domain2 is going dormant. But I just want to have domain 1 own the reverse lookup for the IP range that was originally only used for domain 2 and domain 2 still has an authoritative hold on the reverse lookup zone.
Domain 1 was setup as a secondary zone - should I just kill the secondary zone and then create a new reverse lookup zone?
Sorry DNS stuff gets me confused and a weak spot for me...
let me know if that got confusing
Domain 1 was setup as a secondary zone - should I just kill the secondary zone and then create a new reverse lookup zone?
Sorry DNS stuff gets me confused and a weak spot for me...
let me know if that got confusing
I am heading to a short meeting but if your export from domain2 looks like this:
10.3.0.107 Pointer (PTR) livedata.domain2.local. static
10.3.0.242 Pointer (PTR) washfs-acs.domain2.local. static
10.3.0.243 Pointer (PTR) ffxp001.domain2.local. static
10.3.0.58 Pointer (PTR) washgis.domain2.local. static
10.3.3.112 Pointer (PTR) washmgt2.domain2.local. static
You will have to change the data from computername.domain2.local
You will also need to create the reverse zone prior to importing the data. In my example you would create a reverse zone 10.3.0 (or X.0.3.10)
10.3.0.107 Pointer (PTR) livedata.domain2.local. static
10.3.0.242 Pointer (PTR) washfs-acs.domain2.local. static
10.3.0.243 Pointer (PTR) ffxp001.domain2.local. static
10.3.0.58 Pointer (PTR) washgis.domain2.local. static
10.3.3.112 Pointer (PTR) washmgt2.domain2.local. static
You will have to change the data from computername.domain2.local
You will also need to create the reverse zone prior to importing the data. In my example you would create a reverse zone 10.3.0 (or X.0.3.10)
ASKER
after looking through the data on the domain 2 - a lot of those records are stale and inaccurate. I am thinking since there is only about 30 machines I am just going to manually add the PTR records manually. this way only the active machines will be in there.
For clean up purposes what would be the best way to clean up the other domain 2 DNS associations in the forward and reverse lookup zones.
For clean up purposes what would be the best way to clean up the other domain 2 DNS associations in the forward and reverse lookup zones.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yea - due to the nature of the apps - they will just sit on the shelf until probably the next hardware upgrade from the vendor.
For the DNS cleanup I can just delete the secondary zones?
For the DNS cleanup I can just delete the secondary zones?
Yes, you can right click and delete them. You may get a warning that the zone creates data but you can either delete the data first then delete the zone or just leave them.
If the server is getting turned off after you create the zones on the new domain controller you can just leave them. If none of your computers are pointing to domain2 for DNS then it isn't hurting anything to leave them there.
If the server is getting turned off after you create the zones on the new domain controller you can just leave them. If none of your computers are pointing to domain2 for DNS then it isn't hurting anything to leave them there.
ASKER
ok - you know how it goes - like to be pristine
but thanks for the help I will award both of you the points as you originally answered my question but John thanks for the additional followup
but thanks for the help I will award both of you the points as you originally answered my question but John thanks for the additional followup