Solved

Upgrade Active Directory DNS considerations

Posted on 2013-11-27
5
187 Views
Last Modified: 2015-01-10
Hi,

I am going through an upgrade of a server 2003 to Server 2012.  

The current server 2003 domain has been previously upgraded from Windows 2000

Although all the DCs in the current environment are server 2003 and the FFL is server 2003, the DNS configuration is still set to replicate to all domain controllers in the Active Directory domain (a windows 2000 configuration)

I know from Server 2003 and on-wards that DNS is now stored in application directory partitions and the correct configuration should be to replicate to all DNS servers in this domain.

The forest DNS zone is also missing from the 2003 DNS servers.

If i was to install Server 2008 R2, the default settings are to replicate to all DNS servers in the domain,.  The forest zone is also there.

Am i then right to say that the first step in upgrading the server 2003 domain to server 2012 to change the DNS settings ?

The missing forest DNS zone would be more of an issue if there was more than one domain?
0
Comment
Question by:cmatchett
  • 2
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
Miguel Angel Perez Muñoz earned 250 total points
ID: 39680198
First of all must be upgrade your Active directory schema to Windows 2012, then install and configure your Windows 2012 as domain controller. But Windows 2012 can detect if your domain is ready to Windows 2012 and correct this making as know on older versions as forestprep and domainprep. Here you can find more details:
http://blogs.technet.com/b/canitpro/archive/2013/05/05/step-by-step-adding-a-windows-server-2012-domain-controller-to-an-existing-windows-2003-network.aspx
http://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
Probably your DNS may be updated with other services and A records, but no big changes.
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 39680356
I suggest you to 1st resolve issue of Forest DNS zone (Default Application directory patition)on windows 2003 forest.

You can open the zones directly with Adsiedit.msc with below context:

DC=ForestDNSZones,DC=Valone,DC=local

And

DC=DomainDNSZones,DC=Valone,DC=local

Each of those should contain a "CN=MicrosoftDNS" sub-folder which contains your zones and records.

If you don't see those, can you open AD Users and Computers, select View then Advanced Features and check for a Microsoft DNS folder beneath System?

If those aren't there I'd recommend removing the zones from DNS entirely and recreating them.
Check below articles
http://technet.microsoft.com/en-us/library/cc739505(v=ws.10).aspx
http://regierdad.wordpress.com/2006/11/24/active-directory-domaindnszones-and-forestdnszones-missing/
http://windowsitpro.com/networking/q-how-can-i-create-domaindnszones-directory-partition

Also you should try to change your domain dns zone replication scope to "All DNS servers in this domain".You may face issue post doing this as well.because i faced this issue at one of my customer.After changing DNS replication scope to "All DNS servers in this domain", the zone got deleted from rest of the domain controllers except from those DCs which are in same site (i am working on DC in same site).I have reverted the setting and zone got restored on rest of the DCs as well.

Perhaps, you might take help from some Directory specialist or MS to get both problems resolved.

Once these issue gets resolved, theer is not big deal in upgrading 2003 AD to 2012

Mahesh
0
 

Author Comment

by:cmatchett
ID: 39683254
Thanks for your comments. What are your thoughts on the below link

http://technet.microsoft.com/en-us/library/cc730964(v=ws.10).aspx

It mentions steps after upgrading from Windows 2000?

It is definitely an essential task to complete when upgrading.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39683331
The link is straight forward:
If you are upgrading Windows Server 2003 Active Directory domains, your Domain Name System (DNS) zones have already been stored in the DNS application directory partitions.
However, if you are upgrading Windows 2000 Active Directory domains, you might choose to move your DNS zones into the newly created DNS application directory partitions.

The link assumes that your existing DNS infrastructure is in healthy \ normal condition and in normal condition changing DNS replication scope is just a piece of cake.
The link doesn't talk about existing issues if any.

In your scenario, you are already have 2003 FFL, means you don't have any 2000 servers as domain controllers

The problem is even already being on 2003 server platform your DNS data is not stored in application directory partition (DomainDNSZone) + missing forestdnszone.

You can update active directory to 2008 if wanted to but it will not resolve above problems

I have tried to highlight the same by giving you example in my earlier comment.
Thats why I suggest you to first rectify above two problems 1st

Mahesh
0
 

Author Comment

by:cmatchett
ID: 39721731
this is still to be started, thank u
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now