AD integrated zones... primary and secondary still?

Discussion in 'DNS Server' started by David, Oct 18, 2007.

  1. David

    David Guest

    Hi all,

    Kind of a silly question I guess... I have been running AD and DNS servers
    for years but always stuck with the traditional zone file method for storing
    zone data.

    Anyway, I just upgraded a site to Windows 2003 AD and am looking to cleanup
    / reconfigure DNS.

    All DNS Servers are 2003 DC's configured in the traditional manner... I am
    doing some reading about changing the zone data to be AD integrated, and am a
    little confused on how this will translate... The following in from
    O'Rielly's DNS on Windows 2003 book:

    ....which means that any domain controller that is also a primary name server
    for the AD-integrated zone can update it directly, like a primary name server.

    So this makes me think that as I setup DNS on my domain controllers, and I
    run through the add a zone wizard, that I would specify each DNS server as
    primary for our DNS zone? (it is a smaller site with only 4 DC's and DNS
    zones like and is the
    forest root).

    So once I have the first DC running DNS and is primary for I change it to AD integrated. Great - what is proper
    when I configure DNS on the other DC / DNS servers? Are they secondary still?

    Thanks for helping me deal with this silly learning curve thing...

    David, Oct 18, 2007
    1. Advertisements

  2. David

    Anthony Guest

    Hi David,
    After you do it on one DC, the zone is stored in AD under
    System\MicrosoftDNS and is created in all the DC's DNS's.
    There are variations on how the zone can be distributed, but in your
    environment that's it.
    If you already have the zone as a normal primary and secondary, I think you
    would want to convert the primary to Integrated, then remove the secondaries
    and they will be recreated automatically from the integrated zone.
    Hope that helps,
    Anthony, Oct 18, 2007
    1. Advertisements

  3. Read inline please.

    Before you change to AD integrated zones, you must delete the zone from all
    DCs except one DC with a primary zone and point all DCs to the remaining DC
    with the zone. After the zone is gone from all other DCs, change the
    remaining DC's zone to AD Integrated, in a cmd prompt, type ipconfig
    /flushdns & ipconfig /registerdns & net stop netlogon & net start netlogon
    If replication is working right, the zone should appear on the other DCs
    after the next replication cycle.
    After the zone has replicated, point each DC to itself AND at least one
    other DC with DNS that is always online and running when the DC is rebooted.
    Not following this recommendation will greatly extend startup time and cause
    errors at startup.

    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    Keep a back up of your OE settings and folders
    with OEBackup:
    Kevin D. Goodknecht Sr. [MVP], Oct 20, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.