Additional AD Integrated DNS servers???

Discussion in 'DNS Server' started by Remnant, Jan 2, 2005.

  1. Remnant

    Remnant Guest

    Hey all,

    I have what may seem an obvious question, but I cannot find any proper
    references to it anywhere and have also searched this forum without much luck.

    Basically, what's the correct procedure for installing DNS on ADDITIONAL
    DC's with regards to adding the zones to them that are AD integrated? I
    install DNS on the second DC, but then how do I add the AD Integrated Zone?
    The reason I ask is this problem I found when I tried - I added a new zone on
    the second server, with the same name and made it AD Int, and instead of
    replicating all of the existing info (like I thoght it would) instead it
    seemed to become authoritative for records, replicating it's almost empty
    information to the original DNS server!

    I found one reference here:

    http://www.microsoft.com/resources/...oddocs/en-us/sag_DNS_imp_NewPrimaryServer.asp

    which mentions the "From Active Directory or registry" option to pick up the
    info, which is exactly what i want... but one little question - where is this
    option? I just can't work out the CORRECT procedure for this and can't seem
    to find any documentation on it...

    Please help, this is a real show-stopper for me!
     
    Remnant, Jan 2, 2005
    #1
    1. Advertisements

  2. In
    Yes, this is what happens when you try to create a zone in Active Directory
    when the zone already exists.
    What you should have done is only created the zone on one DNS server. If the
    zone is stored in Active Directory, do nothing else, it will replicate
    itself.
    If you go to another server and try to create the zone on it, then you have
    created a newer version of the zone and it will overwrite the zone already
    there.
    Have patience, the most you can do to speed up the process is to add the NS
    record for the other AD integrated server.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jan 2, 2005
    #2
    1. Advertisements

  3. Remnant

    Herb Martin Guest

    Zone?

    If it is a DC already (which it must be for this) AND
    it is replicated fully, then the DNS records are already
    there in AD but not available to DNS or it's clients
    until you create the zone.

    In the DNS MMC on the additional DNS-DC, just
    right click and create the zone -- the records are there.
    That implies a failure to replicate so do this instead.

    Make the new DNS a secondary (initially) -- make
    sure AD (itself) fully replicates (check with DCDiag,
    ReplMon, or RepAdmin).

    This accomplishes two things: it makes sure AD
    replicates before turning DNS over to it, and it also
    allows you to get the current update list from the
    Primary to the Secondary through a direct zone
    transfer.

    Now that the correct records are on both machines
    and AD is replicating it doesn't matter which one
    thinks it owns a record -- they both have the right
    stuff and can update each other.
     
    Herb Martin, Jan 2, 2005
    #3
  4. Remnant

    Remnant Guest

    sorry herb, i don't think this would ever work. i have not only worked on
    numerous dc's, but i have tried this a number of times - even when
    replication is working fine on multiple dc's that are in the same subnet. i
    have never, nor has anyone else i've asked seen it just populate the records
    after i add the zone to the second dc. are you sure this has happened for
    you? in fact, it's at this point that it can over-write what is there, which
    as stated is what occurred for me, and what K Goodknecht seems to confirm.

    I guess i'll try them both again to confirm which is correct, but these 2
    solutions appear to contradict each other...

    Thanks for your responses though, I think you've set me on the track I need.
     
    Remnant, Jan 5, 2005
    #4
  5. Remnant

    Herb Martin Guest

    No, it always works if the DC is fully replicated
    (in Win2000) and if the Win2003 replication scope
    includes this DC in Win2003.
    i

    No, many of us do this all the time -- replication must
    have been broken or you are confusing cases.

    If you integrated DNS into AD then it is replicated to
    all DCs which share that replication scope -- usually
    this is same domain, but in Win2003 there are more
    choices.


    Perhaps you had set replication scope to something
    like DNS-DC in Win2003 and since the DNS was
    just installed it had not yet replicated but that is about
    the only (type) of reason it would not other than just
    general replication failure.

    The other possibility is that some people think the
    records are not there because:

    1) The zones don't get automatically created

    2) Even if created it only populates them if the
    new zone on this server is AD-integrated itself.

    #2 means is you set up a Secondary it will be empty
    and require pulling from another Master EVEN THOUGH
    the records are all local on that DC (hidden within AD
    but not available to a Secondary DNS server.)
    Yes -- but you have to make sure you are looking at the
    same think.

    The records are IN AD -- the whole architecture of
    AD is that it replicates (depending on scope in Win2003).
    need.
     
    Herb Martin, Jan 5, 2005
    #5
  6. In
    Herb you cannot do this, if the zone is stored in Active Directory, it will
    be replicated to all DCs in the domain without further action.
    If you create a zone in AD on one DC you must wait for replication, do NOT
    go to another DC and attempt to create a zone for the same domain name in
    AD. This will do one of two things depending on if it is Win2k or Win2k3.
    Win2k will overwrite the zone in AD with the zone you just created, Win2k3
    will create a conflicting zone in AD and give you errors in your event log.
    (I forget the exact error ID)

    Another mistake people make is by having a zone in AD and then trying to
    create a Secondary zone on another DC, this won't work either. You CANNOT
    have a zone store in AD on one DC then a Secondary zone for the same domain
    name on another DC. This will cause the Secondary zone to disappear, then
    after a reboot the AD zone will load. Most people won't reboot they just
    complain the Secondary zone just went away!

    The only way I've found to speed up the Zone replication process is to
    create NS records for all DCs you want the zone to replicate to.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jan 6, 2005
    #6
  7. Remnant

    Remnant Guest

    thanks Kevin - this confirms the behaviour I am seeing, even when I can be
    sure replication is working correctly (no errors, no error logs, no MOM
    reports of errors, no personally sighted issues to do with replication).

    i guess i just need to take the advice my old exchange instructor told me
    back in the early days "take up smoking, everything in exchange takes five
    minutes or so, so at least you have something to do between commands..." :)
     
    Remnant, Jan 6, 2005
    #7
  8. Remnant

    Herb Martin Guest

    --
    Herb Martin


    The records are replicate but the zone is not automatically
    created on every DC -- although I will believe there is some
    special case where that happens it clearly doesn't always
    happen and I have DCs which are NOT AD integrated for
    the zone.

    There are also settings (which would make no sense were
    that always true) in Win2003 for replicating ONLY to AD
    Integrated DCs.

    His question though was are the records replicated -- we
    agree on this: they will be replicated if replication is
    functioning and the two servers are both in the scope of
    replication (Win2003 servers primarily.)
    That part makes sense, but then I always have given
    it time for replication.
     
    Herb Martin, Jan 6, 2005
    #8
  9. In
    Herb,
    You should re-read his post. He had an AD zone with all the records, before
    the zone could replicate he created another zone on another DC. Keep in mind
    when you create a NEW zone in DNS there will be no records in it, it was
    this zone that overwrote and replicated. Win2k does this, Win2k3 creates a
    conflicting AD zone beginning with a CNF in ADUC.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jan 6, 2005
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.