convert primary zone to AD integrated

Discussion in 'DNS Server' started by sawyer, Jan 22, 2010.

  1. sawyer

    sawyer Guest

    Hello all

    I have a standard primary zone that's running on a 2003 DC, currently we are
    using DNS replication to copy this zone to other DC\DNS servers. We
    basically create a secondary zone on the other DC's and then setup zone
    replication from the primary to the secondary DC\DNS servers. I know want to
    convert this zone to AD integrated, but I want to make sure that after the
    zone has been converted, it will still keep the list of servers that are
    setup in the zone transfers tab on the primary zone? I understand that
    before I convert the zone to AD integrated I will have to delete the
    secondary zones on all the DC\DNS servers that currently have a secondary
    copy of this zone, but we also replicate this zone to 3rd party devices like
    F5's and such and these devices require a copy of this zone. So again after
    the zone has been changed will it keep the listing of servers that are
    listed in the zone transfers tab? and will it continue to all the zone to be
    copied to 3rd party devices after the zone has been changed from primary to
    AD integrated?

    Many thanks
     
    sawyer, Jan 22, 2010
    #1
    1. Advertisements

  2. AFAIK yes.


    hth
    DDS
     
    Danny Sanders, Jan 22, 2010
    #2
    1. Advertisements


  3. Hi sawyer,

    I'm trying to follow the steps you mentioned, but I'm having difficulty
    following them.

    What I can say that if the zone is an AD integrated zone, it *automatically*
    replicates to all DCs within its replication scope settings. If you
    currently have a Primary Standard zoine (not in AD) with the other DCs
    having a Secondary zone copy of it, and you change the Primary Standard zone
    to AD Integrated, AD will automatically convert the Secondary zones to AD
    integrated. There is no reason to delete the secondaries manually, nor to
    create the zone manually after changing it to AD integrated. You let it do
    it automaticatlly. It works nicely. If you do create it manually on other
    DCs after you've changed the zone to AD integrated, what I can tell you is
    that you will create a duplicate zone scenario in the AD database. TO find
    out if this occured, you can use ADSIEdit to find and delete them. My blog
    should help you with this, just to determine at least if you have any dupes.


    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    http://msmvps.com/blogs/acefekay/ar...ing-or-duplicate-ad-integrated-dns-zones.aspx

    As for zone transfers, AD integrated zones or standard Primary/Sewcondaries
    can still allow zone transfers. Once you change a zone to AD Integrated, it
    will disable the zone transfer allowance. you will have to go into the zone
    properties and allow it again.

    As for the nameservers tab, it will automatically replicate to all DC once
    changed to AD integrated. This means ALL info about a zone. You will see
    thaty ALL DCs will be authorative for an AD integrated zone. Remember, AD
    Integration is a multi-master Primary design, hence why they are all
    nameserver for the zone.

    However, if you had manually created a zone on another DC that was already
    in the AD database (but hasn't replicated over yet - patience??) then a dupe
    scenario will happen.YOu have to be careful with this. AD integrated zones
    just work automatically. ALl you do is change it on one, and everything
    (zone data, configuration, nameservers, etc, etc etc) all replicate. If you
    do it manually on another server, expect problems.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
    MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please
    contact Microsoft PSS directly. Please check http://support.microsoft.com
    for regional support phone numbers.
     
    Ace Fekay [MVP-DS, MCT], Jan 22, 2010
    #3
  4. sawyer

    sawyer Guest

    Thanks Ace, you did a great job interpreting what my concerns were. You
    answered all my questions, and educated me on something I didn't know. I
    didn't realize that I didn't have to delete the secondary zones on the other
    DC\DNS servers before I converted the primary zone to AD integrated. From
    what you are saying the conversion of the zones from secondary to AD
    integrated will happen automatically by AD?

    thanks very much?
     
    sawyer, Jan 22, 2010
    #4
  5. You betcha!
    You are welcome!

    Ace
     
    Ace Fekay [MVP-DS, MCT], Jan 23, 2010
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.