Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New Domain Controller DNS Question 1

Status
Not open for further replies.
jonalden2

jonalden2

IS-IT--Management
Nov 19, 2004
30
US
I have an existing Windows 2000 Domain which I am in the process of upgrading to Windows 2003... Before I move the FSMO roles I want to setup DNS.

Here is what I have done so Far. using the DNS Wizard I have selected "Create forward and reverse lookup zones"

then I choose Yes to create forward lookup zone now

then i Select Primary Zone

then I select "To all domain controllers in Active Directory domain xxxxx.com

Now I am prompted for a Zone name. Can I use the same zone name as my existing DNS server or do I need to make it different?

Thanks for your help
 
Sort by date Sort by votes
So you are setting up a new Windows 2003 domain controller seperate from this one? If you are, you can use the dcpromo wizard to setup your first AD integrated zone. If introduced into an existing environment it will replicate the zone information from the current DC to this one, from here you would can transfer roles and then demote the old machine.

I usually throw out this KB as it relates to the commands you will need to run before hand (forestprep domainprep)


The reason I wouldnt use the wizard is cause you are just creating a new primary zone (since you have no other dns servers therefore a secondary zone isnt feasible), this will not be sufficient when setting up the required AD Integrated zone since this gets populated when you dcpromo.

Cory
 
Upvote 0 Downvote
Cory,

Thanks for your help. Yes I am adding a new Windows 2003 Domain Controller to my windows 2000 domain. I already have a Windows 2003 Domain controller that is running exchange 2003 (i know this is not a best practice... something I inherited) So I believe the forestprep and domainprep have been completed.

My main goal is to be able to raise the Domain Functional Level from Windows 2000 Native to Windows 2003 Native but I need to remove the old 2000 domain controller. I am ok with transfering the FSMO roles but I want to make the new 2003 domain controller the primary DNS Server. I found this article going a google search but I wondered if this would apply because I am not actually going to change the IP address of the 2003 DC.
So just to recap I should create a new primary DNS zone? it there a way I could just make the SOA point to the new 2003 DC.

Thanks again
 
Upvote 0 Downvote
From my understanding the SOA record contains information regarding its corresponding zone. Changing properties on this, as far as I can tell, will get you effectively nowhere.

All you would need to do is insure this new DC has the zones replicated to it (which happens after you promote it into then existing domain). Maybe wait a day, verify the data (you can use netdiag for checking for problems here).

If you are satisfied at this point with the replicated zones and corresponding host records you can transfer roles and demote the other server (assuming you have a copy of the GC somewhere and verified your sites and services). You may need to manually clear out the newly replicated AD integrated zone since it *may* contain stale SRV records that would cause issue with authentication (skim the zone folders real quick and check for the old DC computer name).

Again you cant just use the wizard to create a new primary zone if this is going to be a DC since the appropriate zone information regarding everything AD will not be prepopulated for you.

If this 2000 DC is the Exchange Server as well you may want to verify steps for migrating this off to another box as well.

I have stepped through this in my lab a few times and this is the process I have used. Take it for what its worth. :\

Good luck.

Cory
 
Upvote 0 Downvote
Sorry, in regards to Exchange, its not something thats just a casual if you want to thing. If this is the current situation you WILL need to take steps to get a working Exchange Server via migration or whatnot as I think its tightly knit with the DC it is on and demoting it will cause significant problems.

Cory
 
Upvote 0 Downvote
Actually what I am going to do is just build a new exchange server on a member server but I wanted to get the domain to a functional 2003 domain first.

before I got your response this morning.... I created a Secondary Zone and it looks like everything has replicated overnight. Is there a way to convert this to a primary zone?
 
Upvote 0 Downvote
You can only have one primary copy of a zone as these are read/write and secondary is read only. To change this you would right click the zone go to properties, on the general tab click change for the "Type" option.

Cory
 
Upvote 0 Downvote
I just did some reading on the difference between, primary, secondary and active directory-integrated zones and it seems like going with an active directory zone is the way to go. If I were to change the old 2000 DC to an active directory-integrated zone and then change the new 2003 DC to an active directory-integrated zone that sounds like it might be easier to manage and remove a single point of failure for DNS. here is the KB article i found.

I am guessing this is something I should do after hours, correct?

Thanks for all of your help,

Jon
 
Upvote 0 Downvote
What it looks like to me is this process takes the place of the initial dcpromo step of adding/configuring the dns server. This will take the zone that is configured to handle client machine records for SRV records (for authentication purposes and the like) and make a copy of it on the server that you are running this KB article on. So say during your dcpromo you skipped configuring the dns and now you want this zone information on this DC you would do this.

I suppose I am not sure what kind of issues this would cause in regards to the SRV records that get created during this step that are there to reference the new DC ( i.e. the _ldap record with instead of "host offering this service" being dc1, the creation of a second record pointing to dc2)

I am curious if once you make the zone AD integrated and zone replication occurs on the new DC what records get added if any. Typically I follow the steps and as this deviates I think you have hit the end of the road on my ability to lend more of a hand.

Good luck, and let us know how you get on. Thanks!

Cory
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter
rvirene
  • Locked
  • Question
MS DNS / Powershell Script Question
Replies
2
Views
11K
rvirene
rvirene

Part and Inventory Search

Sponsor

Back
Top