Options
Setting up Active directory with DNS...
Spacer_08
Member Posts: 39 ■■□□□□□□□□
Hey guys, so Im following the MS press material for 'The Beast' when I came across a problem in Chapter 5 lesson 1.
It instructs you to install Active directory on the same machine as the DNS service is running on (as per the practise exercise in the previous chapter). When It comes to the DNS point of the AD installation the DNS diagnostic fails due to the DNS server not allowing dynamic updates. Therefore, the _ldap._tcp.dc._msdcs.xx SRV resource record is not loaded aswell as all other objects that should be loaded.
So why do MS state to not allow dynamic updates whilst installing the DNS service? Am I missing something here? Cheers guys.
It instructs you to install Active directory on the same machine as the DNS service is running on (as per the practise exercise in the previous chapter). When It comes to the DNS point of the AD installation the DNS diagnostic fails due to the DNS server not allowing dynamic updates. Therefore, the _ldap._tcp.dc._msdcs.xx SRV resource record is not loaded aswell as all other objects that should be loaded.
So why do MS state to not allow dynamic updates whilst installing the DNS service? Am I missing something here? Cheers guys.
Comments
-
Options
royal
Member Posts: 3,352 ■■■■□□□□□□
First DC - Put DNS to itself and DCPromo will do DNS install
Second DC - Put DNS to first DC. After reboot, install DNS. After connection objects are created (could take up to 15 minutes), replication will occur and DNS will be automatically populated and NS records will be created
Installing a child domain DC - Point DNS to parent domain's DNS. If you want parent DNS server to be authoritative, then do nothing in regards to installing DNS on this server. A folder under the parent's DNS will be created for you. If you want the child DNS to be authoritative, then prior to doing a DCPROMO, create a conditional forwarder or a delegation to your child domain's server. That way, when DCPROMO is run, the child DC will see it's authoritative and will prompt you to install DNS. Once you reboot, you can remove the static delegation or conditional forwarder and do a stub zone.
When doing a tree, do the same thing as the child DC. I don't remember exactly if you don't do delegation, if an entire zone will be populated on the parent DNS server or not. The majority of the time in the real world, you'll put in the delegation though so the new tree can manage its own DNS. So create the delegation, and when DCPROMO is run on the new DC that'll be its own new tree, it'll be prompted to install DNS on itself.
When doing a new tree or a new child domain, if you chose to install DNS on itself, right before you reboot after DCPROMO, go into DNS and create a Stub zone, Conditional Forwarder, or Forwarder to your parent DNS server. That way after the DC changes its primary dns ip to itself, it'll still know how to resolve the parent DNS server so replication can continue.
Hope that helps.“For success, attitude is equally as important as ability.” - Harry F. Banks -
OptionsSpacer_08
Member Posts: 39 ■■□□□□□□□□
Thanks very much for that in depth reply! I'll use your info for when I continue tomorrow. What you're saying all makes sense to me, but as far as the MS books concerned, the AD installation to pass the DNS diagnostic test despite the DNS being set to 'Not allow dynamic updates'. Is this some sort of error?
Thanks again, much appreciated.