I know this is a loaded question... (DNS Inside)

but....

We have our main domain controller right now in our head office. We migrated office A over from our old NT domain, put in a secondary domain controller w/dns and it went smooth. That was several months ago... I remember going off of a guide on technet or something.... Then a few weeks ago we did office B and for whatever reason the DNS just did not pull over right. Without sounding completely vauge I guess my questions are -

Is there a dummies/FAQ somewhere or that someone can suggest for adding a secondary domain controller to our domain?

How easy is it to just pull over the DNS from the primary domain controller?

I know DNS is a monster in itself and these aren't simple questions that I'm asking, but maybe if someone could just point me in the right direction maybe I can figure out why everything is crapping out.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Sie

Hi BigTone,

Found a couple of articles for you to have a look through:

http://articles.techrepublic.com.com/5100-10878_11-5084484.html

http://technet2.microsoft.com/windowsserver/en/library/6b03afbc-3d4f-4e3a-bda0-8fc4087708371033.mspx?mfr=true

If its not AD Intergrated then you can just create a secondary DNS Server for the Domain and pull the data across with a Zone Transfer.

HeroPsycho

Active Directory integrated or traditional primary/secondary?

royal

Typically the method for getting 2 DCs that both have AD-Integrated DNS installed works as follows:

1. Promote first server to 1st DC in a new forest. DNS won't be detected and will prompt you to install DNS on itself which will then install DNS on itself as well as point the Preferred DNS IP to 127.0.0.1 which is the loopback ip which means itself.

2. You then build a 2nd server which you intend on promoting to a 2nd DC. You configure the Preferred DNS IP to the 1st DC. This way when you're joining it to the already existing domain, it can pull AD information as well as DNS information. You can either manually install DNS right now or install DNS later. Since you're pointing the dns ip to the 1st server, the dcpromo won't prompt you to install DNS. You now run dcpromo and install AD and all the AD information will be pulled over to the new DC.

3. Now after the 2nd DC is rebooted you can install DNS. Since you are using AD-integrated DNS, you will NOT have to manually create a zone. DNSDomainZone is built into ntds.dit (Active Directory database file) and hence the zones are automatically pulled over as part of Active Directory replication. So all you have to do is install dns, and in a little bit, you'll automatically see the zones copied over as well as a new NS record for the new DC. All of this will automatically be shown through the DNS console without any user intervention other than installing DNS.

BigTone

royal wrote:

Typically the method for getting 2 DCs that both have AD-Integrated DNS installed works as follows:

1. Promote first server to 1st DC in a new forest. DNS won't be detected and will prompt you to install DNS on itself which will then install DNS on itself as well as point the Preferred DNS IP to 127.0.0.1 which is the loopback ip which means itself.

2. You then build a 2nd server which you intend on promoting to a 2nd DC. You configure the Preferred DNS IP to the 1st DC. This way when you're joining it to the already existing domain, it can pull AD information as well as DNS information. You can either manually install DNS right now or install DNS later. Since you're pointing the dns ip to the 1st server, the dcpromo won't prompt you to install DNS. You now run dcpromo and install AD and all the AD information will be pulled over to the new DC.

3. Now after the 2nd DC is rebooted you can install DNS. Since you are using AD-integrated DNS, you will NOT have to manually create a zone. DNSDomainZone is built into ntds.dit (Active Directory database file) and hence the zones are automatically pulled over as part of Active Directory replication. So all you have to do is install dns, and in a little bit, you'll automatically see the zones copied over as well as a new NS record for the new DC. All of this will automatically be shown through the DNS console without any user intervention other than installing DNS.

Thanks Royal,

I'll have to check out the configs. We're running all of our AD stuff in NEWDOMAIN, we still have some WINS on OLDDOMAIN but I'm pretty sure we're pointing everything to go to DC1 first. I know something's wrong though because the DNS isn't pulling over like it should.

We shouldn't have to do anything right? It should pull over all the forward lookup zones by itself when it replicates right? What about the reverse lookups?

Ahriakin

As long as you are using AD Integrated Zones it should be automatic, but if you setup standard Primary/Secondary Zones then you will need to configure allowed-servers (usually using the Name-Servers tab is best and then set it to allow to all in there). Still switch to AD integrated if you aren't already, besides being simpler the transfers are encrypted.
One last thing to check is how you have it set for replication within AD. If you want to use anything other than 'To all Domain Controllers in the Active Directory Domain xxxxxxx' the other DCs will need to be 2K3 and above - 2000 doesn't understand the Application Partitions that more granular AD DNS replication options use (e.g. only DNS servers in the domain or forest) and it won't take the zone transfer.

BigTone

pointing the secondary domain controller to the primary seemed to have helped, but we might have bigger issues on our hands, for some reason this secondary domain controller isn't showing up in the Sites and Services as a replication partner of the primary DC...

Ahriakin

No DNS No AD, it really is the backbone of AD replication - without it not only can the new server not locate the first by name but it can't locate ANY DC in the domain as it has no service records to go by. If it was me I'd demote the 2ndary DC, doublecheck your DNS is correct again and promote it once more.