| Author |
Message |
Remnant
Guest
|
 Posted:
Sun Jan 02, 2005 8:45 am Post subject:
Additional AD Integrated DNS servers??? |
|
|
Hey all,
I have what may seem an obvious question, but I cannot find any proper
references to it anywhere and have also searched this forum without much luck.
Basically, what's the correct procedure for installing DNS on ADDITIONAL
DC's with regards to adding the zones to them that are AD integrated? I
install DNS on the second DC, but then how do I add the AD Integrated Zone?
The reason I ask is this problem I found when I tried - I added a new zone on
the second server, with the same name and made it AD Int, and instead of
replicating all of the existing info (like I thoght it would) instead it
seemed to become authoritative for records, replicating it's almost empty
information to the original DNS server!
I found one reference here:
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_imp_NewPrimaryServer.asp
which mentions the "From Active Directory or registry" option to pick up the
info, which is exactly what i want... but one little question - where is this
option? I just can't work out the CORRECT procedure for this and can't seem
to find any documentation on it...
Please help, this is a real show-stopper for me! |
|
| Back to top |
|
 |
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Sun Jan 02, 2005 9:36 am Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
In news:6B2DE013-EC94-4FB1-ACEA-4AEFA07D1E07@microsoft.com,
Remnant <Remnant@discussions.microsoft.com> commented
Then Kevin replied below:
| Quote: | Hey all,
I have what may seem an obvious question, but I cannot
find any proper
references to it anywhere and have also searched this
forum without much luck.
Basically, what's the correct procedure for installing
DNS on ADDITIONAL
DC's with regards to adding the zones to them that are AD
integrated? I
install DNS on the second DC, but then how do I add the
AD Integrated Zone?
The reason I ask is this problem I found when I tried - I
added a new zone on
the second server, with the same name and made it AD Int,
and instead of
replicating all of the existing info (like I thoght it
would) instead it
seemed to become authoritative for records, replicating
it's almost empty
information to the original DNS server!
|
Yes, this is what happens when you try to create a zone in Active Directory
when the zone already exists.
What you should have done is only created the zone on one DNS server. If the
zone is stored in Active Directory, do nothing else, it will replicate
itself.
If you go to another server and try to create the zone on it, then you have
created a newer version of the zone and it will overwrite the zone already
there.
Have patience, the most you can do to speed up the process is to add the NS
record for the other AD integrated server.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Sun Jan 02, 2005 3:20 pm Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
"Remnant" <Remnant@discussions.microsoft.com> wrote in message
news:6B2DE013-EC94-4FB1-ACEA-4AEFA07D1E07@microsoft.com...
| Quote: | Hey all,
I have what may seem an obvious question, but I cannot find any proper
references to it anywhere and have also searched this forum without much
luck.
Basically, what's the correct procedure for installing DNS on ADDITIONAL
DC's with regards to adding the zones to them that are AD integrated? I
install DNS on the second DC, but then how do I add the AD Integrated
Zone? |
If it is a DC already (which it must be for this) AND
it is replicated fully, then the DNS records are already
there in AD but not available to DNS or it's clients
until you create the zone.
In the DNS MMC on the additional DNS-DC, just
right click and create the zone -- the records are there.
| Quote: | The reason I ask is this problem I found when I tried - I added a new zone
on
the second server, with the same name and made it AD Int, and instead of
replicating all of the existing info (like I thoght it would) instead it
seemed to become authoritative for records, replicating it's almost empty
information to the original DNS server!
|
That implies a failure to replicate so do this instead.
Make the new DNS a secondary (initially) -- make
sure AD (itself) fully replicates (check with DCDiag,
ReplMon, or RepAdmin).
This accomplishes two things: it makes sure AD
replicates before turning DNS over to it, and it also
allows you to get the current update list from the
Primary to the Secondary through a direct zone
transfer.
Now that the correct records are on both machines
and AD is replicating it doesn't matter which one
thinks it owns a record -- they both have the right
stuff and can update each other.
| Quote: |
which mentions the "From Active Directory or registry" option to pick up
the
info, which is exactly what i want... but one little question - where is
this
option? I just can't work out the CORRECT procedure for this and can't
seem
to find any documentation on it...
Please help, this is a real show-stopper for me!
|
--
Herb Martin |
|
| Back to top |
|
|
Remnant
Guest
|
| Posted:
Thu Jan 06, 2005 2:53 am Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
"Herb Martin" wrote:
| Quote: | If it is a DC already (which it must be for this) AND
it is replicated fully, then the DNS records are already
there in AD but not available to DNS or it's clients
until you create the zone.
In the DNS MMC on the additional DNS-DC, just
right click and create the zone -- the records are there.
|
sorry herb, i don't think this would ever work. i have not only worked on
numerous dc's, but i have tried this a number of times - even when
replication is working fine on multiple dc's that are in the same subnet. i
have never, nor has anyone else i've asked seen it just populate the records
after i add the zone to the second dc. are you sure this has happened for
you? in fact, it's at this point that it can over-write what is there, which
as stated is what occurred for me, and what K Goodknecht seems to confirm.
I guess i'll try them both again to confirm which is correct, but these 2
solutions appear to contradict each other...
Thanks for your responses though, I think you've set me on the track I need. |
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Thu Jan 06, 2005 3:25 am Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
"Remnant" <Remnant@discussions.microsoft.com> wrote in message
news:0A93693E-8EC5-47C8-9AAA-DF988E3A3653@microsoft.com...
| Quote: |
"Herb Martin" wrote:
If it is a DC already (which it must be for this) AND
it is replicated fully, then the DNS records are already
there in AD but not available to DNS or it's clients
until you create the zone.
In the DNS MMC on the additional DNS-DC, just
right click and create the zone -- the records are there.
sorry herb, i don't think this would ever work. i have not only worked on
numerous dc's,
|
No, it always works if the DC is fully replicated
(in Win2000) and if the Win2003 replication scope
includes this DC in Win2003.
| Quote: | but i have tried this a number of times - even when
replication is working fine on multiple dc's that are in the same subnet.
i |
No, many of us do this all the time -- replication must
have been broken or you are confusing cases.
If you integrated DNS into AD then it is replicated to
all DCs which share that replication scope -- usually
this is same domain, but in Win2003 there are more
choices.
Perhaps you had set replication scope to something
like DNS-DC in Win2003 and since the DNS was
just installed it had not yet replicated but that is about
the only (type) of reason it would not other than just
general replication failure.
The other possibility is that some people think the
records are not there because:
1) The zones don't get automatically created
2) Even if created it only populates them if the
new zone on this server is AD-integrated itself.
#2 means is you set up a Secondary it will be empty
and require pulling from another Master EVEN THOUGH
the records are all local on that DC (hidden within AD
but not available to a Secondary DNS server.)
| Quote: | have never, nor has anyone else i've asked seen it just populate the
records
after i add the zone to the second dc. are you sure this has happened for
you? in fact, it's at this point that it can over-write what is there,
which
as stated is what occurred for me, and what K Goodknecht seems to confirm.
|
Yes -- but you have to make sure you are looking at the
same think.
The records are IN AD -- the whole architecture of
AD is that it replicates (depending on scope in Win2003).
| Quote: | I guess i'll try them both again to confirm which is correct, but these 2
solutions appear to contradict each other...
Thanks for your responses though, I think you've set me on the track I
need. |
--
Herb Martin |
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Thu Jan 06, 2005 6:16 am Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
In news:OG5hK3K8EHA.1408@TK2MSFTNGP10.phx.gbl,
Herb Martin <news@LearnQuick.com> commented
Then Kevin replied below:
| Quote: | If it is a DC already (which it must be for this) AND
it is replicated fully, then the DNS records are already
there in AD but not available to DNS or it's clients
until you create the zone.
In the DNS MMC on the additional DNS-DC, just
right click and create the zone -- the records are there.
|
Herb you cannot do this, if the zone is stored in Active Directory, it will
be replicated to all DCs in the domain without further action.
If you create a zone in AD on one DC you must wait for replication, do NOT
go to another DC and attempt to create a zone for the same domain name in
AD. This will do one of two things depending on if it is Win2k or Win2k3.
Win2k will overwrite the zone in AD with the zone you just created, Win2k3
will create a conflicting zone in AD and give you errors in your event log.
(I forget the exact error ID)
Another mistake people make is by having a zone in AD and then trying to
create a Secondary zone on another DC, this won't work either. You CANNOT
have a zone store in AD on one DC then a Secondary zone for the same domain
name on another DC. This will cause the Secondary zone to disappear, then
after a reboot the AD zone will load. Most people won't reboot they just
complain the Secondary zone just went away!
The only way I've found to speed up the Zone replication process is to
create NS records for all DCs you want the zone to replicate to.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Remnant
Guest
|
| Posted:
Thu Jan 06, 2005 7:45 am Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
| Quote: | Herb you cannot do this, if the zone is stored in Active Directory, it will
be replicated to all DCs in the domain without further action.
If you create a zone in AD on one DC you must wait for replication, do NOT
go to another DC and attempt to create a zone for the same domain name in
AD. This will do one of two things depending on if it is Win2k or Win2k3.
Win2k will overwrite the zone in AD with the zone you just created, Win2k3
will create a conflicting zone in AD and give you errors in your event log.
(I forget the exact error ID)
|
thanks Kevin - this confirms the behaviour I am seeing, even when I can be
sure replication is working correctly (no errors, no error logs, no MOM
reports of errors, no personally sighted issues to do with replication).
i guess i just need to take the advice my old exchange instructor told me
back in the early days "take up smoking, everything in exchange takes five
minutes or so, so at least you have something to do between commands..." :) |
|
| Back to top |
|
|
Herb Martin
Guest
|
| Posted:
Thu Jan 06, 2005 5:09 pm Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
--
Herb Martin
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:egOnIU48EHA.3640@tk2msftngp13.phx.gbl...
| Quote: | In news:OG5hK3K8EHA.1408@TK2MSFTNGP10.phx.gbl,
Herb Martin <news@LearnQuick.com> commented
Then Kevin replied below:
If it is a DC already (which it must be for this) AND
it is replicated fully, then the DNS records are already
there in AD but not available to DNS or it's clients
until you create the zone.
In the DNS MMC on the additional DNS-DC, just
right click and create the zone -- the records are there.
Herb you cannot do this, if the zone is stored in Active Directory, it
will
be replicated to all DCs in the domain without further action.
|
The records are replicate but the zone is not automatically
created on every DC -- although I will believe there is some
special case where that happens it clearly doesn't always
happen and I have DCs which are NOT AD integrated for
the zone.
There are also settings (which would make no sense were
that always true) in Win2003 for replicating ONLY to AD
Integrated DCs.
His question though was are the records replicated -- we
agree on this: they will be replicated if replication is
functioning and the two servers are both in the scope of
replication (Win2003 servers primarily.)
| Quote: | If you create a zone in AD on one DC you must wait for replication, do NOT
go to another DC and attempt to create a zone for the same domain name in
AD.
|
That part makes sense, but then I always have given
it time for replication. |
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Thu Jan 06, 2005 9:47 pm Post subject:
Re: Additional AD Integrated DNS servers??? |
|
|
In news:OIGxLE%238EHA.4004@tk2msftngp13.phx.gbl,
Herb Martin <news@LearnQuick.com> commented
Then Kevin replied below:
| Quote: |
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US
wrote in message
news:egOnIU48EHA.3640@tk2msftngp13.phx.gbl...
In news:OG5hK3K8EHA.1408@TK2MSFTNGP10.phx.gbl,
Herb Martin <news@LearnQuick.com> commented
Then Kevin replied below:
If it is a DC already (which it must be for this) AND
it is replicated fully, then the DNS records are already
there in AD but not available to DNS or it's clients
until you create the zone.
In the DNS MMC on the additional DNS-DC, just
right click and create the zone -- the records are
there.
Herb you cannot do this, if the zone is stored in Active
Directory, it will be replicated to all DCs in the
domain without further action.
The records are replicate but the zone is not
automatically
created on every DC -- although I will believe there is
some
special case where that happens it clearly doesn't always
happen and I have DCs which are NOT AD integrated for
the zone.
There are also settings (which would make no sense were
that always true) in Win2003 for replicating ONLY to AD
Integrated DCs.
His question though was are the records replicated -- we
agree on this: they will be replicated if replication is
functioning and the two servers are both in the scope of
replication (Win2003 servers primarily.)
|
Herb,
You should re-read his post. He had an AD zone with all the records, before
the zone could replicate he created another zone on another DC. Keep in mind
when you create a NEW zone in DNS there will be no records in it, it was
this zone that overwrote and replicated. Win2k does this, Win2k3 creates a
conflicting AD zone beginning with a CNF in ADUC.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in