AD Integrated zones
mcron
be DCs?
Herb Martin
news:C26E6ABC-E6D4-48EE...@microsoft.com...
> Is it true that with Active Directory Integrated zones, all DNS servers
must
> be DCs?
Not exactly. It is true that all AD Integrated DNS server must be
DCs, but you may also have ordinary secondaries which are not
DCs.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Ace Fekay [MVP]
mcron <mc...@discussions.microsoft.com> made this post, which I then
commented about below:
> Is it true that with Active Directory Integrated zones, all DNS
> servers must be DCs?
Yes. That feature is only available if DNS is installed on a DC.
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
mcron
If I understand correctly, I can have a member server configured as a
secondary DNS server to an AD Integrated primary? In that case, the zone
info is stored in AD on the primary and as a regular text file on the
secondary?
Ace Fekay [MVP]
>
> If I understand correctly, I can have a member server configured as a
> secondary DNS server to an AD Integrated primary? In that case, the
> zone info is stored in AD on the primary and as a regular text file
> on the secondary?
>
Actually that's true. You can make a secondary of an AD Integrated zone.
But your original question asked if AD Integrated zone must be on a DC,
which the answer to THAT question is "yes". But they do act as a Prmary for
secondary zones. You will just need to allow zone transfers, which is turned
off by default in Win2003.
Ace
mcron
I am preparing/planning to migrate from Windows 2000 AD to Windows 2003 AD.
I have a single domain with two Windows 2000 DCs (DC1 and DC2) and two
Windows 2000 DNS servers (one primary, DNS1, and one secondary, DNS2). I
would like to implement AD Integrated zones but am not sure how to get there.
I have a single domain, corp.company.com.
I am purchasing new hardware for the 2003 DCs. I think I am comfortable
with the AD migration, it is getting my DNS house in order that is unclear.
Since neither of my DCs is a DNS server, should I run dcpromo on the existing
primary, DNS1, and then change the zone type to AD Intergrated? In that
scenario, DNS2 could still be secondary to DNS1. When I install the new
Windows 2003 servers, I can install but not configure DNS and when I run
dcpromo, I will end up with a 2003 DC with AD Integrated zones?
It seems like running dcpromo on my primary DNS server is the only way to
get the zone file in AD.
Does this sound reasonable?
Thanks for the brainpower...
Ace Fekay [MVP]
>
> I am preparing/planning to migrate from Windows 2000 AD to Windows
> 2003 AD. I have a single domain with two Windows 2000 DCs (DC1 and
> DC2) and two Windows 2000 DNS servers (one primary, DNS1, and one
> secondary, DNS2). I would like to implement AD Integrated zones but
> am not sure how to get there.
>
> I have a single domain, corp.company.com.
>
> I am purchasing new hardware for the 2003 DCs. I think I am
> comfortable with the AD migration, it is getting my DNS house in
> order that is unclear. Since neither of my DCs is a DNS server,
> should I run dcpromo on the existing primary, DNS1, and then change
> the zone type to AD Intergrated? In that scenario, DNS2 could still
> be secondary to DNS1.
No need to complicate things. Just install DNS on the current DCs. On one of
them, create a secondary zone and let it transfer from DNS1. Once that is
done, change the zone to AD Integrated. Then install DNS on the other DC.
The zone should come across thru AD's replication process. Then point DNS in
each DC;s properties to itself as the first entry, the other DC as the
second entry.
> When I install the new Windows 2003 servers, I
> can install but not configure DNS and when I run dcpromo, I will end
> up with a 2003 DC with AD Integrated zones?
By default, yes it will be AD Integrated by default, that is only if it is a
brand new DC in a brand new domain in a brand new forest.
Are you migrating to a totally new domain or just keeping with the same name
and upgrading your current domain to 2003?
>
> It seems like running dcpromo on my primary DNS server is the only
> way to get the zone file in AD.
No.
>
> Does this sound reasonable?
To much work for me! Let the current DCs handle it instead of creating more
DCs that you may not really need.
>
> Thanks for the brainpower...
Brainpower? Nah, but I did sleep at a Holiday Inn last night.
(second time I used that phrase this week) :-)
Ace
mcron
on my existing DC1 and configure it to be secondary to DNS1. Once the zone
transfer has completed, I can change the zone type to AD Integrated. Is that
correct? At that point there are two writable copies of the zone file: DNS1
and DC1? How do updates written to DNS1 get "transferred" to DC1? Can a
zone file be secondary (to DNS1) and AD Intergrated?
Could I follow the same concept but wait until I have deployed my new server
hardware: install DNS, configure zone as secondary to DNS1, zone transfer and
then run dcpromo on the 2003 server then change the zone type to AD
Integrated?
Herb Martin
you are specifically trying to BREAK replication as is
done with shadow DNS to keep the Internal and External
DNS servers from replicating.)
You will either have a "set of AD Integrated DC-DNS
servers" OR a single Primary (for internal DNS.)
You may have additional secondary DNS servers in either
case.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
"mcron" <mc...@discussions.microsoft.com> wrote in message
news:EF29E126-065D-4F55...@microsoft.com...
Ace Fekay [MVP]
> install DNS on my existing DC1 and configure it to be secondary to
> DNS1. Once the zone transfer has completed, I can change the zone
> type to AD Integrated. Is that correct?
Yes, it's a rather simple procedure.
> At that point there are two
> writable copies of the zone file: DNS1 and DC1?
Well yes, but you are doing away with DNS1 and going to use only your DCs
for your infrastructure's DNS requirements.
> How do updates
> written to DNS1 get "transferred" to DC1?
You are doing away with DNS1 and using your DCs as I mentioned above.
> Can a zone file be
> secondary (to DNS1) and AD Intergrated?
NO. You can always change the zone on DNS1 to be a secondary to pull it from
DC1, if you like, but you will lose AD Integration's security and other
features.
>
> Could I follow the same concept but wait until I have deployed my new
> server hardware: install DNS, configure zone as secondary to DNS1,
> zone transfer and then run dcpromo on the 2003 server then change the
> zone type to AD Integrated?
That depends on if you are doing an actual migration or just an upgrade. If
you want to pull the current zone data over to the new servers, that seems
to be implying you are upgrading.
Ace
mcron
current DCs are Windows 2000, my new DCs will be Windows Server 2003, I am
keeping the existing forest/domain and my goal is to decommission the Windows
2000 DCs after the new DCs are in place so that I only have 2003 DCs. Is
that upgrading?
Herb Martin
> I think I understand. I want to be clear about upgrading vs. migrating:
My
> current DCs are Windows 2000, my new DCs will be Windows Server 2003, I am
> keeping the existing forest/domain and my goal is to decommission the
Windows
> 2000 DCs after the new DCs are in place so that I only have 2003 DCs. Is
> that upgrading?
>
The term 'upgrading' doesn't apply as cleanly as it does for WinNT;
it is certainly NOT migrating however since you will retain the same
domain.
You will be 'upgrading' the DOMAIN by adding the Win2003 DCs,
rather than by 'upgrading the existing DCs."
So yes, you are upgrading your domain but not your DCs this way.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
> "Ace Fekay [MVP]" wrote: