|
Hi Mike, I think you’re
going to have some more fun than you’re planning, particularly with the
DCs. I’m not
entirely sure what this member server is hosting a secondary zone of. I do understand
that whatever it is, is good DNS and that’s what you want. There is no
need to promote this member server to a DC in order to AD integrate it, given a
little bit of handy work. Does this secondary server have a zone with the same
name as what’s in AD now? If so, delete whatever’s in AD, let that
replicate. Setup the secondary member server to allow zone transfers to one of
your DCs, one which is well connected to the DNS server is good, and convert the
zone on the member server to a primary. On the DC, set it up as a secondary to
this new zone. Transfer the zone; make sure it’s a good copy. Convert
this newly transferred zone to a primary zone, hit the AD integrate button. Make
sure dynamic updates are on as well, secure only is usually a good choice here. Now at this
point, since you’ve blown away AD DNS, your replication and logon traffic
is busted to say the least. If you haven’t already, point the DC to
itself for primary DNS. Do an ipconfig /registerdns, and then a net stop
netlogon/net start netlogon. This *should*
get the DC reregistered in DNS right. Sometimes it takes a reboot or two. At
this point, you can point the other DCs at this first one for DNS and do the
same ipconfig /registerdns and stop/start netlogon. THye should pick up the new
DNS, replicate right – might take a reboot or two. Finally, you
can remove the 127.0.0.1 primary DNS from your first DC in this circus and
point it at another one. Once you’ve got all your ducks in a row here, do
a netdiag and dcdiag on each DC and see what’s cooking. Give them time to
do a replication cycle or two and pickup anything from before you started this.
I’d do this all at night during your maintenance window as logon traffic,
Exchange, others will be totally broke. People may need to restart computers in
the morning. I’m not
sure I understand where your BIND DNS, and other stuff comes in here, but you’ll
need to ensure that if clients point to them, they (the DNS servers) point back
to AD. Other solution is to just throw them out and use your AD DNS to resolve
internal and external. Now, I think
this would work. It certainly seems like it would wherever my mind is at
11:15PM. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mike Hogenauer I’ve
just inherited 3 AD controllers and the DNS in just a mess, some clients point
to External Bind Cache servers and there are 2 zones in MS DNS that are used
for intern resolution with half the resources in one zone and half in the
other, I’ve build another Member server just running DNS and have allowed
zone transfers and I think I have it all running correctly now on the new server.
Does anyone know or see a problem with pointing the current AD integrated ones
to the new Secondary server for resolution then deleting the current AD
integrated Zones and then promoting the new secondary server to a DC, then
change the DNS on that server to AD integrated and let it populate to the rest
of the domain controllers? All servers
are windows 2003. All Bind Servers are 9.0. Thanks in
advance Mike Mike Hogenauer Rendition
Networks, Inc. 425.636.2115
| Fax: 425.497.1149 |
- RE: [ActiveDir] Deleting AD DNS zones Brian Desmond
- RE: [ActiveDir] Deleting AD DNS zones Mulnick, Al
