I have a question/ point to add to this. I've not got round to testing this
yet, so I'm simply speculating, but I assume Rob is thinking along the same
vein...
When you make your DNS AD-integrated, the zone file is no longer stored in a
zone file; rather it is stored in the directory. Thus, in theory you would
not *require* another DNS server to synchronise from. It is part of the
domain configuration and is thus replicated.
However, the catch twenty-two situation arises whereby how do you locate a
DC without fully functioning DNS??? You can't unless you whip up a hosts
file can you...
So, a DNS server is needed to configure another AD-integrated DNS server,
but not for the reason of getting the zone info...only for locating a DC
with that domains domain partition to obtain the zone info.
What do you think Cary (and everyone else)??? Am I correct, being stupid,
or simply thinking about things too much ;-)
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
Rob,
You would need to install DNS on the second Domain Controller! If you do
not install it it is not there!
Anyway, it is a really good idea to have multiple Domain Controllers. You
will really save yourself a lot of grieve with this. It is an even better
idea to also install DNS on that second Domain Controller. Making your DNS
also Active Directory Integrated is also a really good idea.
Now, to add a couple of things you might want to consider
Make that second Domain Controller a Global Catalog Server. Here is how to
do that:
http://support.microsoft.com/?id=313994
There is something called FSMO Roles in Active Directory. By default, all
five of these roles are going to be held by the first Domain Controller in
the environment. Let's just assume a single domain/tree/forest environment.
So, the first DC holds all five of these roles ( Schema Master, Domain
Naming Master, PDC Emulator, RID Master and Infrastructure Master ). I
would keep things this way. If you wanted to ( because you read about it
someplace and you think that it is a good idea to have them split up over
multiple DCs ) split them up I would keep the Schema Master and the Domain
Naming Master on the first DC and then transfer the other three to the
second DC. Here is how to do that:
http://support.microsoft.com/?id=255690
http://support.microsoft.com/?id=255504
I might stay away from ntdsutil until you play with it a bit in the lab.
If you really wanted to go nuts with this whole 'redundancy' thing I might
split up DHCP. Make one half of the scope ( 192.168.1.1 - 192.168.1.127 )
on one DHCP Server and the other half of the scope ( 192.168.1.128 -
192.168.1.254 ) on another DHCP Server.
HTH,
Cary
rob davis said:
I have a win2k AD/ingegrated DNS domain controller on my network. I
installed a second DC by using dcpromo, after the install, DNS did not
appear under admin tools. I assume DNS is part of dns because of the first
DC, but what happens if the first domain controller crashes?. Should i setup
DNS on the second DC, or does the second DC takeover automatically because
DNS is Integrated into AD...
