Configure the DNS Server

[Guest]

I've inherited a Windows 2000 Native mode environment with 10 Domain controllers in a Single forest and multi child domains and I am doing clean up. There are DNS servers on about 8 of the 10 DCs. How can I tell if this DNS infrastructure is AD Integrated? If it is not AD Integrated, what steps do i need to take to move it AD-Integrated

Also, on some of the DNS servers, when I go to the DNS MMC and right click on the server, the "configure this server" option is available to me. On others, it is not. Does it mean that it is not configured? I do see zones on these particular servers tho

Any help would be greatly appreciated. Thanks.

 

[Kevin D. Goodknecht [MVP]]

In

I've inherited a Windows 2000 Native mode environment with 10 Domain
controllers in a Single forest and multi child domains and I am doing
clean up. There are DNS servers on about 8 of the 10 DCs. How can I
tell if this DNS infrastructure is AD Integrated? If it is not AD
Integrated, what steps do i need to take to move it AD-Integrated?

Use the DNS console to open Forward Lookup Zones, in the right hand pane it
will list the zone name and zone type.

Also, on some of the DNS servers, when I go to the DNS MMC and right
click on the server, the "configure this server" option is available
to me. On others, it is not. Does it mean that it is not configured?

Not necessarily, it just means the wizard has not be ran. You can run
through the wizard and it will stop the message.
The main thing that is important to configure on the DNS server is its
forwarders and removal of the Root "." Forward Lookup Zone, if it has one.

 

[Guest]

Thanks for the reply
When I click on the Forward Lookup Zone on say server1, some say AD-Integrated and some say Secondary. Then when i goto another server, say server2 and bring up DNS, some of those same zones that said 2ndary on the first server, say AD-Integrated on the second server? How do I change it so EVERYTHING says AD-Integrated? Is there an article on this? Also is changing it to integrated as simple as changing the type? Are there prerequisite tasks to perform prior to doing this?

In other words, is it that simple to change from a 2ndary to AD-Integrated just by changing the type

Thank

----- Kevin D. Goodknecht [MVP] wrote: ----

In

I've inherited a Windows 2000 Native mode environment with 10 Domai
controllers in a Single forest and multi child domains and I am doin
clean up. There are DNS servers on about 8 of the 10 DCs. How can
tell if this DNS infrastructure is AD Integrated? If it is not A
Integrated, what steps do i need to take to move it AD-Integrated

Use the DNS console to open Forward Lookup Zones, in the right hand pane i
will list the zone name and zone type

click on the server, the "configure this server" option is availabl
to me. On others, it is not. Does it mean that it is not configured

Not necessarily, it just means the wizard has not be ran. You can ru
through the wizard and it will stop the message
The main thing that is important to configure on the DNS server is it
forwarders and removal of the Root "." Forward Lookup Zone, if it has one



--
Best regards
Kevin D4 Dad Goodknecht Sr. [MVP
Hope This Help
===========================
--
When responding to posts, please "Reply to Group" via you
newsreader so that others may learn and benefit from your issue
To respond directly to me remove the nospam. from my email
=========================================
http://www.lonestaramerica.com
=========================================
Use Outlook Express?... Get OE_Quotefix
It will strip signature out and mor
http://home.in.tum.de/~jain/software/oe-quotefix
=========================================
Keep a back up of your OE settings and folders wit
OEBackup
http://www.oehelp.com/OEBackup/Default.asp
=========================================

 

[Deji Akomolafe]

The change is as simple as you guessed. Make up your mind if you are going
to be AD-integrated or not. If you are, then they all need to be the same on
all the servers. It's a cosmetic requirement that prevents the kind of
confusion you are running into now.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Thanks for the reply.
When I click on the Forward Lookup Zone on say server1, some say

AD-Integrated and some say Secondary. Then when i goto another server, say
server2 and bring up DNS, some of those same zones that said 2ndary on the
first server, say AD-Integrated on the second server? How do I change it so
EVERYTHING says AD-Integrated? Is there an article on this? Also is
changing it to integrated as simple as changing the type? Are there
prerequisite tasks to perform prior to doing this?

 

[Kevin D. Goodknecht [MVP]]

In

Thanks for the reply.
When I click on the Forward Lookup Zone on say server1, some say
AD-Integrated and some say Secondary. Then when i goto another
server, say server2 and bring up DNS, some of those same zones that
said 2ndary on the first server, say AD-Integrated on the second
server? How do I change it so EVERYTHING says AD-Integrated? Is
there an article on this? Also is changing it to integrated as
simple as changing the type? Are there prerequisite tasks to perform
prior to doing this?

In other words, is it that simple to change from a 2ndary to
AD-Integrated just by changing the type?

For a correct answer I need to know, are both of these DCs for the same
domain?
(Since you have AD Integrated they would have to be DCs under Windows 2000)

Under Windows 2000 AD Integrated zones will only replicate to DCs within the
same domain. Windows Server 2003 has more replication options, that are not
available under Windows 2000.

 

[Guest]

There are 10 DC's total. They are in one forest: domain.com.
I have 2 DC's each in 4 child domains: na.domain.com; dev.domain.com; apac.domain.com; emea.domain.com

For example: NA.domain.com zon
On the NA.domain.com DNS server - it says it is AD-Integrated
On the Apac.domain.com DNS server - that same zone says it is a secondary domain

That's just one example. I would like to change all my 2ndary zones to AD integrated

Can I just simply flip a switch to make that AD-Integrated, is it as simple as changing the type? Thanks

----- Kevin D. Goodknecht [MVP] wrote: ----

In

Thanks for the reply
When I click on the Forward Lookup Zone on say server1, some sa
AD-Integrated and some say Secondary. Then when i goto anothe
server, say server2 and bring up DNS, some of those same zones tha
said 2ndary on the first server, say AD-Integrated on the secon
server? How do I change it so EVERYTHING says AD-Integrated? I
there an article on this? Also is changing it to integrated a
simple as changing the type? Are there prerequisite tasks to perfor
prior to doing this
AD-Integrated just by changing the type

For a correct answer I need to know, are both of these DCs for the sam
domain
(Since you have AD Integrated they would have to be DCs under Windows 2000

Under Windows 2000 AD Integrated zones will only replicate to DCs within th
same domain. Windows Server 2003 has more replication options, that are no
available under Windows 2000



--
Best regards
Kevin D4 Dad Goodknecht Sr. [MVP
Hope This Help
===========================
--
When responding to posts, please "Reply to Group" via you
newsreader so that others may learn and benefit from your issue
To respond directly to me remove the nospam. from my email
=========================================
http://www.lonestaramerica.com
=========================================
Use Outlook Express?... Get OE_Quotefix
It will strip signature out and mor
http://home.in.tum.de/~jain/software/oe-quotefix
=========================================
Keep a back up of your OE settings and folders wit
OEBackup
http://www.oehelp.com/OEBackup/Default.asp
=========================================

 

[Kevin D. Goodknecht [MVP]]

In

There are 10 DC's total. They are in one forest: domain.com.
I have 2 DC's each in 4 child domains: na.domain.com; dev.domain.com;
apac.domain.com; emea.domain.com.

For example: NA.domain.com zone
On the NA.domain.com DNS server - it says it is AD-Integrated.
On the Apac.domain.com DNS server - that same zone says it is a
secondary domain.

That's just one example. I would like to change all my 2ndary zones
to AD integrated.

Using your example, only the domain contollers for na.domain.com can have a
replicating AD integrated zone for na.domain.com.
This is where it is going to confuse you, while you can make apac.domain.com
AD integrated on the na.domain.com DC, BUT it will NOT replicate from the DC
for apac.domain.com. Only the DCs in apac.domain.com domain will get a
replicated zone for apac.domain.com.

However, the method of using Secondary zones on the DCs is incorrect you are
probably getting a lot of runtime errors due to all the zone transfers,
aren't you?

Here is how ir should be done.
On the forest parent DC for domain.com create these delegations in the
domain.com zone:
na
dev
apac
emea
Make these delegations to the DCs for these domains.
Then on all the child DCs make them forward ONLY to the Forest parent DNS
server AND check the box "Do not use recursion"

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain
http://support.microsoft.com/default.aspx?scid=kb;en-us;255248

Can I just simply flip a switch to make that AD-Integrated, is it as
simple as changing the type? Thanks.

It won't work this way in Windows 2000 the zone will not replicate across
domain partitions. Win2k3 would work better in your situation because Win2k3
allows DNS replication forest wide.

In the absence of Win2k3 the best situation for your scenario is to have a
parent DC with all the delegated child names at each location with the child
DCs and forward to it. Or for that fact you can use the Parent DC for all
DNS and it will replicate to all DCs in the Parent domain at all locations.
It would be less expensive to upgrade to Win2k3.