Convert DNS secondary zone to Active Directory Intergrated? Can this be done?

  • Thread starter Thread starter Jary Jablonec
  • Start date Start date
J

Jary Jablonec

Hi there,

It's about our internal DNS.
Scenario:
Typical Microsoft shop. Windows 2000 recently upgraded to SP4 on 9 domain
controllers. 4 in Central, 5 in Remote locations. Native mode.
Forest Root Domain let say 123.com - active directory integrated zone, 2
domain controllers.
Child Domain let say abc.123.com - active directory integrated zone, 7
domain controllers.
We had a DNS name resolution problem, so created Secondary Zones of 123.com
on all 7 domain controllers in abc.123.com
Our Secondary Zones still do not update properly. Even "Transfer from
Master" doesn't work.
Secondary Zone deletion and recreation is necessary to get updates.
There's Change button in Secondary Zone properties. Tried to change it to
Active Directory Integrated, but received a message:
"The data on the primary zone failed to set. The zone type is invalid".
Deleted Secondary Zones and tried to create New 123.com AD Integrated at
abc.123.com level - the same error message.
Using Enterprise Admin account.
Can somebody please put some light on this problem?
Thanks In Advance,

JJ
 
Well, in W2k, an AD INtegrated zone only exists on a DC in the domain that
the zone is created in. This is because the zone exists in the Domain
Partition. This partition does not replicate to other domain controllers
that are in other domains, only to DCs in that specific domain.

Zone transfers not working are usually due to either:
1.Zone transfers not being allowed.
2. Firewall rules not allowing TCP and UDP 53 and UDP 1024-65535

My suggestion for you in this scenario is to use delegation. Delegate the
child zone from the Parent zone to the child's DNS servers. Then in the
child's DNS server, forward back to the parent DNS server. Then in the
parent DNS server, forward to the ISP's DNS server. This way it's way easier
then what you;re doing and is actually a recommended best practice. Here's
info on how to:

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Finished testing in the lab. I had to do some tweaking to make it work in
our environment, but it works like a charm.
Big THANK YOU!

JJ


"Ace Fekay [MVP]"
 
Glad it worked for you.
Cheers!
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Jary Jablonec said:
Finished testing in the lab. I had to do some tweaking to make it work in
our environment, but it works like a charm.
Big THANK YOU!

JJ


"Ace Fekay [MVP]"
Click to expand...
 
You will need to make sure that the parent zone allows zone transfer to the child DNS servers. Test this by opening a command prompt and type "nslookup"
press enter. Type "server IP" where IP is the IP address of the parent DNS server and press enter. Type "ls -d zonename" where zone name is the parent
zone name and press enter. This should pull down a complete copy of the parent zone. If not, then verify that zone transfers are allowed to the child DNS
servers. Verify that nothing is blocking TCP port 53 for zone transfers.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
Back
Top