Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, August 30, 2012 10:09 AM
Hello there!
I need a quick hand, please. In brief, can you make a DNS server on Windows 2003, which is not a domain controller, effectively a replica of AD DNS?
Sounds odd perhaps?
Well it's all about getting rid of legacy as best we can and consolidating. But that means change change change and a small amount of fudging around the edges too! :-)
We are migrating offices and data centres at the same time. With a phased change, our original office LAN IP range will be up for a while, then closed. I have to decommission our ancient DCs (running 2003 Std) which have a dual DNS/DHCP function. New DCs are running Win2k3 R2 x64 (for trust reasons whilst we also close down an old service running on an NT4 domain) and AD-integrated DNS.
I need to keep the old primary DC server (too many named references to files on it by in-house apps), but demote it form a DC, then VM it. For DNS resolution, lots of machines point statically by IP to this box, so I would rather not have to change the DNS IP for all our services. If I demote the old primary DC, can I push a DNS replica to it from my new DCs?
Thank you in advance :-)
Neil
All replies (3)
Friday, August 31, 2012 5:46 AM ✅Answered
Hi Neil,
Thank you for the post.
AD-integrated DNS zone cannot replication with non-DC DNS server. Why do you want to do it? You mean some time there is no DC server in your site ? To VM DC, it's not recommended to VM PDC (keep it on physical hardware).
I suggest you create new VM DC, transfer FSMO to other physical DC from old primary DC, demote old primary DC, change VM DC ip address to the old primary DC ip address. Here are some article about change DC ip address.
http://technet.microsoft.com/en-us/library/cc758579(WS.10).aspx
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/1ba98b1e-f2f3-4241-a0ff-7742bc2bd485/
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/8cce4453-e216-4429-8cbd-6b907dce5bcc
If there are more inquiries on this issue, please feel free to let us know.
Regards,
Rick Tan
TechNet Community Support
Saturday, September 1, 2012 7:12 AM ✅Answered
I agree with Rick that you can't replicate the data in the sense of AD replication, because that's how the DNS data actually replicates between DCs.
What you can possibly do is setup a Secondary on the non-DC for the zones. By default transfers are disabled on AD integrated zones, but you can enable it in the zone's properties.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, August 31, 2012 8:41 AM
Thanks Rick!
Presently most of our infrastructure calls the primary DNS IP from the old PDC.
I've have a raft of lovely new shiny tin domain controllers and the FMSO roles & GC have been transferred over. The new DCs will have a completely different subnet address as we are slowly moving office (two different local networks, two different local user networks) with the new PDC on the new local server network.
This leaves the old primary still a DC and doing DNS resolution. But there is a legacy file-server role also on the old box and it is out of space, so we would like to VM, keep running and easily extend its disk space. I suppose if the network team can sort it, I could bind the old PDC IP to the new PDC and so still resolve DNS on the old address. :-)