New Domain controller, DNS client settings before FSMO transfer
I recently promoted a new domain controller. It is the fourth domain controller and third in the site. I plan to decommission the other two domain controllers in the site leaving just the new one. Right now the new domain controller points
its tcp\ip client to the other other domain controller\DNS servers as primary and itself at the bottom. The other domain controllers point to themselves as primary and the newest domain controller on the bottom of the list. Clients on the network
use the original domain controllers as DNS from DHCP first and then the new domain controller DNS. Is it okay to transfer all the FSMO roles to the new domain controller or should I make all the DNS clients point to it first?
Hi,
It is possible to first change your FSMO roles and after this is done then point your DNS clients to the new DC. This should not be a problem.
some interesting information about assigning your FSMO Roles: http://www.windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html
Hope this helps you out.
Similar Messages
-
New Domain Controller DNS Issues
Hello,
We currently have 2 root Domain Controllers (ROOTDOM) and 4 child Domain Controllers (MYDOM). ROOTDOM is an empty domain, everything on our network uses the MYDOM domain.
These existing DCs were running Server 2003, so we upgraded the schema and added 2 Server 2008 DCs in ROOTDOM and 4 Server 2008 DCs in MYDOM. All servers are DNS servers and Global Catalog servers.
The AD replication status tool shows replication is working perfectly between the new and old DCs, and everything looks up to date in AD and DNS on all servers.
The new servers have a SYSVOL and NETLOGON share as they should.
The servers are all in the Domain Controllers AD group and have correct static IP addresses, forwarders are pointing to the 2 old 2003 ROOTDOM DCs which in turn point to an internet source which works fine.
The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain. As soon as I put the DNS server back to one of the existing 2003 DCs, connectivity resumes
as normal.
I really don't understand what else I'm missing on those 2008 DCs, could you give me any pointers of where to look?
ROOTDOM MYDOM
2003RDC1 2003DC1
2003RDC2 2003DC2
2008RDC1 2003DC3
2008RDC2 2003DC4
2008DC1
2008DC2
2008DC3
2008DC4
The issue is slightly complicated by the fact that 2008DC2 has a hardware failure so DCDIAG (understandably) reports replication issues to that at the moment.
Any pointers greatly appreciated.
EDIT - DCDIAG results as follows:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = 2008DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Central-Site\2008DC1
Starting test: Connectivity
......................... 2008DC1 passed test Connectivity
Doing primary tests
Testing server: Central-Site\2008DC1
Starting test: Advertising
......................... 2008DC1 passed test Advertising
Starting test: FrsEvent
......................... 2008DC1 passed test FrsEvent
Starting test: DFSREvent
......................... 2008DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... 2008DC1 passed test SysVolCheck
Starting test: KccEvent
......................... 2008DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... 2008DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... 2008DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... 2008DC1 passed test NCSecDesc
Starting test: NetLogons
......................... 2008DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... 2008DC1 passed test ObjectsReplicated
Starting test: Replications
......................... 2008DC1 passed test Replications
Starting test: RidManager
......................... 2008DC1 passed test RidManager
Starting test: Services
......................... 2008DC1 passed test Services
Starting test: SystemLog
......................... 2008DC1 passed test SystemLog
Starting test: VerifyReferences
......................... 2008DC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : MYDOM
Starting test: CheckSDRefDom
......................... MYDOM passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... MYDOM passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running enterprise tests on : ROOTDOM.mycompany.co.uk
Starting test: LocatorCheck
......................... ROOTDOM.mycompany.co.uk passed test
LocatorCheck
Starting test: Intersite
......................... ROOTDOM.mycompany.co.uk passed test
IntersiteHi Kev,
>>The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain.
Before going further, does the 2008 DC belong to MYDOM domain? For AD-integrated DNS servers and if these servers belong to the same domain, they should hold the same set
of DNS records.
Besides, we can check DNS event logs to see if some related events were logged.
Best regards,
Frank Shen -
New Domain Controller does not show in our different site's Domain controller's Sites and Services
Hi,
we have two sites in our AD environment. OMA site and NY site. we have three domain controllers in our OMA site and two domain controllers in our NY site. All our DCs are windows server 2008R2 except one in our OMA site that is 2003R2 the domain
functional level is also 2003R2.
We decided to raise our functional level to 2008R2. I added a new domain controller in our OMA site and transferred all FESMOS from the DC that was running 2003R2 to this new domain controller.
the issue now is that our NY site does not make any connection with the new domain controller in OMA site. it does not even show it under sites and services. I have checked the DNS settings and everything. if you try to replicate the connections
from NY site it gives the following error: "The naming context is in the process of being removed or is not replicated from the specific server."
can anyone plz tell me why this is happening mt brain is just frozen at this moment and cant figure out why is this happeningJust noticed this replication issue has been going on for a while now but we never noticed until I added new DC. here is the error log for the NY site DC.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 1/4/2014 8:11:40 AM
Event ID: 2042
Task Category: Replication
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: NORDC1.vertrue.com
Description:
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two DCs may contain lingering objects. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions
of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". If the local destination DC was allowed to replicate with the source DC, these potential lingering object
would be recreated in the local Active Directory Domain Services database.
Time of last successful replication:
2013-05-16 15:26:38
Invocation ID of source directory server:
9236ac56-d046-4632-b072-acbe823c5f6c
Name of source directory server:
accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com
Tombstone lifetime (days):
90
The replication operation has failed.
User Action:
The action plan to recover from this error can be found at
http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects
<Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source
DC> <Destination DC DSA GUID> <NC>".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at
http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between
DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime
number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are
located immediately.
Alternate User Action:
Force demote or reinstall the DC(s) that were disconnected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
<EventID Qualifiers="49152">2042</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>5</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-01-04T13:11:40.963263500Z" />
<EventRecordID>38018</EventRecordID>
<Correlation />
<Execution ProcessID="660" ThreadID="1596" />
<Channel>Directory Service</Channel>
<Computer>NORDC1.vertrue.com</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
<Data>2013-05-16 15:26:38</Data>
<Data>9236ac56-d046-4632-b072-acbe823c5f6c</Data>
<Data>accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com</Data>
<Data>90</Data>
<Data>Allow Replication With Divergent and Corrupt Partner</Data>
<Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>
</EventData>
</Event> -
Adding new domain controller under tree domain
i have one forest root domain is ABC.com and one tree root domain under this forest is DEF.com ,
i want to add a new domain controller under tree root domain in windows server 2008 r2? i need steps and DNS configuration on forest or domain level
ThnxIf you want to add an additional domain controller to a domain you should promote the new dc with the primary dns in the nic settings of the new dc pointing at the current dc and once promoted you should point the original ip address nic settings to
the new dc. I am making the assumption that you are using AD integrated DNS.
http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Strange issues with domain controller/DNS server
Our domain controller/DNS server was working fine this morning. Then suddenly we stopped being able to access certain things on it. I could ping it, RDP into it, and access some files on it, but I couldn't run any applications hosted on it, accessing shared
network files was slow, and different people around the office were getting access denied errors to files and folders they had full control of in NTFS (and in shared permissions).
At first I noticed an NTP error so I registered w32tm and started the service and that got rid of the error but didn't fix anything.
Oddly, machines still had internet access.
We tried rebooting everything, restarting services, nothing has helped.
When I accessed the server directly through the console I could access everything, could connect to any machine in the office, nothing seemed to be wrong with it.
Any ideas?Is there any recent changes in your network or firewall or antivirus? Is there any change/updates performed in the AD side? I would suggest find out changes being done at the AD or Network/FIrewall level. You can run various diagnostic test within your AD
environment to find the overall health of the AD infra.
What does DCDIAG actually… do?
Active Directory Replication Status Tool Released
http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Domain Controllers that are DNS servers DNS Client settings
[Copying verbatim from a mail by Joe ]
So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
is the quote
"3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
Server 2008 R2 Core Network Guide)
"9. In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
local computer.
10. In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
the local computer."
From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
"The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
be configured only as a secondary or tertiary DNS server on a domain controller...
Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
DNS servers on <adapter name> should include the loopback address, but not as the first entry)
"If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
as a secondary or tertiary DNS server on a domain controller."
This also seems like justification against only using loopback versus using it first.
Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
thanks,
joeAs I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
http://support.microsoft.com/kb/275278 for information about this scenario.
However, there is still a known problem of slow boot times that can occur. See
http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
multiple servers come online simultaneously after power is restored, there can be a significant delay.
The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
-Greg -
Help with setting up active directory domain controller/DNS - need this for Clustering
Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
When I look at my server manager AD DS complain about DNS:
NASE-2012-234 4015 Error Microsoft-Windows-DNS-Server-Service DNS Server 1/14/2014 12:54:06 AM
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
When I click on DNS this is the error:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Output of DCDiag -v is below.
PS C:\Users\Administrator> dcdiag -v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine NASE-2012-234, is a Directory Server.
Home Server = NASE-2012-234
* Connecting to directory service on server NASE-2012-234.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
e,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
SDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
N=Configuration,DC=lab,DC=nase,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NASE-2012-234
Starting test: Connectivity
* Active Directory LDAP Services Check
The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
Check the DNS server, DHCP, server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... NASE-2012-234 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NASE-2012-234
Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : lab
Starting test: CheckSDRefDom
......................... lab passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... lab passed test CrossRefValidation
Running enterprise tests on : lab.nasecom
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
PDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
KDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
......................... lab.nase.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... lab.nasecom passed test Intersite
PS C:\Users\Administrator>http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions. You might want to post your question there.
.:|:.:|:. tim -
Dear Experts,
In our office we have a domain controller call it 'Office.com', all computers and corporate servers e.g. exchange, antivirus etc. are member of this 'office.com', it is also having a DNS. All users in office have there preferred DNS set to the corporate
DNS
We are working for ministry and offering services to them from our data center so have many servers which are for ministry but they are in our data center. For all these servers we created another DNS server which contains all entries for these servers in
forward and reverse lookup zones. In this DNS we also created a forward lookup zone for our corporate servers and zone name is 'office.com'
What we are trying to have is name resolution of all servers which are listed in other DNS build in our office on Win 2008 R2 for ministry servers
If the user change his preferred DNS to ministry DNS he can resolve the ministry server but then we can not control any thing through group policy since they are using other DNS and not the corporate DNS.
How this can be done ? like any group policy applied to corporate domain controller must take effect on users and in addition to this user must also be able to resolve server names in ministry project DNS
Please assist ASAP.
regards,Hello,
ok so the GPO setting doesn't apply in any case.
Clients machines use the first DNS server in the list of configured ones on the NIC. If that one is available search for additional DNS servers will stop.
What i can not really understand is your description about the second DNS server. This should normally either another DC with AD integrated DNS, so everything is replicatedwithin AD replication or you use a secondary DNS on domain member server that pulls
the informations from the Master.
It sounds for me that you have configured a machine with DNS server role and created manually the zone with the same name as the domainand manually create there the required A records?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
Server 2012 Domain Controller / DNS Issue
If you did ipconfig /registerdns, I'm assuming you did ipconfig /flushdns prior to that correct? Just want to make sure...
Once you are sure you did both, go ahead and type in nslookup in the command prompt. What does it display as the current DNS server? Once you type that in, you can type in the IP address of your new DC and see what it resolves to. Please get back to us with those results when possible.We had a domain controller go down in a multi domain controller environment. We set a new one up and promoted it to the domain. Assigned it all the necessary roles and joined it to the domain. It has been 4 days since we did this and we cannot ping it by host name. We can ping it by IP address. I have forced replication, which allowed me to ping it by host name for a few hours, but then it stopped working. I have tried to change the DNS primary to a different DC, making the host a secondary DNS, that didn't fix it. I am looking for any suggestions on how to fix it. I have done a ipconfig /registerdns , restarted DNS services but still not able to ping host name of DC on a consistent basis.
Any suggestions ?
[email protected]
This topic first appeared in the Spiceworks Community -
My New domain controller wont see the pdc
hi, i have a windows 2003 pdc that is the only one on the network, previous IT people did not have a BDC or system back up. Now the current domain controller is giving trouble, i tried to install a secondary 2003 domain controller (BDC) but it dose not see
the primary domain controller and it wants to be the pdc. The problem is how ever i want to keep all the previous user accounts and settings in the ad. I have tried using admt but it dose not recognise another dc how can i transfer all user info stored in
the active directory.
Hi scipiotechadmin,
Is the function level of your domain is Windows Server 2003? If so, you can use the Windows Server 2003 Active Directory Domain Rename Tools which can provide a security-enhanced and supported methodology to rename one or more domains (as well as application
directory partitions) in a deployed Active Directory forest:
Windows Server 2003 Active Directory Domain Rename Tools
For your information, please refer to the following articles to get more help:
What Is Domain Rename?
How Domain Rename Works
Regards,
Lany Zhang -
DNS Host (A) Rec. is Static for new Domain Controller
I was just questioned by my boss on why there are Static Host (A) records for Domain Controllers since I started and not before. The only conclusion that I can come up with is that they are new Server 2008 R2 systems. We are about to do an IP
Renumber here at the Corporate Office and this is how it was found that there are these Host (A) records.
Can someone explain to me why they are static and not dynamic now? I would also like to be pointed to some documentation so that I can present it to her if possible?This is by design.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/afd3c338-1706-4898-b269-550c018073c0/dns-entry-for-dc-not-dynamically-updating-server-2008-r2?forum=winserverDS
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed97a286-d884-43d6-87e2-5cd5e59cfe9a/windows-2008-r2-domain-controllers-and-static-dns-entries?forum=winserverNIS
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks. -
Redundant domain controller DNS settings
Hi guys,
We have two domain controllers, both DNS and GC. I am curious as to what the recommended IP DNS settings should be for both DCs? I think it is like this...
DC1
DNS1 - DC2
DNS2 - DC1
DC2
DNS1 - DC1
DNS2 - DC2
Is this the right setup?
Thanks
AaronIs this the right setup?
Yes it is correct. I would go with 127.0.0.1 for 'Alternate DNS server'.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
NEW Domain Controller to Replace Old One
After you demote the physical machine, but before you change the new machine , make sure to carefully go through all your DNS zones and delete the references to the IP and Host Name of the demoted machine. I found that demoting DCs doesn't do a good job of cleaning out DNS.
I'm building a new DC for my network and have a couple of questions.
I currently have 2 DCs, one is a VM (DC1 also FSMO) and the other a physical box (DC2). DC2 is on aging equipment and needs replacing so my plan was to build a new box and create a new DC, but I want to put the IP address from DC2 on the new DC (DC3) so I don't have to change the DNS config on all of my client PCs.
How would you go about this? - I'm thinking, get DC3 up and running (fully configured as a DC) then demote DC2 and decommission it, then change the IP of DC3 to the address that was used by DC2.
It seems a little too easy and I feel like I'm missing something so I thought I'd ask the Spice Heads :)
Thanks
This topic first appeared in the Spiceworks Community -
Hi,
I have the following problem.
We are using ZENworks 3.2 and we have some clients which have the internal
DNS server manually configured in the TCPIP settings. I want to change
that to "automatically", so the client gets the DNS Servers from the DHCP
server. Hava anybody experience how can I do that with ZENworks?
Many thanks
JosefThere are some freeware tools that can do this.
Sorry I can't recall the name.
I think they may even be provided by MS.
ZEN could be used to simply call the tools if found.
[email protected] wrote:
> Hi,
> I have the following problem.
> We are using ZENworks 3.2 and we have some clients which have the internal
> DNS server manually configured in the TCPIP settings. I want to change
> that to "automatically", so the client gets the DNS Servers from the DHCP
> server. Hava anybody experience how can I do that with ZENworks?
>
> Many thanks
> Josef
Craig Wilson
Novell Product Support Forum Sysop
Master CNE, MCSE 2003, CCN -
Best practise to add new domain controller 2008r2 and de-promote 2003 x86
Depending on the size of the environment and the complexity determines where the roles should be held.The PDCe role should be held on a machine that has the better hardware. It will resolve any password conflicts and account lockouts. It also keeps the time clocks synchronized across the domain.The other roles are responsible for kind of basic housekeeping across the domain and forest. Such as the Domain Naming master it is responsible for name changes across the domain.The Schema Master which is responsible for updates to the directory and the RID master which issues pools of IDs for DCs to issue for new users or computers.The infrastructure master is responsible for keeping multiple domains and forests in sync. The infrastructure master does not do a lot in a single forest single domain environment and can be placed on any DC....
Also if you are upgrading why not go right to 2012.
Might save a few years on having to upgrade again.
Here is a great guide from MS
http://community.spiceworks.com/how_to/57636-migrate-active-directory-from-server-2003-to-server-201...
Maybe you are looking for
-
I'm running windows server 2003, with 10g Release 1 (10.1) for Windows, while tring to create my database i get this error: instance created DIM-00019: create service error O/S-Error (OS 1388)A new member could not be added to the local group because
-
Not able to start service of OracleOraHome81Agent in sap 4.7 installation
while installing sap 4.7 on window server 2003 i am not able to start service of OracleOraHome81Agent during installation of Oracle 8i . if i ignore this error and go further it is giving error in SAP installation
-
Taking a driving trip from NY to FL. Any suggestions for apps that I'll need for finding hotels, gas, food, gps, etc? I'd like to get these loaded and familiarize myself with them before we leave. I will have 3G while on the road.
-
Can we create a precalculated workbook?
Actually i know that we can create a precalculated workbook in web template but in BEx Analyzer is there a possibility of creating precalculated workbook.???
-
New ~/Library/Keychains subfolder?
I've been using OS X 10.7 Lion until today, and I've just bought an SSD for my Macbook (to upgrade from a harddrive) and installed OS X 10.9 Mavericks on it. So far Mavericks seems great, and there are some sweet little improvements. I've put my old