New Domain controller, DNS client settings before FSMO transfer

I recently promoted a new domain controller.  It is the fourth domain controller and third in the site.  I plan to decommission the other two domain controllers in the site leaving just the new one.   Right now the new domain controller points
its tcp\ip client to the other other domain controller\DNS servers as primary and itself at the bottom.  The other domain controllers point to themselves as primary and the newest domain controller on the bottom of the list.  Clients on the network
use the original domain controllers as DNS from DHCP first and then the new domain controller DNS.  Is it okay to transfer all the FSMO roles to the new domain controller or should I make all the DNS clients point to it first?

Hi,
It is possible to first change your FSMO roles and after this is done then point your DNS clients to the new DC. This should not be a problem.
some interesting information about assigning your FSMO Roles: http://www.windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html
Hope this helps you out.

Similar Messages

  • New Domain Controller DNS Issues

    Hello,
    We currently have 2 root Domain Controllers (ROOTDOM) and 4 child Domain Controllers (MYDOM). ROOTDOM is an empty domain, everything on our network uses the MYDOM domain.
    These existing DCs were running Server 2003, so we upgraded the schema and added 2 Server 2008 DCs in ROOTDOM and 4 Server 2008 DCs in MYDOM. All servers are DNS servers and Global Catalog servers.
    The AD replication status tool shows replication is working perfectly between the new and old DCs, and everything looks up to date in AD and DNS on all servers.
    The new servers have a SYSVOL and NETLOGON share as they should.
    The servers are all in the Domain Controllers AD group and have correct static IP addresses, forwarders are pointing to the 2 old 2003 ROOTDOM DCs which in turn point to an internet source which works fine.
    The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain. As soon as I put the DNS server back to one of the existing 2003 DCs, connectivity resumes
    as normal.
    I really don't understand what else I'm missing on those 2008 DCs, could you give me any pointers of where to look?
    ROOTDOM          MYDOM
    2003RDC1         2003DC1
    2003RDC2         2003DC2
    2008RDC1         2003DC3
    2008RDC2         2003DC4
                            2008DC1
                            2008DC2
                            2008DC3
                            2008DC4
    The issue is slightly complicated by the fact that 2008DC2 has a hardware failure so DCDIAG (understandably) reports replication issues to that at the moment.
    Any pointers greatly appreciated.
    EDIT - DCDIAG results as follows:
    Directory Server Diagnosis
    Performing initial setup:
    Trying to find home server...
    Home Server = 2008DC1
    * Identified AD Forest.
    Done gathering initial info.
    Doing initial required tests
    Testing server: Central-Site\2008DC1
    Starting test: Connectivity
    ......................... 2008DC1 passed test Connectivity
    Doing primary tests
    Testing server: Central-Site\2008DC1
    Starting test: Advertising
    ......................... 2008DC1 passed test Advertising
    Starting test: FrsEvent
    ......................... 2008DC1 passed test FrsEvent
    Starting test: DFSREvent
    ......................... 2008DC1 passed test DFSREvent
    Starting test: SysVolCheck
    ......................... 2008DC1 passed test SysVolCheck
    Starting test: KccEvent
    ......................... 2008DC1 passed test KccEvent
    Starting test: KnowsOfRoleHolders
    ......................... 2008DC1 passed test KnowsOfRoleHolders
    Starting test: MachineAccount
    ......................... 2008DC1 passed test MachineAccount
    Starting test: NCSecDesc
    ......................... 2008DC1 passed test NCSecDesc
    Starting test: NetLogons
    ......................... 2008DC1 passed test NetLogons
    Starting test: ObjectsReplicated
    ......................... 2008DC1 passed test ObjectsReplicated
    Starting test: Replications
    ......................... 2008DC1 passed test Replications
    Starting test: RidManager
    ......................... 2008DC1 passed test RidManager
    Starting test: Services
    ......................... 2008DC1 passed test Services
    Starting test: SystemLog
    ......................... 2008DC1 passed test SystemLog
    Starting test: VerifyReferences
    ......................... 2008DC1 passed test VerifyReferences
    Running partition tests on : DomainDnsZones
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation
    Running partition tests on : ForestDnsZones
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation
    Running partition tests on : MYDOM
    Starting test: CheckSDRefDom
    ......................... MYDOM passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... MYDOM passed test CrossRefValidation
    Running partition tests on : Schema
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Running partition tests on : Configuration
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Running enterprise tests on : ROOTDOM.mycompany.co.uk
    Starting test: LocatorCheck
    ......................... ROOTDOM.mycompany.co.uk passed test
    LocatorCheck
    Starting test: Intersite
    ......................... ROOTDOM.mycompany.co.uk passed test
    Intersite

    Hi Kev,
    >>The problem is that when I change the DNS server address of a machine in MYDOM to one of my new 2008 DCs, the machine appears to lose connectivity with the domain.
    Before going further, does the 2008 DC belong to MYDOM domain? For AD-integrated DNS servers and if these servers belong to the same domain, they should hold the same set
    of DNS records.  
    Besides, we can check DNS event logs to see if some related events were logged.
    Best regards,
    Frank Shen

  • New Domain Controller does not show in our different site's Domain controller's Sites and Services

    Hi,
    we have two sites in our AD environment. OMA site and NY site. we have three domain controllers in our OMA site and two domain controllers in our NY site. All our DCs are windows server 2008R2 except one in our OMA site that is 2003R2 the domain
    functional level is also 2003R2.
    We decided to raise our functional level to 2008R2. I added a new domain controller in our OMA site and transferred all FESMOS from the DC that was running 2003R2 to this new domain controller.
    the issue now is that our NY site does not make any connection with the new domain controller in OMA site. it does not even show it under sites and services. I have checked the DNS settings and everything. if you try to replicate the connections
    from NY site it gives the following error: "The naming context is in the process of being removed or is not replicated from the specific server."
    can anyone plz tell me why this is happening mt brain is just frozen at this moment and cant figure out why is this happening

    Just noticed this replication issue has been going on for a while now but we never noticed until I added new DC. here is the error log for the NY site DC.
    Log Name:      Directory Service
    Source:        Microsoft-Windows-ActiveDirectory_DomainService
    Date:          1/4/2014 8:11:40 AM
    Event ID:      2042
    Task Category: Replication
    Level:         Error
    Keywords:      Classic
    User:          ANONYMOUS LOGON
    Computer:      NORDC1.vertrue.com
    Description:
    It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
     The reason that replication is not allowed to continue is that the two DCs may contain lingering objects.  Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions
    of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects".  If the local destination DC was allowed to replicate with the source DC, these potential lingering object
    would be recreated in the local Active Directory Domain Services database.
    Time of last successful replication:
    2013-05-16 15:26:38
    Invocation ID of source directory server:
    9236ac56-d046-4632-b072-acbe823c5f6c
    Name of source directory server:
    accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com
    Tombstone lifetime (days):
    90
    The replication operation has failed.
    User Action:
      The action plan to recover from this error can be found at
    http://support.microsoft.com/?id=314282.
     If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD.  To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects
    <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects.  To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source
    DC> <Destination DC DSA GUID> <NC>".
     If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at
    http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
     If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
    Registry Key:
    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication With Divergent and Corrupt Partner
     Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between
    DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved.  DCs that fail to inbound replicate deleted objects within tombstone lifetime
    number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC.  Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are
    located immediately.
    Alternate User Action:
    Force demote or reinstall the DC(s) that were disconnected.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS Replication" />
        <EventID Qualifiers="49152">2042</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>5</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2014-01-04T13:11:40.963263500Z" />
        <EventRecordID>38018</EventRecordID>
        <Correlation />
        <Execution ProcessID="660" ThreadID="1596" />
        <Channel>Directory Service</Channel>
        <Computer>NORDC1.vertrue.com</Computer>
        <Security UserID="S-1-5-7" />
      </System>
      <EventData>
        <Data>2013-05-16 15:26:38</Data>
        <Data>9236ac56-d046-4632-b072-acbe823c5f6c</Data>
        <Data>accde843-11b2-476c-9783-9b29252d0ba5._msdcs.vertrue.com</Data>
        <Data>90</Data>
        <Data>Allow Replication With Divergent and Corrupt Partner</Data>
        <Data>System\CurrentControlSet\Services\NTDS\Parameters</Data>
      </EventData>
    </Event>

  • Adding new domain controller under tree domain

    i have one forest root domain is ABC.com and one tree root domain under this forest is DEF.com ,
    i want to add a new domain controller under tree root domain in windows server 2008 r2? i need steps and DNS configuration on forest or domain level
    Thnx

    If you want to add an additional domain controller to a domain you should promote the new dc with the primary dns in the nic settings of the new dc pointing at the current dc and once promoted you should point the original ip address nic settings to
    the new dc.  I am making the assumption that you are using AD integrated DNS.
    http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

  • Strange issues with domain controller/DNS server

    Our domain controller/DNS server was working fine this morning. Then suddenly we stopped being able to access certain things on it. I could ping it, RDP into it, and access some files on it, but I couldn't run any applications hosted on it, accessing shared
    network files was slow, and different people around the office were getting access denied errors to files and folders they had full control of in NTFS (and in shared permissions).
    At first I noticed an NTP error so I registered w32tm and started the service and that got rid of the error but didn't fix anything.
    Oddly, machines still had internet access.
    We tried rebooting everything, restarting services, nothing has helped.
    When I accessed the server directly through the console I could access everything, could connect to any machine in the office, nothing seemed to be wrong with it.
    Any ideas?

    Is there any recent changes in your network or firewall or antivirus? Is there any change/updates performed in the AD side? I would suggest find out changes being done at the AD or Network/FIrewall level. You can run various diagnostic test within your AD
    environment to find the overall health of the AD infra.
    What does DCDIAG actually… do?
    Active Directory Replication Status Tool Released 
    http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
    Awinish Vishwakarma - MVP
    My Blog: awinish.wordpress.com
    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  • Domain Controllers that are DNS servers DNS Client settings

    [Copying verbatim from a mail by Joe ]
    So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
    From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
    is the quote
    "3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
    From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
    Server 2008 R2 Core Network Guide)
    "9.        In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
    local computer.
    10.       In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
    the local computer."
    From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
    DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
    "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
    itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
    be configured only as a secondary or tertiary DNS server on a domain controller...
    Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
    ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
    DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
    Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
    From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
    DNS servers on <adapter name> should include the loopback address, but not as the first entry)
    "If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. 
    The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
    or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
    as a secondary or tertiary DNS server on a domain controller."
    This also seems like justification against only using loopback versus using it first.
    Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
    to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
    And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
    thanks, 
    joe

    As I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
    http://support.microsoft.com/kb/275278 for information about this scenario.
    However, there is still a known problem of slow boot times that can occur. See
    http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
    multiple servers come online simultaneously after power is restored, there can be a significant delay.
    The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
    -Greg

  • Help with setting up active directory domain controller/DNS - need this for Clustering

    Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
    I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
    When I look at my server manager AD DS complain about DNS:
    NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
    When I click on DNS this is the error:
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
    Output of DCDiag -v is below.
    PS C:\Users\Administrator> dcdiag -v
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       * Verifying that the local machine NASE-2012-234, is a Directory Server.
       Home Server = NASE-2012-234
       * Connecting to directory service on server NASE-2012-234.
       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
    ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
    e,DC=com
       Getting ISTG and options for the site
       * Identifying all servers.
       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
    SDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
    N=Configuration,DC=lab,DC=nase,DC=com
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.
       * Found 1 DC(s). Testing 1 of them.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Default-First-Site-Name\NASE-2012-234
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
             Check the DNS server, DHCP, server name, etc.
             Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
             ......................... NASE-2012-234 failed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\NASE-2012-234
          Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
          Test omitted by user request: Advertising
          Test omitted by user request: CheckSecurityError
          Test omitted by user request: CutoffServers
          Test omitted by user request: FrsEvent
          Test omitted by user request: DFSREvent
          Test omitted by user request: SysVolCheck
          Test omitted by user request: KccEvent
          Test omitted by user request: KnowsOfRoleHolders
          Test omitted by user request: MachineAccount
          Test omitted by user request: NCSecDesc
          Test omitted by user request: NetLogons
          Test omitted by user request: ObjectsReplicated
          Test omitted by user request: OutboundSecureChannels
          Test omitted by user request: Replications
          Test omitted by user request: RidManager
          Test omitted by user request: Services
          Test omitted by user request: SystemLog
          Test omitted by user request: Topology
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: VerifyReferences
          Test omitted by user request: VerifyReplicas
          Test omitted by user request: DNS
          Test omitted by user request: DNS
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : lab
          Starting test: CheckSDRefDom
             ......................... lab passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... lab passed test CrossRefValidation
       Running enterprise tests on : lab.nasecom
          Test omitted by user request: DNS
          Test omitted by user request: DNS
          Starting test: LocatorCheck
             GC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             PDC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             Time Server Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             KDC Name: \\NASE-2012-234.lab.nasecom
             Locator Flags: 0xe000f3fd
             ......................... lab.nase.com passed test LocatorCheck
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
             provided.
             ......................... lab.nasecom passed test Intersite
    PS C:\Users\Administrator>

    http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
    .:|:.:|:. tim

  • How to use DNS server for name resolution for items which don't exist in active directory domain controller DNS

    Dear Experts,
    In our office we have a domain controller call it 'Office.com', all computers and corporate servers e.g. exchange, antivirus etc. are member of this 'office.com', it is also having a DNS. All users in office have there preferred DNS set to the corporate
    DNS
    We are working for ministry and offering services to them from our data center so have many servers which are for ministry but they are in our data center. For all these servers we created another DNS server which contains all entries for these servers in
    forward and reverse lookup zones. In this DNS we also created a forward lookup zone for our corporate servers and zone name is 'office.com'
    What we are trying to have is name resolution of all servers which are listed in other DNS build in our office on Win 2008 R2 for ministry servers
    If the user change his preferred DNS to ministry DNS he can resolve the ministry server but then we can not control any thing through group policy since they are using other DNS and not the corporate DNS. 
    How this can be done ? like any group policy applied to corporate domain controller must take effect on users and in addition to this user must also be able to resolve server names in ministry project DNS
    Please assist ASAP.
    regards,

    Hello,
    ok so the GPO setting doesn't apply in any case.
    Clients machines use the first DNS server in the list of configured ones on the NIC. If that one is available search for additional DNS servers will stop.
    What i can not really understand is your description about the second DNS server. This should normally either another DC with AD integrated DNS, so everything is replicatedwithin AD replication or you use a secondary DNS on domain member server that pulls
    the informations from the Master.
    It sounds for me that you have configured a machine with DNS server role and created manually the zone with the same name as the domainand manually create there the required A records?
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  • Server 2012 Domain Controller / DNS Issue

    If you did ipconfig /registerdns, I'm assuming you did ipconfig /flushdns prior to that correct? Just want to make sure...
    Once you are sure you did both, go ahead and type in nslookup in the command prompt. What does it display as the current DNS server? Once you type that in, you can type in the IP address of your new DC and see what it resolves to. Please get back to us with those results when possible.

    We had a domain controller go down in a multi domain controller environment. We set a new one up and promoted it to the domain. Assigned it all the necessary roles and joined it to the domain. It has been 4 days since we did this and we cannot ping it by host name. We can ping it by IP address. I have forced replication, which allowed me to ping it by host name for a few hours, but then it stopped working. I have tried to change the DNS primary to a different DC, making the host a secondary DNS, that didn't fix it. I am looking for any suggestions on how to fix it. I have done a ipconfig /registerdns , restarted DNS services but still not able to ping host name of DC on a consistent basis.
    Any suggestions ?
    [email protected]
    This topic first appeared in the Spiceworks Community

  • My New domain controller wont see the pdc

    hi, i have a windows 2003 pdc that is the only one on the network, previous IT people did not have a BDC or system back up. Now the current domain controller is giving trouble, i tried to install a secondary 2003 domain controller (BDC) but it dose not see
    the primary domain controller and it wants to be the pdc. The problem is how ever i want to keep all the previous user accounts and settings in the ad. I have tried using admt but it dose not recognise another dc how can i transfer all user info stored in
    the active directory. 
     

    Hi scipiotechadmin,
    Is the function level of your domain is Windows Server 2003? If so, you can use the Windows Server 2003 Active Directory Domain Rename Tools which can provide a security-enhanced and supported methodology to rename one or more domains (as well as application
    directory partitions) in a deployed Active Directory forest:
    Windows Server 2003 Active Directory Domain Rename Tools
    For your information, please refer to the following articles to get more help:
    What Is Domain Rename?
    How Domain Rename Works
    Regards,
    Lany Zhang

  • DNS Host (A) Rec. is Static for new Domain Controller

    I was just questioned by my boss on why there are Static Host (A) records for Domain Controllers since I started and not before.  The only conclusion that I can come up with is that they are new Server 2008 R2 systems.  We are about to do an IP
    Renumber here at the Corporate Office and this is how it was found that there are these Host (A) records.
    Can someone explain to me why they are static and not dynamic now?  I would also like to be pointed to some documentation so that I can present it to her if possible?

    This is by design.
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/afd3c338-1706-4898-b269-550c018073c0/dns-entry-for-dc-not-dynamically-updating-server-2008-r2?forum=winserverDS
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/ed97a286-d884-43d6-87e2-5cd5e59cfe9a/windows-2008-r2-domain-controllers-and-static-dns-entries?forum=winserverNIS
    Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

  • Redundant domain controller DNS settings

    Hi guys,
    We have two domain controllers, both DNS and GC. I am curious as to what the recommended IP DNS settings should be for both DCs? I think it is like this...
    DC1
    DNS1 - DC2
    DNS2 - DC1
    DC2
    DNS1 - DC1
    DNS2 - DC2
    Is this the right setup?
    Thanks
    Aaron

    Is this the right setup?
    Yes it is correct. I would go with 127.0.0.1 for 'Alternate DNS server'.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • NEW Domain Controller to Replace Old One

    After you demote the physical machine, but before you change the new machine , make sure to carefully go through all your DNS zones and delete the references to the IP and Host Name of the demoted machine.  I found that demoting DCs doesn't do a good job of cleaning out DNS.

    I'm building a new DC for my network and have a couple of questions.
    I currently have 2 DCs, one is a VM (DC1 also FSMO) and the other a physical box (DC2). DC2 is on aging equipment and needs replacing so my plan was to build a new box and create a new DC, but I want to put the IP address from DC2 on the new DC (DC3) so I don't have to change the DNS config on all of my client PCs.
    How would you go about this? - I'm thinking, get DC3 up and running (fully configured as a DC) then demote DC2 and decommission it, then change the IP of DC3 to the address that was used by DC2.
    It seems a little too easy and I feel like I'm missing something so I thought I'd ask the Spice Heads :)
    Thanks
    This topic first appeared in the Spiceworks Community

  • Change DNS client settings

    Hi,
    I have the following problem.
    We are using ZENworks 3.2 and we have some clients which have the internal
    DNS server manually configured in the TCPIP settings. I want to change
    that to "automatically", so the client gets the DNS Servers from the DHCP
    server. Hava anybody experience how can I do that with ZENworks?
    Many thanks
    Josef

    There are some freeware tools that can do this.
    Sorry I can't recall the name.
    I think they may even be provided by MS.
    ZEN could be used to simply call the tools if found.
    [email protected] wrote:
    > Hi,
    > I have the following problem.
    > We are using ZENworks 3.2 and we have some clients which have the internal
    > DNS server manually configured in the TCPIP settings. I want to change
    > that to "automatically", so the client gets the DNS Servers from the DHCP
    > server. Hava anybody experience how can I do that with ZENworks?
    >
    > Many thanks
    > Josef
    Craig Wilson
    Novell Product Support Forum Sysop
    Master CNE, MCSE 2003, CCN

  • Best practise to add new domain controller 2008r2 and de-promote 2003 x86

    Depending on the size of the environment and the complexity determines where the roles should be held.The PDCe role should be held on a machine that has the better hardware. It will resolve any password conflicts and account lockouts. It also keeps the time clocks synchronized across the domain.The other roles are responsible for kind of basic housekeeping across the domain and forest. Such as the Domain Naming master it is responsible for name changes across the domain.The Schema Master which is responsible for updates to the directory and the RID master which issues pools of IDs for DCs to issue for new users or computers.The infrastructure master is responsible for keeping multiple domains and forests in sync. The infrastructure master does not do a lot in a single forest single domain environment and can be placed on any DC....

    Also if you are upgrading why not go right to 2012. 
    Might save a few years on having to upgrade again.
    Here is a great guide from MS
    http://community.spiceworks.com/how_to/57636-migrate-active-directory-from-server-2003-to-server-201...
    

Maybe you are looking for

  • Error while creating database

    I'm running windows server 2003, with 10g Release 1 (10.1) for Windows, while tring to create my database i get this error: instance created DIM-00019: create service error O/S-Error (OS 1388)A new member could not be added to the local group because

  • Not able to start service of OracleOraHome81Agent in sap 4.7 installation

    while installing sap 4.7 on window server 2003   i am  not able to start service of OracleOraHome81Agent during installation of Oracle 8i . if i ignore this error and go further it is giving error in SAP installation

  • Must  have apps for travelling

    Taking a driving trip from NY to FL.  Any suggestions for apps that I'll need for finding hotels, gas, food, gps, etc?  I'd like to get these loaded and familiarize myself with them before we leave.  I will have 3G while on the road.

  • Can we create a precalculated workbook?

    Actually i know that we can create a precalculated workbook in web template but in BEx Analyzer is there a possibility of creating precalculated  workbook.???

  • New ~/Library/Keychains subfolder?

    I've been using OS X  10.7 Lion until today, and I've just bought an SSD for my Macbook (to upgrade from a harddrive) and installed OS X 10.9 Mavericks on it. So far Mavericks seems great, and there are some sweet little improvements. I've put my old