Re: Multiple questions regarding a DNS migration to MSDNS
- From: infinitiguy <infinitiguy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 20 Jan 2008 08:57:01 -0800
There are any real issues in just promoting a DNS server to a DC, but so far
as converting to ADI goes, before I can tell you any other problems, I'd
need to know more about the infrastructure.
Like:
Is this a new domain you're promoting, or is it an existing AD domain with
other DCs with DNS installed? Does the zone already exist for the domain
name you are going use? Do they have any other zones? What zone types?
Will it be your only DC?
here's a layout of the existing infrastructure as it is today:
10.65.6.2: incognito DNS and DHCP running on Solaris 10 for boston
10.2.2.49: incognito DNS and DHCP running on Solaris 10 for dublin
we have 4 AD domains
bostongroup.com
dublingroup.com
apacgroup.com
globalgroup.com
the first 3 are win2k3 based domains(running in mixed mode) while the 4th is
a win2k domain running in mixed mode. This domain was built to support our
exchange 2000 environment back in 2001 or 2002. Up until now it had only
been in place to support exchange. We're in the middle of a domain
consolidation project so we will collapse all domains into globalgroup.com.
We have 3 DC's in globalgroup.com 2 of them are win2k and one is win2k3.
The current globalgroup.com zone is an ADI zone. This zone is only
replicated within the two win2k servers. The win2k3 server does not have DNS
installed on it. The zone is more heavily used as we migrate user
workstations over to globalgroup.com so AD DNS is working currently within
our environment, but I have very little experience with it(hence all the
testing first).
The exchange servers look at the two win2k globalgroup.com DC's for their
dns, and then the 2 incognito DNS servers as 3rd and 4th. ipconfig /all
10.65.6.82
10.65.5.25
10.65.6.2
10.2.2.49 - dublin secondary internal DNS.
There is an identical setup(dc's and exchange) in Dublin, but I'll only
focus on boston for now. The DNS switchover will not be completed until the
domain consolidation has been completed. We're trying to keep matters as
simple as possible.
re: mixing zone types. So, this kind of brings up a question. As above,
The biggest mistake people make is when they tried to mix zone types between
different DCs. If you change a zone to ADI on one DC, you have to remove
other zone types for the domain that may exist on other DCs.
the exchange servers look at the 2 existing DC's for DNS... if they are ADI
integrated, and as in a previous post, the migration plan was going to need
to have a primary/secondary structure while I re-IP'ed the DNS server and
then promoted it to a DC... this will seem to cause issue as I'll have
primary/seconaries as well as ADI.. on the other hand.. if I have my
10.65.6.2 IP be the primary, that would force the DC's that exchange used to
use to be secondaries(it won't force, but I'd need to make them
secondaries)... and if they are using that for DNS... and it becomes
readonly.. I'd suspect something might break there. It may make sense to
have to force exchange to use 10.65.6.2 as it's primary IP during the
conversion.
What kind of DHCP server are you using?The DHCP server is an incognito DHCP server.. the plan is to move this to
You should be using Win2k3 for DHCP, it can (and should) be configured with
credentials to authenticate with DNS.
MSDNS as well, but in a 2 phased approach. We decided to move DNS first..
and let incognito DHCP hand out scope options for another week or so while we
made sure DNS worked fine, then migrate DHCP over. This whole process is
the reason for the test environment. I want to mimick everything that will
happen first, to see what kinds of weird behaviours I come across. Alot of
the reason for doing this migration is the instability and buggyness of the
incognito product.
The only way you can do this is with Connection Specific DNS suffixesI had thought that might be how I needed to do it, but the description of
assigned by DHCP. Then just like any other child domain, you have to
delegate these in the parent Domain's zone.
the delegation was kind of weird. The delegation option seemed to indicate
that i would be allowing another DNS server to control that zone, and not
necesarrily another user account. Misconception on my part... I should've
actually tried it out before writing it off that it wasn't going to work.
--.
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
- References:
- Re: Multiple questions regarding a DNS migration to MSDNS
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: Multiple questions regarding a DNS migration to MSDNS
- From: infinitiguy
- Re: Multiple questions regarding a DNS migration to MSDNS
- From: Kevin D. Goodknecht Sr. [MVP]
- Re: Multiple questions regarding a DNS migration to MSDNS
- Prev by Date: Re: Domain controller cannot ping workstations by FQDN
- Next by Date: Internet page not found
- Previous by thread: Re: Multiple questions regarding a DNS migration to MSDNS
- Next by thread: Re: Multiple questions regarding a DNS migration to MSDNS
- Index(es):
Relevant Pages
|
