DNS replication
-
Wednesday, June 27, 2012 2:34 PM
Hey ,
I have a network contains one forest, forest contains one domain of domain.local and three sites A,B and C.Site A hosting the PDC and the other site DCs are DNS servers.I need to create a new AD-integrated zone for replication to site C: Do i need to configure connection objest in AD sites and services snap-in or just create seperate application directory partition and join Site C DNS DCs to this partition?
Thanks in advance
HkR
- Changed Type HkR IQ Friday, June 29, 2012 4:38 PM
All Replies
-
Thursday, June 28, 2012 5:59 AMModerator
Hi HkR,
Thanks for posting here.
If we have joined this DNS server into domain where at site C then we can create a new DNS zone on it and set it AD integrated and configure the zone replication settings. After that system will replicate it to other AD registered DNS servers via the AD replication mechanism . So may I know if we have already defined these remote sites (site A, B and C) in AD sites and services ?
Understanding DNS Zone Replication in Active Directory Domain Services
http://technet.microsoft.com/en-us/library/cc772101(WS.10).aspx
Thanks.
Tiger LiTiger Li
TechNet Community Support
-
Thursday, June 28, 2012 6:43 AM
Hello,
what kind of DNS replication to site C do you talk about? As all DCs are DNS server and you use AD integratd DNS zones site C also has the correct zone informationm from domain.local.
Or do you talk about a NEW DNS zone for another domain name?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
-
Thursday, June 28, 2012 11:08 AM
I need to make sure the new zone is replicated to the DCs in only site C. the forest contains one domain domain.local
Thanks in advance
HkR
-
Thursday, June 28, 2012 11:28 AM
Hello,
there is NO additional configuration needed if you run the DNS server on a DC, as AD integrated zones will automatically replicate to ALL DCs in the domain or forest, depending on the chosen settings. So if you ONLY have domain.local assure that AD integrated zone is configured and install on the site DC also the DNS server role. Replication will do the rest and the complete zone informations will be replicated, depending on the Inter-site replication interval configured in AD sites and services.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
-
Thursday, June 28, 2012 11:37 AM
I think you misunderstood my question, assume I create new DNS zone on site A DCs and I need to replicate it to only Site C instead of the default setting of replication. this is a question of MS cert. exam
thank you Meinolf Weber
HkR
- Edited by HkR IQ Thursday, June 28, 2012 11:37 AM
-
Thursday, June 28, 2012 12:28 PM
Hello,
if a new zone should be created, then do NOT use AD integrated zone for the new one and create a secondary zone on the site DNS server so it can pull from the main site DNS the new zone information.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
-
Thursday, June 28, 2012 7:19 PM
I think you misunderstood my question, assume I create new DNS zone on site A DCs and I need to replicate it to only Site C instead of the default setting of replication. this is a question of MS cert. exam
thank you Meinolf Weber
HkR
I have to agree with Meinolf. I was going to mark his post as "Propose as answer," however you created this thread as a discussion. It appears to be a "Question." You may want to change the thread type to a "Question."
.
Just to reiterate Meinolf's response, if you create a zone as AD integrated, it will replicate to all DCs in its scope, as Mienolf's screenshot pointed out. You CANNOT control replication of an AD object to a specific site. The only other possibility other than a secondary zone, is to create a separate Active Directory child domain for just that site. But that will unneccessarily complicate the infrastructure.
Can you explain why you need to have that zone available only at that location? I assume it is not your AD zone.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Friday, June 29, 2012 4:37 PM
I think you misunderstood my question, assume I create new DNS zone on site A DCs and I need to replicate it to only Site C instead of the default setting of replication. this is a question of MS cert. exam
thank you Meinolf Weber
HkR
I have to agree with Meinolf. I was going to mark his post as "Propose as answer," however you created this thread as a discussion. It appears to be a "Question." You may want to change the thread type to a "Question."
.
Just to reiterate Meinolf's response, if you create a zone as AD integrated, it will replicate to all DCs in its scope, as Mienolf's screenshot pointed out. You CANNOT control replication of an AD object to a specific site. The only other possibility other than a secondary zone, is to create a separate Active Directory child domain for just that site. But that will unneccessarily complicate the infrastructure.
Can you explain why you need to have that zone available only at that location? I assume it is not your AD zone.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
I have mentioned it is a microsoft exam question of 70-640
Thanks
HkR
- Edited by HkR IQ Friday, June 29, 2012 4:38 PM
-
Friday, June 29, 2012 11:34 PM
I think you misunderstood my question, assume I create new DNS zone on site A DCs and I need to replicate it to only Site C instead of the default setting of replication. this is a question of MS cert. exam
thank you Meinolf Weber
HkR
I have mentioned it is a microsoft exam question of 70-640
Thanks
HkR
Actually, I did understand your question. And my response is it is not possible, unless you were to create a child domain at Site C or a Primary Standard on a DC in SiteA, then a Secondary of that zone in Site C. And I assume the zone you create is not the Active Directory's domain name.
And the "default replication scope is "To All DCs in the domain." So if the DCs at all Sites are in the same domain, then no, you can't control replication to just one Site or another. It's a domain-wide scope, which is why I said yuou can create a child domain and put the zone only on that child domain. But then it will not be available on the parent domain's DNS servers. In a case like that, you simply create the zone as non-AD integrated and create a Secondary on the other DC.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Saturday, June 30, 2012 12:33 AM
Actually, I did understand your question. And my response is it is not possible, unless you were to create a child domain at Site C or a Primary Standard on a DC in SiteA, then a Secondary of that zone in Site C. And I assume the zone you create is not the Active Directory's domain name.
And the "default replication scope is "To All DCs in the domain." So if the DCs at all Sites are in the same domain, then no, you can't control replication to just one Site or another. It's a domain-wide scope, which is why I said yuou can create a child domain and put the zone only on that child domain. But then it will not be available on the parent domain's DNS servers. In a case like that, you simply create the zone as non-AD integrated and create a Secondary on the other DC.
Ace Fekay
Ok, I appreciate your suggestion here is the Question:
your network contains an AD forest and the foest contains one domain and three sites.Each site contains two DCs.All DCs are DNS servers.You create new AD-Integrated zone.You need to insure that the new zone is replicated to the DCs in only one of the sites.What should you do first?
A-Create an AD connection object
B-Create an AD application directory partition
after reviwing the articles of Microsoft iam choosing to create AD application directory partition.
HkR
-
Saturday, June 30, 2012 4:58 AM
They're your only choices?
Among the two choices, I would choose A. This is assuming the partitions already exist because the default is the DomainDnsZones partition.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Saturday, June 30, 2012 10:06 AM
They're your only choices?
Among the two choices, I would choose A. This is assuming the partitions already exist because the default is the DomainDnsZones partition.
Ace Fekay
Can you explain why is the first choice? if you didn't create an application directory partition then it will be the default replication and that is to all DNS servers even if we create a connection object.
Thanks in advance
HkR
-
Saturday, June 30, 2012 7:04 PMIn Windows 2003 and newer, the default replication scope is to all DCs in the domain, which means it goes into the DnsDomainZones partition, which also means the partition already exists, therefore answer B is superfluous.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Saturday, June 30, 2012 7:42 PM
In Windows 2003 and newer, the default replication scope is to all DCs in the domain, which means it goes into the DnsDomainZones partition, which also means the partition already exists, therefore answer B is superfluous.
Ace Fekay
Thanks Ace Fekay, but you didn't explain why you choose to create connection object and DnsDomainZone Part. its the default and I would rather create manually Application directory partition and link the new zone to it.
HkR
-
Saturday, June 30, 2012 8:38 PM
You can't create a DNS app partition when they already exist. It will display an error if you were to try.
Based on the limited possible answers you've posted, the best answer is to create a replication connection object to the other DC, and this is of course assuming the KCC hasn't already automatically created one.
I hope that answers your question.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
- Marked As Answer by HkR IQ Saturday, June 30, 2012 9:38 PM
-
Saturday, June 30, 2012 8:59 PM
You can't create a DNS app partition when they already exist. It will display an error if you were to try.
Based on the limited possible answers you've posted, the best answer is to create a replication connection object to the other DC, and this is of course assuming the KCC hasn't already automatically created one.
I hope that answers your question.
Ace Fekay
I agree with you that we eliminate the answer B and logically its the Answer A.But for creating connection object ,the replication of the new zone will stay at the default setting that (to all DNS servers).Its really a confusion
HkR
-
Saturday, June 30, 2012 9:35 PM
I don't think it's confusing, rather it's ambiguous, as many of the questions are. You have to logically eliminate the incorrect questions and pick the "more correct" answer in context of the question. Replication scope will not change unless you manually change it in the zone properties, and changing it wasn't a factor in the question.
For future exam question questions, please us the Learning Forums:
http://social.technet.microsoft.com/Forums/en-US/CertGeneral/threads.
Also, please take a moment and go through everyone's responses and choose and mark "As Answer" which one(s) you believe answered your question in this thread This will benefit others searching on a similar issues.
Thank you!
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
- Proposed As Answer by Meinolf WeberMVP Sunday, July 01, 2012 9:15 AM
.png)
