none
Help with AD integrated dns RRS feed

  • Question

  • Greetings everyone!

    Im making a little lab with 2 virtual machines in order to improve the quality of our company trying to make high availability with dns and active directory. I already have two domain controllers, but I dont really understand whats the difference between AD integrated DNS and common DNS on Windows Server. Another thing I dont understand well is about AD integrated DNS, do I have to install DNS or just with AD is enough?

    Thank you!

    PS: the real scenario at my work is one server with Windows Server 2008 R2, the other is Windows Server 2012 R2.

    Monday, December 10, 2018 8:43 PM

All replies

  • Hi,

    DNS servers running on domain controllers can store their zones in Active Directory Domain Services (AD DS). In this way, it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers because all zone data is replicated automatically by means of Active Directory replication. 

    Please refer to the link below:

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/active-directory-integrated-dns-zones  

    AD integrated DNS can only be created on DC and DNS must be installed on the first DC.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, December 11, 2018 2:20 AM
    Moderator
  • Hello Travis!

    Thank you for the answer. Now, how can i replace DNS common server in order to use just AD integrated dns? I mean, from a normal DNS server to active directory? And how can I check if the replication of zones worked having AD integrated dns service?

    Regards.

    Tuesday, December 11, 2018 5:40 AM
  • Hi,

    You can create a AD-integrated zone.

    To detect DNS issues, you can use dcdiag.exe:

    https://social.technet.microsoft.com/wiki/contents/articles/17741.dcdiag-for-dns-test-details-explained.aspx?Redirected=true

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, December 11, 2018 7:18 AM
    Moderator
  • Hello,

    I will add to Travis procedure that if you want to do the migration smoothly from a normal DNS (File based) to an AD integrated DNS you should :

    • Install the role AD DS on the existing DNS server
    • Promote it as a DC
    • Change the configuration as proposed by Travis
    • Choose the replication scope (All DC/DNS in the forest or All DC/DNS in the domain)

    Best Regards,

    Tuesday, December 11, 2018 7:34 AM
  • Hello Travis!

    That means, once I realize this process DNS role is unnecessary? But if DNS role is not there anymore how about client configuration? I have to still put on DNS server both AD servers right? I have this problem from the beggining, all clients (with DNS file) fail with "nslookup", is there another way to test both primary/secondary dns from clients?

    Thank you!

    Tuesday, December 11, 2018 3:10 PM
  • Hello Dokoh!

    That for primary or secondary DC? How can I check from secondary DNS if the zones were replicated?

    Thank you!

    Tuesday, December 11, 2018 3:16 PM
  • Correct me if I'm wrong you have :

    • 2 Servers (2008R2 and 2012)
    • You want to integrate your existing DNS zone located on a server which does not have the AD DS role into AD (Let's call it ServerA)
    • You have one remaining server which have the AD DS role installed (Let's call it ServerB)

    To integrate the zone located in ServerA into AD you have to :

    • Install the role on ServerA
    • Promote it as a DC
    • Change the scope to AD integrated like Travis said

    If the zone is defined as a secondary zone in SeverB you will have to delete the zone first on ServerB to avoid any issues before doing the steps above

    Best Regards,

    Tuesday, December 11, 2018 3:54 PM
  • Not quite, in my case (company's case) we have 2 domain controllers installed, one with Win Server 2008, and other with Win Server 2012.

    Win Server 2008 --> ServerA

    Win Server 2012 --> ServerB

    Both have AD DS role installed, but ServerA have DNS role too, without AD integrated. I want to change to integrated DNS and I made a little test with a virtual machine, removing DNS role on ServerA and now I dont have any nslookup response... lol fortunately it was a virtual...

    This make me ask, DNS role must be installed on at least one server?

    Thank you!

    Tuesday, December 11, 2018 5:39 PM
  • Hi,

    Yes, of course.

    When you create a new domain, the DNS role must be installed on the first DC. 

    AD DS uses DNS name resolution services to make it possible for clients to locate domain controllers and for the domain controllers that host the directory service to communicate with each other.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, December 12, 2018 5:37 AM
    Moderator
  • Ok,

    So you should just tick store the zone in Active Directory as proposed by Travis and install the DNS role on the second DC (ServerB).

    As stated by Travis AD DS needs DNS to work

    Best Regards,

    Wednesday, December 12, 2018 7:37 AM
  • Alright, I though with AD integrated the role of DNS was unnecessary.

    Thank you for all your help.

    Regards!

    Wednesday, December 12, 2018 3:03 PM
  • Hi,

    Thanks for your reply.
    If there is anything else we can do for you, please feel free to post in the forum.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 13, 2018 2:37 AM
    Moderator