none
Domain Controller

    General discussion

  • I want to configure secondary domain controller for my new office.for our old office we are working on having windows server 2012 data center. i want that my new office server which would also be datacenter 2012 should authorise the domain user same as that of server in old office.
    Monday, March 20, 2017 9:01 AM

All replies

  • DC01
    Primary DNS   10.1.1.2
    Secondary DNS 127.0.0.1

    DC02
    Primary DNS   10.1.1.1
    Secondary DNS 127.0.0.1

    ------------------------------------------------------------------------------------------------------------


    This is more convenient:-)

    DC01

    Primary dns 10.1.1.1 (point to itself)

    Secondary dns 10.1.1.2 (other dc.)

    same for DC02

    Primary dns 10.1.1.2 (point to itself)

    Secondary dns (10.1.1.1 (other dc)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 20, 2017 10:28 AM
  • This is more convenient:-)

    DC01

    Primary dns 10.1.1.1 (point to itself)

    Secondary dns 10.1.1.2 (other dc.)

    same for DC02

    Primary dns 10.1.1.2 (point to itself)

    Secondary dns (10.1.1.1 (other dc)


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    I am sorry but this is not true and not good recommendation.

    In single DC/DNS in a domain environment,  DC / DNS server points to its private IP address (not to loopback 127.x.x.) as preferred DNS server in TCP/IP property.
    If multiple DCs that’s the DNS servers are in a domain environment, recommendation to have all DCs point to ANOTHER/REMOTE DC’s IP address as preferred DNS and then point to it’s private IP address as an alternate DNS.

    ------------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.
    (This can be beneficial to other community members reading the thread).


    • Edited by Nedim Mehic Monday, March 20, 2017 10:49 AM
    Monday, March 20, 2017 10:47 AM

  • This is not true and not good recommendation.

    In single DC/DNS in a domain environment,  DC / DNS server points to its private IP address (not to loopback 127.x.x.) as preferred DNS server in TCP/IP property.
    If multiple DCs that’s the DNS servers are in a domain environment, recommendation to have all DCs point to ANOTHER/REMOTE DC’s IP address as preferred DNS and then point to it’s private IP address as an alternate DNS.

    ------------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.
    (This can be beneficial to other community members reading the thread).

    I think you're totally wrong,All DC's should be point to itself as primary on dns and the other dc as alternate.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 20, 2017 10:54 AM
  • Hi Burak,

    I'd not necessarily describe the response from Nedim as "totally wrong" ;)

    There are different ways to approach it and it is disputable which one is "preferred". As a matter of fact, if you re

    Pls refer to https://social.technet.microsoft.com/Forums/en-US/2072725b-ea12-4b04-b7fd-dce2fb298762/new-active-directory-site?forum=winserverDS in which, incidentally, you are referencing https://blogs.technet.microsoft.com/askds/2010/07/17/friday-mail-sack-saturday-edition/#dnsbest

    Note that this blog actually advises against the configuration where DCs are pointing to themselves as primary.

    hth
    Marcin

    Monday, March 20, 2017 11:02 AM
  • @Marcin

     As you know generally AD-integrated DNS config has certain steps,like set primary as itself,etc...So if somebody don't configure these mean point other dc as prefered also this can works.But is this ideal?Not..

    @Nedim

     You can configure it as you like,but your recommended config not "ideal"...


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 20, 2017 11:10 AM
  • > Each DC/DNS Server should point to the other as primary and itself as secondary in multi dc environement where they are in the same domain and both hold copies of the ADI zones for that domain and that is best practice and I am 100 % sure that I am not wrong. I have never seen someone (who has multi dc environment) that configuring dns that points first to itself.
     
    I've seen both, and both are not "wrong".
     
    Pointing to itself means the DC will startup without depending on any external ressources. But it will have a delayed startup and some errors in the eventlogs because of DNS being unavailable when AD starts up.
    Pointing to a different DC means it will depend on DNS on that DC to be available at startup (which usually should be the case). But it will start faster, and it will avoid eventlog errors.
     
    Monday, March 20, 2017 4:57 PM