none
Have migrated a zone from BIND to AD but cannot get it AD-integrated. RRS feed

  • Question

  • Hi!

    So working on a project where I need to migrate a zone from a BIND-server to AD. My plan was:

    1. Add AD-servers in BIND as allowed servers to zone transfer for zone "domain.com".

    2. Add secondary Zone copy on a AD-server for "domain.com".

    3. Convert to primary zone on AD-server.

    4. Replicate to other AD-servers.

    In order to complete #4 I need to add a secondary zone on all of my domain controllers instead of using AD-integrated zones.

    Does not look I can in step 2 add the secondary zone as a AD-integrated zone, have also tried to find a way to convert a file based zone to an AD integrated zone but found no way.

    After I have converted it to a primary zone and click properties on the zone there's a column called Replication which is greyed out, "Not an active-directory Integrated zone"

     

    Thanks in advance.


    • Edited by Samus-Aran Thursday, July 13, 2017 1:50 PM
    Thursday, July 13, 2017 1:49 PM

Answers

  • Hi,

    >>Does not look I can in step 2 add the secondary zone as a AD-integrated zone,

    Only primary zones can be stored in the directory

    There are 3 methods for you, you could refer to other methods:

    Method 1:

    As above BIND-server nead to allow zone-transfers.

    Create a new secondary zone on AD-server pointing to the BIND-server.

    Zone will be transfered automatically when incrementing serial number for zone on master server

    Change zone-type on AD-server to be primary zone and enable that data shall be stored in AD.

    Method 2:

    Create a new primary zone on AD-server without enabling that data shall be stored in AD.

    Copy the original dns-file from BIND-server to %WINDIR%\System32\dns on AD-server.

    Reload the zone

    Change the zone-property to be stored in AD. Gives better security and replication than old primary/secondary file usage.

    Method 3:

    Create primary zone on AD-server and allow dynamic updates for the zone.

    Change the clients to use the new DNS-server (preferably done through DHCP) and run ipconfig/registerdns or wait until they do it automatically.

    Configure AD Integrated Zones:

    https://technet.microsoft.com/en-us/library/ee649181(v=ws.10).aspx

    Best Regards,
    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Samus-Aran Friday, July 14, 2017 11:28 AM
    Friday, July 14, 2017 7:55 AM