Have migrated a zone from BIND to AD but cannot get it AD-integrated. RRS feed

  • Question

  • Hi!

    So working on a project where I need to migrate a zone from a BIND-server to AD. My plan was:

    1. Add AD-servers in BIND as allowed servers to zone transfer for zone "".

    2. Add secondary Zone copy on a AD-server for "".

    3. Convert to primary zone on AD-server.

    4. Replicate to other AD-servers.

    In order to complete #4 I need to add a secondary zone on all of my domain controllers instead of using AD-integrated zones.

    Does not look I can in step 2 add the secondary zone as a AD-integrated zone, have also tried to find a way to convert a file based zone to an AD integrated zone but found no way.

    After I have converted it to a primary zone and click properties on the zone there's a column called Replication which is greyed out, "Not an active-directory Integrated zone"


    Thanks in advance.

    • Edited by Samus-Aran Thursday, July 13, 2017 1:50 PM
    Thursday, July 13, 2017 1:49 PM


  • Hi,

    >>Does not look I can in step 2 add the secondary zone as a AD-integrated zone,

    Only primary zones can be stored in the directory

    There are 3 methods for you, you could refer to other methods:

    Method 1:

    As above BIND-server nead to allow zone-transfers.

    Create a new secondary zone on AD-server pointing to the BIND-server.

    Zone will be transfered automatically when incrementing serial number for zone on master server

    Change zone-type on AD-server to be primary zone and enable that data shall be stored in AD.

    Method 2:

    Create a new primary zone on AD-server without enabling that data shall be stored in AD.

    Copy the original dns-file from BIND-server to %WINDIR%\System32\dns on AD-server.

    Reload the zone

    Change the zone-property to be stored in AD. Gives better security and replication than old primary/secondary file usage.

    Method 3:

    Create primary zone on AD-server and allow dynamic updates for the zone.

    Change the clients to use the new DNS-server (preferably done through DHCP) and run ipconfig/registerdns or wait until they do it automatically.

    Configure AD Integrated Zones:

    Best Regards,

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact

    • Marked as answer by Samus-Aran Friday, July 14, 2017 11:28 AM
    Friday, July 14, 2017 7:55 AM