none
Read only DC forcing active directory-integrated mode on DNS? RRS feed

  • Question

  • I have a clean 2008R2 DC... DNS was set to PRIMARY and working well.

    I added a read only DC at a satellite office and now the DNS reads active-directory-integrated and NOT PRIMARY and then SECONDARY on the read only DC.

     

    I can not seem to change the DC to delete the zone and re-add it as a secondary..

     

    Does a read only DC force AD integrated mode?

    I have several older 2003 DC that have different domains and they are secondaries on the new 2008r2 DC.. and it is secondary on the others.. so I think NON AD-Integrated mode would be best..

     

    ????

     

    Wednesday, June 16, 2010 4:33 PM

Answers

  • Hello,

    on the Windows server 2008 R2 DC open the DNS management console and verify the zone properties, which TYPE is shown? If AD integrated zones, what you see is normal, when adding a DC to a domain and install also the DNS server role on it AD will automatically replicate the DNS zone information to the other DC. There is no need in this case to configure the new DC/DNS as secondary.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Marked as answer by riktl Thursday, July 1, 2010 1:30 PM
    Thursday, June 17, 2010 6:58 AM

All replies

  • If you have a DC running DNS services and you host an AD Integrated zone, yes, your other DCs will load the zone as well as AD Integrated if they are within the DNS replication scope.

    So in your case, you should expect your RODC running DNS to load any AD Integrated zone hosted in the same domain.  If you want to control which partition the DNS zone is stored in, you could create a new partition, store the DNS zone in that new partition, and have the DCs that you want to participate to simply ENLIST in the partition.  Then, those DCs that do not enslist will not load the AD Integrated zone.  You would then create secondary zones on those DCs that did not enlist. 

    I do not understand why you would want to do this, but here is the information you need to create partitions, enlist, etc...

    Create a DNS application directory partition
    http://technet.microsoft.com/en-us/library/cc736585(WS.10).aspx

     


    Visit: anITKB.com, an IT Knowledge Base.
    Wednesday, June 16, 2010 7:50 PM
  • Hello,

    on the Windows server 2008 R2 DC open the DNS management console and verify the zone properties, which TYPE is shown? If AD integrated zones, what you see is normal, when adding a DC to a domain and install also the DNS server role on it AD will automatically replicate the DNS zone information to the other DC. There is no need in this case to configure the new DC/DNS as secondary.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Marked as answer by riktl Thursday, July 1, 2010 1:30 PM
    Thursday, June 17, 2010 6:58 AM