spectrum48k

The existing DC is a win2k server and handless 20 PC's on the LAN, 192.168.0.x, subnet 255,255,255,0

It also provides its own DNS server, which resolves DNS for the LAN, using the made up domain name, GKC.LOCAL. It uses forward zone GKC.LOCAL and reverse zone, 192.168.0.x

We want to retire the DC, so I've created a new WIn2k3 Server computer. I told it there was an existing DC and that it was to be an additional DC, so it created the DC role and fetched all the info from the old DC. That's all working FINE.

The question is, it didn't create a DNS server role for itself on the new DC. It looks as though I'll have to transfer that part manually. Has anyone got any docs on doing this or can explain ?

I tried using this but it appears to assume I have a DNS server working on the new DC:
How to replace the current primary DNS server with a new primary DNS server in Windows Server 2003

LostUser

The first chapter in that link is titled "To Install DNS".

That'd probably be a good start.

Hanley

Just make the zone AD integrated??

Kieran_Burns

iTrader: (1)

As Hanley said - just set the zones to AD Intergrated and bobs your mothers brother.

DCPROMO the old Server out and the FSMO roles **should** get transferred across automatically.

Personally, I'd transfer all the roles over manually and LEAVE the old DC in place.

The thing is: if you lose the DC you lose the whole domain. Whereas having a backup one means people can still keep working... no single point of failure.

spectrum48k

sorry mate, can you elaborate ?

For some reason it won't let me create a new DNS server on the new DC. What I can do is connect to the DNS server on the old DC (iit puts all that info with the forward and reverse zones in the DNS management window)

Kieran_Burns

iTrader: (1)

Right click the zone, properties and change the type to Primary, Active Directory Integrated

Stealth

iTrader: (4)

Do exactly as Kieran has suggested, also leave the old DC in place and have the new one running the PDC emulator, it is never good having one DC mate!

spectrum48k

When you say zone, you mean the zone for the DNS server listed in the DNS management console ? I don't have a server listed.

I can't seem to create a DNS server on the new DC. It just lets me connect to an existing DNS server (on the old DC), whereby it puts that DNS server in the new DC's DNS management console, along with its zones.

Hanley

On your old DC launch the DNS snap-in.

Right click your forward lookup zone GKC.LOCAL and select Properties

You should see it is a Primary type zone...select change and select the option to store the zone within AD.

Go to your second DC and install the DNS Server role and AD replication will do the rest for you.

Either go for a coffee or use repadmin or replmon to force replication.

Once that is done I would follow Kierans advice and transfer all the FSMO roles to the 2003 DC using ntdsutil (don't forget that in order to transfer the schema master role your account will need to be added to the Schema Admins group).

Once that's all done I personally would use DCPROMO to remove AD from your old Win2K DC, upgrade your domain and forest to 2003 and then rebuild the old Win2K DC to 2003, as the guys said above it's very risky having a single domain controller, recovery is fairly straightforward when you have additional DCs.

Apologies if I'm teaching you to suck eggs here

spectrum48k mk2

not at all - I've have no experience with AD or DNS, so everyone's advice is most appreciated.

back to the matter in hand - when I check the old DC's DNS snap-in, the forward zone is already set to "Active Directory Integrated" its been like that forever,

When I installed Win2k3 on the new box, I gave it the AD role, and told it, it was the 2nd DC on the LAN, No mention of DNS was made and no DNS was created for me automatically ?

Going off what you've said, wouldn't DNS be automatically propagated across to the new DC ?

What should be in the DNS snap-in on the new DC ? Right now its empty. All it lets me do is connect to an existing DNS server (eg. on the old DC)

Hanley

Okay, you need to install the DNS role.

Click Start, Manage Your Server, select Add or Remove a role and select DNS Server - then just follow the prompts

or...

Add / Remove programs, select Add / Remove Windows Components and scroll down to Networking Services, select DNS and click OK

If it's already AD integrated then the zone will be replicated to this server.

spectrum48k mk2

OK, whenever I add the DNS role, it simply asks which DNS server to connect to. Here I can specify the old one, and it goes on to fill the DNS snap-in with the old DNS info

It doesn't let me create a *new* DNS server on the new DC - is that what I need to do ?

I may have dropped a boll0ck in that when I first installed WIn2k3 on the new box, for the network card's properties I specified DNS entry 1 of 2 as 192.168.0.1 (which is the old DNS server)

really sorry if I'm driving you mad! please bare with me

Hanley

That's how it should be configured as it's currently the only DNS server in your domain.

How did you install the DNS role?

You said your zone is already AD integrated, what's the replication scope?

When you use Manage Your Server to install the DNS role I always cancel out of the second part which is the 'Configure Your Server for DNS'

Force replication and it should be okay.

spectrum48k mk2

Manage Your Server > Add Role > Add DNS Server

where do I find this ? forward zone properties doesn't say

When I tru and add the DNS role, it seems very short and just asks me which DNS server to connect to.

So in the DNS snap-in on the new DC, can you confirm what *should* be in there ? Should it be a new DNS server with ip address of the new DC, or should it be the DNS server with the old DC's ip address ?

Seems I've hit a brick wall.

Hanley

On your new server, the DNS snap-in will initially be empty until Active Directory has replicated the zone information.

Once that's appeared amend your IP configuration of your second DC so the 1st DNS Server entry is 127.0.0.1

Hanley

It may be an idea if you take a screenshot of the DNS snap-in on your new DC

spectrum48k

OK, Here's the new DC, 192.168.0.2, showing the DNS snap-in:



NB: The old DNS server, 192.168.0.1, is depicted inside the snap-in

Is the above correct ?
or
Should the above snap-in be showing a DNS server with ip address 192.168.0.2 ?

Hanley

It should be showing 192.168.0.2

Right click DNS and add another server. keying in the IP of server 2

Hanley

Also have to ask.....why the hell have you installed Google Chrome onto your server?

spectrum48k mk2

Google chrome because I hate IE

As for DNS snap-in, like I said, it won't let me install a new DNS server on 192.168.0.2 - just connect to an existing DNS. I have no idea why this is. I've tried removing the DNS role and adding it back on, but it still won't let me create a DNS server on 192.168.0.2 - just connect to an existing DNS server

Hanley

Okay...

Check your services and see if DNS Server is running

If it is opent he snap-in and connect it to itself, that is right click, connect to server, type in it's own IP address

You may hate IE but I'm fairly sure it's patched a lot better than Google chrome, especially as it's running on your DC.

Hanley

spectrum48k

this is all I'm getting on the new DC (192.168.0.2):






Would I be able to 'remotely' create a DNS server on new the DC, by going to the DNS snap-in on the old DC ?

I don't understand why it won't let me create the DNS server. I wonder if I should have done this step BEFORE I gave it the 'additional domain controller' / active directory role?

Hanley

Okay.....show me a screenshot of your services snap-in..see if DNS Server is running

Also, trawl through the event logs

spectrum48k

check the event log > DNS server section and found this:

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Date: 19/02/2009
Time: 17:24:50
User: N/A
Computer: DC
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

For more information, see Help and Support Center at Events and Errors Message Center: Basic Search.
Data:
0000: f5 25 00 00 õ%..

Kieran_Burns

iTrader: (1)

You've not set your primary DNS to the local Server (in TCP/IP config) BEFORE you've got DNS running have you?

spectrum48k

the primary DNS on the new DC (192.168.0.2) points to the existing DC (192.168.0.1), which is running a fully functioning DNS server for the LAN

is this correct Kieran ?

Lads, I can totally understand if you want me to **** off, as I've taken up enough of your time. Can anyone recommend a good Windows 2003 forum I can post to ?

hodgy0_2

i know a long shot but you have'nt got AD sites configured and DC's listed in the different sites

I think whats confusing the IT crowd is that with AD Intergrated Zones it should be easy peasy

something silly must be wrong -- have you got AD replication , if you create an OU or user on the old DC does it appear in the AD of the new server - on a LAN should be intsant!!

also if you create a folder in the sysvol share does this get replicated?

spectrum48k

yes a new user shows up straight away on the new DC

the new DC just won't let me create a new DNS, just connect to an existing one

Question: Are their any dianostic tools I can use to check:

a) check the integrity on the old DC (windows 2000 server)
b) check the integrity on the new DC (windows 2003 server)

Hanley

Have a look at this KB mate see if it's relevant to your environment

Active Directory-integrated domain name is not displayed in DNS snap-in with Event ID 4000 and 4013 messages

Don't worry about taking up people's time....that's what we're all here for isn't it??

Hanley

run DCDIAG on both your domain controllers and check the ouput.

Better to pipe it to a file e.g.

dcdiag > c:dcdiag.txt

Then use DNSLint to troubleshoot DNS related issues, you can get this from MS on the link below

Description of the DNSLint utility