Networks·41,424 discussions

Should my DNS in AD be updateing?

Locked

In an AD enviroment where the DNS gets and updates information from AD; Useing ADSI Edit, should the key(s) under DC=,CN=MicrosoftDNS,CN=System,DC= have my current DNS’s (terminology may be way off)? The DNS server that’s there is the old system, but it seems whenever I remove the old DC (with DNS) the whole network goes to crap and randomly people can’t login anymore, etc. I believe this may be the cause for this, but I am not sure. None of the new DNS servers are showing there either.

When I look at DNS, it shows all three DNS’s (1 old, 2 new servers) and the GC records are all correct. So honestly, I’m not sure where or how it happened, but that’s how it’s setup now.

Alternatively, in AD Users and Computers it’s under –>System–>MicrosoftDNS–>.

Also, should I have something other than the default root DNS servers in the RootDNSServers part? All that’s there now is the defaults and I’m running an intranet.

Topic

Clarifications

In reply to Should my DNS in AD be updateing?

Clarifications

Re: DNS

In reply to Should my DNS in AD be updateing?

Have you checked what the DNS servers are at the clients (command prompt – IPCONFIG /ALL)? It sounds like you haven’t changed the DNS settings they are getting from the DHCP server or the clients haven’t updated yet.

Please let me know if that helps or you have further questions.

Yes

In reply to Re: DNS

All the DNS settings are statically assigned and also assigned in GPO (though I’m testing to ensure this is actaully applying). Some of these machines have the “old” DNS server assigned as their primary which may be causeing some issue, but their secondary DNS is still contantly active, but was NOT listed in AD whereas the “old” DNS server was.

Active Directory requires DNS to function

In reply to Should my DNS in AD be updateing?

if the old server is running DNS and there are no other DNS servers on the network, then if you remove the old server, Active Directory will fail.

note: DNS servers do not have to domain controllers and domain controllers do not have to be DNS servers, but there must be at least one DNS server on the network.

Yes

In reply to Active Directory requires DNS to function

All three domain controllers are also DNS’s. What I’m wondering is Why the other two DNS servers are not listed in the MicrosoftDNS containers in AD but ARE in the DNS manager as nameservers.

and they replicate zone data with each other?

In reply to Yes

when you remove a server from the network, the roles that server played also has to be removed or the other servers will continue to try and replicate data and contact that server. Clients that would use that server for name resolution will continue to try and contact that server.

If you simply unplug the server from the network, you’ll find lots of replication event errors and contact errors in the event viewer.

refer to Microsoft best practices on decommissioning domain controllers and domain name servers from an Active Directory environment on Technet.

Sidebar

In reply to Should my DNS in AD be updateing?

I have tried adding the other two DNS servers manually into the MicrosoftDNS container/subcontainers and it would seem, just looking at the switch, that alot of the network activity has slowed down where previously, there was ALOT of broadcasting.

[Author]

Replies