DNS migration

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Just wondering if anybody out there had good suggestions for how to migrate
DNS the best way for the following situation:

Company currently has an NT domain, plus a lot of unix stuff.. They have
DNS internally that is being provided by unix, and all clients are using
these dns boxes as per DHCP scopes.

They would like to do an in place upgrade of the NT domain, and would like
win2003 DNS to take over the unix DNS.

Would the best method for this migration be:

1. Install a win2003 member server with DNS service , and get a secondary
zone transfer of the zone from Unix.
2. Make sure zone transfer is successful, then mark it as primary, make the
unix secondary, and change DHCP scope to assign clients with the new primary
DNS
3. upgrade the PDC to win2003, and initially point it to the member 2003 DNS
box, instead of itself (since the clients are using the member box at the
moment for dns)
4. Install DNS on the new 2003 DC and get a zone transfer from the member
server with DNS. Mark the DC's DNS zones as primary, change DHCP scope to
assign the new DC DNS , and uninstall DNS from the member server.
5. Dcpromo the member server to become a second DC, install DNS, and
configure DHCP scope to assign the second DC DNS as dns#2.

Does this sound right, or is there a better way?
1 answer Last reply
More about migration
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Ziek" <ziek@nomail.net> wrote in message
    news:eik9Vt4RFHA.1476@TK2MSFTNGP09.phx.gbl...
    > Just wondering if anybody out there had good suggestions for how to
    migrate
    > DNS the best way for the following situation:
    >
    > Company currently has an NT domain, plus a lot of unix stuff.. They have
    > DNS internally that is being provided by unix, and all clients are using
    > these dns boxes as per DHCP scopes.

    Notice that maintaining zones on an authoritative server,
    and being used directly as the DNS server by some clients
    are technically two separate things.

    Even if you happen to use the same server for both, as many
    people do, it helps simplify design and especially troubleshooting
    if you keep them mentally separate.

    > They would like to do an in place upgrade of the NT domain, and would like
    > win2003 DNS to take over the unix DNS.

    Assuming you will use the SAME zone/domain name
    as the Unix already supports:

    Simplest is to go ahead and put DNS on the NT PDC
    as a SECONDARY to the existing DNS zone on Unix.

    Swap roles, Unix ->Secondary, NT ->Primary.

    Change the NT PDC (and any other clients you wish.)

    Upgrade the PDC to upgrade the domain (remember your
    backups.)

    During the upgrade it SHOULD offer to make the zone
    "dynamic" (which isn't possible in NT). If this doesn't
    happen for some reason, do it manually (and then work
    to get the records registered but the point of this sequence
    is to fix it so that the upgrade can handle that.)

    A key to that is making sure the PDC is ONLY a DNS
    client of itself, the DNS primary so that we are certain
    that the upgrade will understand the process.


    > Would the best method for this migration be:
    >
    > 1. Install a win2003 member server with DNS service , and get a secondary
    > zone transfer of the zone from Unix.

    You could do it that way too. And doing this,
    you can make sure it is dynamic before the upgrade.

    After the upgrade you can DCPromo this Win2003
    server as an additional DC to the upgraded domain.

    Add DNS to other DC (upgraded NT-PDC), make
    replicate AD FULLY, and make them both AD-integrated
    if you wish.

    > 2. Make sure zone transfer is successful, then mark it as primary, make
    the
    > unix secondary, and change DHCP scope to assign clients with the new
    primary
    > DNS

    That's a good step no matter which specific sequence
    you follow.

    > 3. upgrade the PDC to win2003, and initially point it to the member 2003
    DNS
    > box, instead of itself (since the clients are using the member box at the
    > moment for dns)

    Yes, if you follow this sequence instead of mine above.

    > 4. Install DNS on the new 2003 DC and get a zone transfer from the member
    > server with DNS. Mark the DC's DNS zones as primary, change DHCP scope to
    > assign the new DC DNS , and uninstall DNS from the member server.

    And make the original 2003 Primary a secondary -- or
    follow my other idea about DCPromo on this 2003
    server.

    You really need two DCs (minimum) anyway.)

    > 5. Dcpromo the member server to become a second DC, install DNS, and
    > configure DHCP scope to assign the second DC DNS as dns#2.

    If doing this, I would reverse this step before messing with
    the DNS (that is presumably already working from the
    original upgrade.)

    Get it stable, get AD replicated before messing with the DNS.

    > Does this sound right, or is there a better way?

    It isn't that different as long as you understand the KEY Principles:

    1) DNS must be dynamic to support AD

    2) Before AD, only the Primary can make it dynamic

    3) All DNS clients must use STRICTLY the internal, dynamic
    DNS server (set).

    4) DCs (and any server really) are DNS CLIENTS!!!!!

    I didn't hear you mentioning the dynamic settings much
    above, and that is an EASY item to overlook.

    Here's my general checklist -- troubleshooting -- for DNS/AD:

    1) Dynamic for the zone supporting AD
    2) All internal DNS clients NIC\IP properties must specify SOLELY
    that internal, dynamic DNS server (set.)
    3) DCs and even DNS servers are DNS clients too -- see #2
    4) If you have more than one Domain, every DNS server must
    be able to resolve ALL domains (either directly or indirectly)

    netdiag /fix

    ....or maybe:

    dcdiag /fix

    (Win2003 can do this from Support tools):
    nltest /dsregdns /server:DC-ServerNameGoesHere
    http://support.microsoft.com/kb/q260371/

    Ensure that DNS zones/domains are fully replicated to all DNS
    servers for that (internal) zone/domain.

    Also useful may be running DCDiag on each DC, sending the
    output to a text file, and searching for FAIL, ERROR, WARN.

    Single Label domain zone names are a problem Google:
    [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
Ask a new question

Read More

Unix DNS Active Directory Windows