9

I have about a hundred DNS zones that I need to convert from being not AD integrated to be AD integrated. I want to do this with minimal downtime. So far, my process is:

  1. Change DNS zone on one DNS server (also domain controller) to be AD integrated
  2. Delete the DNS zone from the DNS server where it is the secondary zone (also a domain controller)
  3. Wait a period of minutes for the zone to be replicated to the second server at this site.
  4. We actually have two sites involved with this, so we have to wait even longer for the replication to the second site

Is there some way to speed up DNS replication between: servers on the same site, and servers at different sites? We have Server 2008 R2 DNS/DCs, and at the 2003 domain functional level.

northben
  • 382
  • 1
  • 4
  • 13
  • I tested everyone's suggestions and I just can not find a way to affect replication speed. It seems that there is still a 2-3 minute delay, no matter what I do. – northben Aug 22 '12 at 13:20
  • After repeated testing (PowerShell script loop running nslookup), I consistently see zones replicated between servers at the same -- and even different -- sites within one or two minutes. Unfortunately, I have not been able to reduce the time by any of your suggestions, although I am very grateful for the help. – northben Aug 23 '12 at 12:40

5 Answers5

19

Sure is.

Cause Immediate Replication

If you want replication to occur immediately instead of waiting for the typical replication cycle, follow these steps:

  1. In Administrative Tools, start Active Directory Sites and Services.
  2. Expand Sites. There should be at least one site labeled "default-first-site-name" (or others if they have been manually configured).
  3. Expand default-first-site-name, expand Servers, and then expand Computer.
  4. Expand NTDS Settings. One or more objects are listed in the right pane. One of those objects is a link to the domain controller you want. To see the "friendly" name, right-click an entry and view the name. One of the objects points to the domain controller you want. Right-click that entry, and then click Replicate Now. The replication is performed immediately.

Note: The time it takes to update the target controller depends on network performance.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • 1
    I will accept your answer because I did not know about triggering replication in AD Sites and Services MMC, although that seems to not make a difference in my situation. – northben Aug 23 '12 at 12:40
  • 1
    This can also be done from a command prompt by running: repadmin.exe /syncall /APedq – SamErde Feb 17 '22 at 16:54
8

The OP has probably moved on to other things by now but there is one piece missing from the other answers.

I found the solution on a blog (alexwinner.com, 2012-08-30, Polling interval of an Active Directory Integrated zone by the DNS Service (edit: link removed: see edit history)).

I say Reinstate Monica
  • 3,132
  • 7
  • 28
  • 52
IT Juggler
  • 91
  • 1
  • 2
6

If you want something ticking over in the background, use repadmin: Repadmin

I've used this to do pretty much the same thing. Don't replicate everything, you only need to replicate the dnsDomain partition (i think the DN is dc=domaindnszones,dc=yourdomain,dc=co,dc=uk).

If I was at work right now, I could dig out a working example.

--- EDIT 22/08/2012 ---

Example of repadmin:

%SystemRoot%\System32\repadmin.exe /replicate <target_dc> <source_dc> DC=DomainDnsZones,DC=domain,DC=co,DC=uk
Simon Catlin
  • 5,232
  • 3
  • 17
  • 20
  • I've tried repadmin, but I have not been able to get a proven solution. If you can share an example you've used for this situation, that would be a great help. Can you share how you would make the change? For example, change zone to be AD integrated on server A (primary zone). Delete zone on server B, then run repadmin on server B? Or do I run repadmin on server A? Server A and B? What if A and B are same site? Different sites? – northben Aug 21 '12 at 22:05
  • Ah, I was just trying to assist with the replication aspect. However, DNSCMD *may* allow you to manipulate your zones. I will post a REPADMIN example tomorrow. – Simon Catlin Aug 21 '12 at 22:08
  • yeah I am familiar with dnscmd. I am just not sure if I should use repadmin to push or pull the changes to/from the other DNS servers. Wow my previous comment was overly complex! – northben Aug 21 '12 at 22:14
  • NorthBen - see above for repadmin example. It works a treat. I use it to speed up the DNS registration of a Win2k8 geographically-dispersed failover cluster's hostname (i.e.: when the cluster groups fails over, the new IP needs to be in DNS everywhere pretty damn quick). Like I say, works a treat. – Simon Catlin Aug 22 '12 at 19:23
2

You don't specify what Windows version your DNS server(s) are running or what Windows version your Domain Controller(s) are running, but intrasite replication generally occurs within 15 seconds (to the nearest replication partner in the same site) while intersite replication occurs every 180 minutes and can be changed in ADS&S as HopelessN00b stated in his answer.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • Sorry for that omission. I edited my question. – northben Aug 21 '12 at 14:49
  • I was seeing replication times upwards of 1-2 minutes between servers at the same site during my testing today. I will try forcing replication as suggested by HopelessN00b to see if that helps. – northben Aug 21 '12 at 14:50
  • Is inter-site still a minimum of 15 mins on 2k8? – Simon Catlin Aug 21 '12 at 21:59
  • Intersite and Intrasite replication are two different things. Intersite replication occurs every 180 minutes. Intrasite change notification occurs within 15 seconds and periodic replication (regardless of notification) occurs every 15 minutes. – joeqwerty Aug 21 '12 at 23:38
0

Try this, worked in my situation albeit a different situation. After removing the secondary zone and changing the primary zone to ad domain integrated zone, first ensure the zone transfers are setup correctly then reload the zone on the primary. In my case reloading the zone on primary forced the immediate sync to the other dns servers specified in the name servers tab.

bilbo
  • 1