2

I have one WINDOWS SERVER 2012 running my DNS and AD DS on the same server. I am trying to move DNS to it's own server and ADDS to it's own server as well.

What I have done so far is setup ADDS on the new server then added it to the domain to be sync'd. Do I now drop the old ADDS server so the new one can take over?

As far as the old DNS server goes is there a way to export then import like with BIND/NAMED on linux?

Jackson Nelson
  • 31
  • 2
  • 2
    Why do you want to do this? – MDMarra Jul 04 '15 at 01:45
  • In AD World it's common to have both DNS & ADDS on the same server. I've never seen a setup with these roles being separated. Anyway, this poses a good question - is it possible and supported to have DNS role with AD integrated zones on a member server :) – iPath Jul 08 '15 at 22:18

3 Answers3

7

As a best practice, you should be running AD DS and AD-Integrated DNS zones (ADI zones) on the same server. This is because the DNS records in ADI zones are replicated using AD DS replication and are stored in the directory, rather than using things like a zone transfer to get records across multiple DNS servers. If you want to use ADI zones for your internal AD-joined clients (and you should) then you cannot separate the AD DS and DNS roles.

It's quite common and recommended to run your internal DNS on the same servers as AD DS, and unless you have an exceptionally compelling reason not to, this is the configuration that you should use.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Thanks. I did not know this. So I should setup AD DS and DNS on the same new server and then sync the records over from the old server and then change the new server's IP to the old and should work? – Jackson Nelson Jul 04 '15 at 01:49
  • 1
    @JacksonNelson what's your goal? You should have more than one domain controller running DNS in any AD domain. – MDMarra Jul 04 '15 at 01:50
  • I'm trying to move from one old server to two new servers to add redundancy. So what I really should do is add AD DS and DNS to both the new ones? – Jackson Nelson Jul 04 '15 at 02:12
  • Yes. Running an AD domain with a single domain controller is a "resume generating decision." :) – MDMarra Jul 04 '15 at 02:49
0

Don't forget to transfer existing FSMO roles on your old server to the other servers before decommissioning.

Rob Ramos
  • 1
  • 2
  • As an aside, DCPROMO will move the FSMO roles from the FSMO role holder when decommissioning the FSMO role holder. There's no requirement to do it manually. – joeqwerty Jul 04 '15 at 19:27
0

I'm trying to move from one old server to two new servers to add redundancy. So what I really should do is add AD DS and DNS to both the new ones?

You should make both of the new servers domain controllers (the AD DS role) and DNS servers. Set up the new servers to be additional domain controllers as part of the same domain served by the existing old server. Once that is done, promote one of the new servers to primary DC, change the DHCP servers in your domain to hand out the addresses on the new servers as the DNS servers, and wait for at least one whole DHCP lease time cycle. Then demote the original server and decommission it. Lastly, you can raise the functional level of the domain.

Joel Coel
  • 12,932
  • 14
  • 62
  • 100