If you are currently using standard zones and your long-range goal is to move to Active Directory-integrated zones, you will be able to do so after migrating the zone data using either available method. But what does this really entail? What must you do ahead of time? If you are migrating from a system that uses standard DNS zones, things get a little more complicated -- but not horribly difficult. The first thing to remember about zone transfers is how the standard DNS zone servers are arranged.
Standard DNS zones operate in a single master arrangement where only one DNS server has the master writable copy of the DNS zone data; all other servers have read-only copies. The two types of standard zone servers you may encounter are:. In order to migrate your DNS zone data to a Windows Server computer, you will need to have a functioning standard primary server; you will also need to make the new Windows Server DNS server a standard secondary server in that zone by creating a new standard secondary zone on that server.
Once this is done, you will need to configure the standard primary server to allow zone transfers with the new Windows Server computer. If you change the zone into an Active Directory-integrated zone, it will, by default, be configured to not use dynamic updates.
From the General tab of the Zone Properties dialog box, you should change this setting as soon as you can to Secure Only to allow the greatest flexibility and security of your zone data. Alternatively, you can perform the zone transfer method from the command line using the following command:. Again, you will need to have the standard primary zone server available and the secondary zone already created on the new Windows Server server before performing the zone transfer.
You can create the standard secondary zone on your Windows Server DNS server from the command line as well by issuing this command:. You can specify multiple IP addresses by separating them with a comma. The FileName value must be the exact file name of the standard primary zone, just the same as when you are creating the zone via the DNS console. For all versions of Windows since Windows NT 4.
Improve this answer. Todd Wilcox Todd Wilcox 2, 2 2 gold badges 18 18 silver badges 30 30 bronze badges. Excellent point in the right direction. Would it be ok to transfer the fsmo role during the day during production? I seem to remember it being pretty seamless. FSMO roles are usually only used when they are needed, which is infrequently. The PDC Advertiser is probably the most "busy" role. Remember, you can seize FSMO roles if the holder of any roles crashes and can't be recovered.
The one thing that could get you totally caught out is that when a DC boots, it may need to contact a PDC advertiser sometimes to start AD services. Never seen that happen. And I guess I wasn't clear that yes you can transfer all the roles in the middle of the day and no one will ever know. What you don't want to do is transfer roles at the same time another admin is installing AD services on a new DC. I doubt that's a risk for you.
I strongly suggest you do not change the IP of the new DC. It's a read-only environment variable set when the user logs on.
You don't have to pay attention to it at all. Show 9 more comments. Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password. Thank you Tim. This has been a real hassle for quite some time and has been holding back my domain migration to R2. Wait for replication and population of the zone. I re-ran the Best Practices Analyzer and my server came up clean, no recommendations. Whew, I hope this helps. It has been days of Googling trying to get this sorted out.
Again, Thank you Tim. Still, it'll be on another DC Arg, they're all grey! My domain is in trouble! Thank you both Baldwin and kgills for solving my problem. Microsoft explanations look too complicated.
I am running R2 servers. DigitalMan did you get an answer for your situation? Did you apply a fix or leave the error alone? Office Office Exchange Server. Not an IT pro? Learn More. Windows Server TechCenter. Sign in.
United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Asked by:. Archived Forums. Sign in to vote. Thursday, November 18, PM. So far I had one AD issue which is I cannot see my remote locations different ip blog on my windows network, Actually I use dameware and I can see my local network pc but not remote locations , however I can ping and connect manually. They both show msdcs.. Articles did not worked out on my environment, Obviously my msdcs zone has been corrupted.
0コメント