Read Only Domain Controllers and DNS zone updates

domain-name-system active-directory windows-server-2008-r2 domain-controller
9,442

Solution 1

RoDC DNS replication isn't a whole lot different than DNS replication for other domain controller computers (see the entry in the table titled "Read-only domain controller support" here for details), though you do need to have at least one Windows Server 2008-based DNS server hosting a writable copy of the zone (see the "Note" in the section titled "DNS updates for clients that are located in an RODC site" in this document for details). It sounds like you've got a writable Windows Server 2008 DNS server (the one in the data center), though, so that shouldn't be your issue. That W2K8 DNS server computer in the data center does have an "NS" record published in the DNS, doesn't it?

Are you sure you're getting replication to the RoDC machine? I'm getting the feeling that it's not receiving replication at all. A quick check w/ REPLMON (from the Windwos Support Tools) or your favorite replication monitor would let you know the last time the directory partitions it hosts were updated.

Solution 2

Yeah, after some careful reviewing of the event logs (and running dcdiag again), I recognized that we were missing a site link between the two locations in Active Direcory Sites & Services. Once that was recreated, it looks like replication is happening freely.

Damn, AD can be as simple as it is difficult sometimes.

Thanks again for your help.

Share:
9,442

Related videos on Youtube

Admin
Author by

Admin

Updated on September 17, 2022

Comments

  • Admin
    Admin almost 2 years

    I have a Windows 2003 domain and just added a new DC that runs 2008 R2. I updated the schema accordingly for both forest and domain levels. I also made sure to run /rodcprep at the time I did this. I have a branch office with a 2008 R2 file/print server that is a read-only domain controller (DC).

    The one problem I have been having is with AD-integrated DNS records updates. In the data center, we had to make an IP address change on a particular server. All our other sites' DCs (2003) updated the record fine. The 2008 R2 DC in the data center also updates its record fine. However, the RODC in the branch office does not.

    So if I nslookup the target server on a 2003 DC, the IP address is correct. Same with the 2008 R2 DC in the data center. But an nslookup on the branch office RODC still pulls in the old IP address.

    Moreover, any new records we've created (e.g., just added a new terminal server) do not get updated on the branch RODC either.

    Is there something simple I'm missing? How do I get the RODC to sync its AD-integrated DNS records with the rest of my world?

    Thank you in advance for your responses.

    Mike

  • Admin
    Admin over 14 years
    Yeah, I run dcdiag /test:Replications on the remote branch RODC and it shows last replication being over a month ago (when I first deployed it). That's odd - I wonder how I got it going in the first place and wonder what I missed putting in to keep it replicating...
  • Spence
    Spence over 14 years
    Hmm... a good guess, then. The "Directory Service" event logs on the RoDC should be complaining about lack of replication and should give you some idea of what's going on. There can be a variety of causes for the replication failure, but nothing too hard to sort out. Once you get that taken care of I think you'll find that things work as you expect them to.
  • Admin
    Admin over 14 years
    Ha! Missing site link...
  • Robert Kaucher
    Robert Kaucher over 8 years
    Don't forget to accept your answer. You may want to also pit the steps detailing what you did to create the link.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows Domain Controller/DNS Failure
Mutli-DC Environment DNS Error 4015
Cannot create a new domain in an existing active directory forest
Cannot connect to Active Directory Domain Controller
DNS settings for domain controller with dual nics one facing internet directly and one to router
resolving a dns entry for a virtual machine from physical host
Can't connect to domain controller
Cannot connect Windows 7 machine to windows 2003 domain
Windows Server 2008 R2 drops packets
what does exactly infrastructure master role do?