We currently have a single W2K3 server (fully patched) which is running
pretty much everything; AD (DC), DNS, and Terminal Services. We're expanding
and will have additional servers and wish to move the DC and DNS roles to a
new server.

The new server is in service and has been promoted to a DC (and Global
Catalog). DNS on the original server was set up using the defaults in the DC
promotion wizard.

We need a step-by-step procedure to follow to accomplish the migration of
the DNS role to the new server without breaking the existing AD-Integration.
The original server will be demoted from the DC role leaving it soley as a
Terminal Server. We assume that this can be done last unless we're advised
otherwise.

Thanks!

In news:9CADD613-366B-4A04-AED0-47ED5B749255@microsoft.com,
John3339 <John3339@discussions.microsoft.com> stated, which I commented on
below:
> We currently have a single W2K3 server (fully patched) which is
> running pretty much everything; AD (DC), DNS, and Terminal Services.
> We're expanding and will have additional servers and wish to move the
> DC and DNS roles to a new server.
>
> The new server is in service and has been promoted to a DC (and Global
> Catalog). DNS on the original server was set up using the defaults
> in the DC promotion wizard.
>
> We need a step-by-step procedure to follow to accomplish the
> migration of the DNS role to the new server without breaking the
> existing AD-Integration. The original server will be demoted from the
> DC role leaving it soley as a Terminal Server. We assume that this
> can be done last unless we're advised otherwise.
>
> Thanks!

Just install DNS on the new server. Since the new server is now a DC in the
same domain as the original DC, and the zone is AD integrated, the zone will
auto populate on the new machine. Then all that needs to be done is
uninstall DNS off the original DC (DO NOT DELETE THE ZONE). Just uninstall
it. If y9ou delete it off the old machine, that fact will replicate to all
DC/DNS servers and you will lose the zone.

Before you do that, of course, you'll want to change the DNS addresses
specified in your DC, member servers and client's IP properties. Assuming
you use DHCP, DHCP option 006 needs to be changed to reflect the new DNS
server's address as well. Do you have Macs? You'll need to change them too.

It's nbot the difficult as long as you remember what machines are set to use
the old DNS, you'll want to change them to the new one prior to uninstalling
DNS services off the old one.

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

Thanks much! Looks easy (as long as there are no trick questions in the
wazard).

John

"Ace Fekay [MVP]" <PleaseAskMe@SomeDomain.com> wrote in message
news:eJxfhCCqGHA.1600@TK2MSFTNGP04.phx.gbl...
> In news:9CADD613-366B-4A04-AED0-47ED5B749255@microsoft.com,
> John3339 <John3339@discussions.microsoft.com> stated, which I commented on
> below:
>> We currently have a single W2K3 server (fully patched) which is
>> running pretty much everything; AD (DC), DNS, and Terminal Services.
>> We're expanding and will have additional servers and wish to move the
>> DC and DNS roles to a new server.
>>
>> The new server is in service and has been promoted to a DC (and Global
>> Catalog). DNS on the original server was set up using the defaults
>> in the DC promotion wizard.
>>
>> We need a step-by-step procedure to follow to accomplish the
>> migration of the DNS role to the new server without breaking the
>> existing AD-Integration. The original server will be demoted from the
>> DC role leaving it soley as a Terminal Server. We assume that this
>> can be done last unless we're advised otherwise.
>>
>> Thanks!
>
> Just install DNS on the new server. Since the new server is now a DC in
> the same domain as the original DC, and the zone is AD integrated, the
> zone will auto populate on the new machine. Then all that needs to be done
> is uninstall DNS off the original DC (DO NOT DELETE THE ZONE). Just
> uninstall it. If y9ou delete it off the old machine, that fact will
> replicate to all DC/DNS servers and you will lose the zone.
>
> Before you do that, of course, you'll want to change the DNS addresses
> specified in your DC, member servers and client's IP properties. Assuming
> you use DHCP, DHCP option 006 needs to be changed to reflect the new DNS
> server's address as well. Do you have Macs? You'll need to change them
> too.
>
> It's nbot the difficult as long as you remember what machines are set to
> use the old DNS, you'll want to change them to the new one prior to
> uninstalling DNS services off the old one.
>
> --
> Ace
> Innovative IT Concepts, Inc
> Willow Grove, PA
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
> you to easily find, track threads, cross-post, sort by date, poster's
> name, watched threads or subject.
> It's easy:
>
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Infinite Diversities in Infinite Combinations
> Assimilation Imminent. Resistance is Futile
> "Very funny Scotty. Now, beam down my clothes."
>
> The only constant in life is change...
>

John wrote:
> Thanks much! Looks easy (as long as there are no trick questions in
> the wazard).

There's no trick questions, install DNS and the zone will be there usually
within 30 minutes, depending on the replication schedule and the size of the
zones to replicate.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

What server should appear as the SOA be in the replicated zone on the newly
added DC?

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> John wrote:
> > Thanks much! Looks easy (as long as there are no trick questions in
> > the wazard).
>
> There's no trick questions, install DNS and the zone will be there usually
> within 30 minutes, depending on the replication schedule and the size of the
> zones to replicate.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

In news:68D03F36-BA45-4B58-AAC4-3D1936BCC26F@microsoft.com,
Greg <Greg@discussions.microsoft.com> stated, which I commented on below:
> What server should appear as the SOA be in the replicated zone on the
> newly added DC?
>

It will actually change to any one of the DC/DNS servers.

Unlike Primary/Secondaries, where you can only have one primary (writeable),
and many secondaries (read only), and saves the zone data to a text file, AD
Integrated zones follow a multi-master design, (a cool benefit of AD
Integrated zones, besides security), which means any of the DC/DNS servers
have a writable copy, which stores the zone data in the actual physical
Active Directory database (which gets replicated to ALL DCs).

So whenever a DC/DNS server accepts an update, at that moment in time it is
the SOA of the zone and that info will get stored with the zone data and
gets replicated to other DC;/DNS servers, which then you will see as the
SOA. When another DC/DNS server accepts an update, (or something or you
change something for that matter), it will now become the SOA.

Ace