We are working towards converting a number of our existing DNS zones from
Bind 9.X to Windows Active Directory Integrated. I have a rough idea on how
to perform this action, but I am unsure on a couple of items.

What happens when we convert to Active-Directory Integrated Zone as there
will be no "Record Owners" when we convert? How will machines keep their
records upto date.

What happens to other clients that cannot perform Secure Updates (like Unix
hosts). Do we need to mantian these as static entries?

Our current Domain Controllers run Stub Zones that point to BIND DNS
servers. This is the general Plan we have to convert the zones. Let me know
if I am missing something.

1, Convert the Stub zone to a standard Secondary zone
2, Force Zone transfer
3, Convert the standard Secondary Zone to a standard Primary Zone
4, Change zone on all DC's to Active Directory Integrated. Allow secure
updates only.

Can anyone see any issues with this method? Thanks in Advance for your

"Bob Smith" <BobSmith@discussions.microsoft.com> wrote in message
news:1D5267C0-9CC5-4179-B9F5-CEE5207F5503@microsoft.com...
> We are working towards converting a number of our existing DNS zones from
> Bind 9.X to Windows Active Directory Integrated. I have a rough idea on
> how
> to perform this action, but I am unsure on a couple of items.
>
> What happens when we convert to Active-Directory Integrated Zone as there
> will be no "Record Owners" when we convert? How will machines keep their
> records upto date.

This isn't an issue for them -- they will replicate using AD replication.


> What happens to other clients that cannot perform Secure Updates (like
> Unix
> hosts). Do we need to mantian these as static entries?

Yes, or use a Domain Member DHCP server to issue the address and do
the registration.

> Our current Domain Controllers run Stub Zones that point to BIND DNS
> servers. This is the general Plan we have to convert the zones. Let me
> know
> if I am missing something.
>
> 1, Convert the Stub zone to a standard Secondary zone
> 2, Force Zone transfer
> 3, Convert the standard Secondary Zone to a standard Primary Zone
> 4, Change zone on all DC's to Active Directory Integrated. Allow secure
> updates only.

Yes. I would wait for FULL replication after changing the first DCs from
ordinary Primary to AD Integrate -- make sure they all have the records
in AD before making the change. Do this on the initial ordinary Primary.

> Can anyone see any issues with this method? Thanks in Advance for your
>

It is entirely normal.

> What happens when we convert to Active-Directory Integrated Zone as there
> will be no "Record Owners" when we convert? How will machines keep their
> records upto date.

>>>> This isn't an issue for them -- they will replicate using AD replication.

In response to this; I have been told that the BIND records that come over
need to be deleted and then a new one created (ipconfig /registerdns).
Apparently this is the only way to ensure dymanic Updates will work as it
ensures an owner is assigned to the resource record. Has anyone done this
before and run into a similar problem?