DNS and Active Directory, Best Practices

In my pre­vi­ous orga­ni­za­tion, I have Pro­moted, demoted and set up more than 100 domain con­trollers in an year and migrated a domain with 6000 users, 50 group poli­cies, 4000 com­put­ers to a domain hav­ing more than 500 poli­cies 125000 users, same num­ber of com­put­ers and 130 Domain Con­trollers. I have faced a lot of DNS related issues dur­ing, after the instal­la­tion of active direc­tory. In order to avoid such issue you may fol­low some best prac­tices and checks while installing and con­fig­ur­ing DNS for active directory.

  • If you are going to pro­mote the first domain con­troller and you don’t have a DNS present in the net­work, you can first install the DNS from add or remove win­dows com­po­nents and directly go for DC pro­mo­tion with­out con­fig­ur­ing DNS. I will leave the con­fig­u­ra­tion part to Active direc­tory and it should auto­mat­i­cally pop­u­late the zones.
  • If you already have a DNS server you need to check the DNS pre­fix of the server. The best prac­tice is to keep both the DNS zone name and active direc­tory domain name same.
  • Also before pro­mot­ing a domain con­troller you need to check the DNS is con­fig­ured prop­erly for that server. If it is the first domain con­troller and no DNS server is avail­able, then you need to men­tion the IP of the same machine as the DNS server. Else you can spec­ify the near­est or avail­able DNS server’s IP.
  • After pro­mot­ing the DC, you need to cre­ate the reverse lookup for the newly pro­moted DC. Most of the does not do this but it is required to get bet­ter name res­o­lu­tion. If the reverse lookup is not present, it will not be able to resolve the name of the DNS server when you type nslookup.
  • You can check for some DNS related events in the DNS console.
  • Make sure that required zones are cre­ated and some of the active direc­tory related records are cre­ated. If any­thing seems to be wrong you may restart the net­l­o­gon ser­vice or else can restart the server as a sec­ond option.

There may be some more addi­tional checks and prac­tices which can be fol­lowed accord­ing to the sit­u­a­tion. The above prac­tices are for gen­eral con­di­tions and can be fol­lowed to reduce the chance for an issue.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s