HOW TO CONVERT SECONDARY DNS ZONE INTO AD INTEGRATED ZONE

pt-br:
**Como converter uma zona dns secundária em uma zona dns primária integrada com Active Directory.**


1º - Export the zone information from the SOA (the authoritative dns server for the zone, which can be any dns server in an ad-integrated zone, you can check this information through the dns zone, usually this record is on the top):

DnsCmd dc01.contoso.com /ZoneExport contoso.com contoso.com.copy.bak

This will export the zone DNS from the SOA, to the folder %SystemRoot%\System32\DNS\
This first step is to make sure you will have a reliable backup of the zone you will convert.

2º - Now, back to server which has the secondary zone (I suppose you are connected in a different domain too. Be aware all procedure below must be done in the target servers of the the target domain, here in this example domainAZ , not in the source domain contoso.com.)

Convert the secondary zone on one of the DNS servers to a primary zone:

DnsCmd dc12.domainAZ.com /ZoneResetType contoso.com /Primary /File contoso.com.dns

This command will convert it to a primary zone and create a dns file at %SystemRoot%\System32\DNS\


3º - Now, you must delete the secondary zone from all other DNS servers in the target domain.

DnsCmd dc18.domainAZ.com /ZoneDelete contoso.com
DnsCmd dc39.domainAZ.com /ZoneDelete contoso.com


4º - Next, back to dns server which has the primary zone (the only one at this moment, on the target domain ok?), and remove all old NS records.

At this part, you will see the name of dns servers from the source domain contoso.com. As this zone is no longer be updated from these servers, and the dns servers from the target domain, domainAZ.com, will become the authoritative one for this zone, you can delete it using the command:

dnscmd dc12.domainAZ.com /RecordDelete contoso.com @ NS dc01.contoso.com

5º - Finally, convert the now primary zone to an AD integrated zone.

DnsCmd dc12.domainAZ.com /ZoneResetType contoso.com /DsPrimary

The zone will be now replicated to all domain controllers. If you want accelerate this process, use the following command:

repadmin /syncall /AdeP

I hope this can be useful.

Merry Christmas!

Cheers.

Comentários