AD and DNS Server on same machine?

Topic

New Reply

I’m trying to install 2K Server on a small network, and recently ran across a warning not to put AD, the domain controller and DNS all on the same machine.
Any advice or pointers?

TIA

Reply | Quote

Replies

Can you tell us where you got this advice? I don’t mean to be rude, but that’s dead wrong. When you dcpromo, the DNS server is installed. You will need to set your DNS client on that machine to point to the DNS server on that machine. AD will not work correctly otherwise.

Perhaps the advise was to not have all your clients hammer the DNS server on the AD domain controller?

Reply | Quote

Hi Dean, Thanks for responding.
I got the advice from Minasi.com newsletter #7.
I usually consider Mark Minasi on par with God when it comes to Win 2k, but this one has really got me bugged. Here’s his exact text:
++++++++++++++++++++++++++++++++
Running Active Directory in a Single-Server Environment Causes Deregistration Errors
Intrigued by a reader letter, I built a simple AD for testing purposes with just one server. That server acted as the sole DNS server and domain controller (as well as the sole server of any kind, file and print included) for an Active Directory-based domain. I then got a Netlogon error like this one in the Event Viewer, referring to an event ID 5775:

Deregistration of the DNS record ‘_ldap._tcp.gc._msdcs.win2ktest.com. 600 IN SRV 0 100 3268 dun.win2ktest.com.’ failed with the following error: DNS bad key.

I was surprised to find an article in Microsoft’s Knowledge Base (Q252695) that says that dynamic DNS sometimes can’t register or de-register DNS records on a system which is an AD domain controller, a global catalog server, the dynamic DNS server for that domain, and that refers to itself for name resolution (in other words, if you were to look in the “DNS server addresses” box in the Advanced TCP/IP settings for that system, you’d see that it refers to itself).

That sounds like a fairly significant problem for small offices. In fact, it kind of makes me wonder how they’re going to get Small Business Server 2000 to work in that case — if it’s anything like the current product, it might not even allow any other servers. Anyway, a word to the wise for small users of 2000 and AD is, I guess, “don’t use 2000 unless you’ve got a second server.”

Reply | Quote

I too have a high regard for Minasi’s material. In fact, I learned most everything I know of MS servers from reading his books.

I run Win2k on my small network (~50 users). We have two servers both running AD and therefore DNS server. I don’t know exactly what to suggest. The newsletter #7 is rather outdated (Sep 2000). Perhaps this has been fixed in SP2 or post SP2 patches. You could just email him your question: help@minasi.com.

Reply | Quote

I’ve Emailed him this… I love that he answers, but sometimes it takes a while. I’ll post here again when/if he responds. My network is smaller than yours by nearly an order of magnitude, and I’d hate to sacrifice another box to serving.

Reply | Quote

Not to mention the cost of licensing another Win2k server which probably costs just as much as the hardware it runs on. Have you thought about maybe running a freeware DNS? There are many linux distros that to this very well and can run on a 486 (for DNS only). Perhaps your ISP will DNS for you (far from best solution)?

Reply | Quote

Good idea about the freeware DNS.
Here’s what Mark Minasi Emailed me today:
In actual fact, it doesn’t seem to be that big a deal. Mostly cosmetic, actually. If you want to do something about it then just restart the Netlogon service, that seems to update DNS without trouble. But really you
should have more than one DC and DNS server. I hope this helps!

Mark

Reply | Quote

My home network has a single Windows 2000 server running all the services I need, including DNS and AD.

The only issue I have with this setup is that every time I boot it logs a single Event 5781, doesn’t seem to do any harm and the linked article shows how to cure it.

StuartR

Reply | Quote

Thanks for the link, Stuart, that is a very useful site!

Reply | Quote