question

NavS-9823 avatar image
0 Votes"
NavS-9823 asked NavS-9823 answered

AD migration / DNS query

Hi, we are planning an AD domain migration and i had a questions around client DNS registration.

We have so many networks across the country that we have decided it would make our life much easier if we could host the new domain on the same network/subnets as the old domain. The old and new domains will be joined by a two way trust. Now obviously i can only have one DHCP server on any given subnet to hand out IPs, gateways and DNS addresses etc, so we are opted for the new AD server to be the one that handles DHCP for both old and new domain clients, and we will hand out the new AD servers IP as the DNS server). We will setup conditional forwarders to handle the DNS requests back and forth from old and new domains and vice versa so that should work fine....correct me if i am wrong.

My question is that if a client still on the old domain tries to register itself in DNS (DNS server IP is the new AD server) will the fact that i have a 2 way trust allow the old clients A record to be populated in the old domains dns?

Thanks

windows-active-directorywindows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Dev073 avatar image
0 Votes"
Dev073 answered

Hi,

DNS updates on multi-domain with single DHCP is tricky. It will work but with certain limitations.
When updating the host record, DHCP server searches for a DNS server which is authoritative for the zone matching the domain name of DHCP client.
So if DHCP client is a member of new domain, DHCP server will look for a DNS server which is authoritative for the zone .

Read the section: DHCP in a Multi-Domain AD Forest from this link for detailed tested approach
https://social.technet.microsoft.com/wiki/contents/articles/51810.windows-server-integration-between-dns-and-dhcp.aspx

I would recommend separating the subnets and dhcp server per domain to avoid any potentials issues.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NavS-9823 avatar image
0 Votes"
NavS-9823 answered

HI

Thanks for the response, i know the above is all true for child and parent domains, but does it also hold true for two domains held together by a 2 way trust?

I am hoping that when a client in olddomain.com tries to register its own name against the newdomain.com AD server, the newdomain.com AD server sends it back to the correct DNS zone in olddomain.com and the record is registered there.

We did think about new subnets for the new domain but we have several hundred subnets and if i can get away without doing that- quite a big expense - then i prefer it. However if there is a show stopper in this method then will have to reavaluate the whole project.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.