Managing Server Integration with AD DS
Applies To: Windows Server 2008
Integrating Domain Name System (DNS) with Active Directory Domain Services (AD DS) provides automatic replication between domain controllers in a common domain or forest. By installing multiple domain controllers in a domain running the DNS Server service, you can ensure that DNS will continue to work if a domain controller fails or is taken offline for maintenance. Having multiple domain controllers also makes it possible for you to locate the servers in sites where they can be reached most efficiently by DNS clients. In addition, the resulting load balancing can improve overall DNS performance.
When you install AD DS with the Active Directory Domain Services Installation Wizard (Dcpromo.exe), the wizard gives you the option to automatically install and configure a DNS server. The resulting DNS zone is integrated with the Active Directory domain that is controlled by the Active Directory server. This is the most common method for integrating DNS with AD DS.
You can also create directory-integrated zones that are not part of your AD DS domain namespace. By default, the data for a directory-integrated zone is replicated to all domain controllers in the corresponding forest or domain. If you need to change the replication scope for a zone, you can create an application directory partition to store zone data.
To improve the security of your DNS infrastructure, you can modify the list of member users or groups that are allowed to securely update the applicable zone and you can reset their permissions as needed.
To complete this task, you can perform the following procedures: