Checklist: Verifying DNS before installing Active Directory

  • [アーティクル]

Updated: January 13, 2010

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Checklist: Verifying DNS before installing Active Directory

Step Reference

Verify that a network connection on the server on which you are installing Active Directory is configured with a DNS server to query for domain names.

If you are installing Active Directory on a server in an existing forest, then the network connection of the server must be configured with one or more DNS servers. If not, then configure the network connection with the IP addresses of one or more DNS servers.

If you are installing Active Directory to create a new forest, and no DNS servers are available on the network, then the Active Directory Installation Wizard can automatically install and configure a local DNS server. The DNS server will be installed on the server where you are running the wizard and the server's preferred DNS server setting will be configured to use the new local DNS server. If you install a local DNS server using the Active Directory Installation Wizard, you may stop using this checklist.

Configure TCP/IP to use DNS; Create a new forest

Verify DNS resource records.

If you are installing Active Directory on a server in an existing forest, verify that the appropriate service (SRV) resource records and the corresponding address (A) resource records exist in DNS.

  • Additional domain controller in an existing domain: _ldap._tcp.dc._mcdcs.ActiveDirectoryDomainDNSName

  • First domain controller in a new child domain: _ldap._tcp.dc._mcdcs.ParentActiveDirectoryDomainDNSName

  • First domain controller in a new tree: _ldap._tcp.dc._mcdcs.ForestRootDomainDNSName

If the required SRV and A resource records do not exist in DNS, you can add these records.

Verify DNS registration for domain controllers using the nslookup command; Add a host (A) resource record to a zone; Add a resource record to a zone

Verify dynamic update and service (SRV) resource record.

Verify that the authoritative DNS zone for the domain controller locator (Locator) DNS resource records allows dynamic updates and that the DNS server hosting the zone supports the DNS service (SRV) resource record. To locate the authoritative DNS zone, you will need to locate the primary DNS server hosting that zone.

If the authoritative DNS zone is not configured to allow dynamic updates, configure the zone to allow dynamic updates.

Notes

  • The authoritative DNS zone for the Locator DNS resource records will have the DNS name of the Active Directory domain or the name of a parent zone. For example, if the DNS name of the Active Directory domain is example.microsoft.com., then the authoritative DNS zone could be one of the following:

    • example.microsoft.com

    • microsoft.com

    • com

  • If you have configured DNS to not dynamically register these resource records in DNS, then these resource records must be added manually. The list of resource records that should be registered by a domain controller are stored in the following location:

    systemroot\System32\Config\Netlogon.dns

Allow dynamic updates

Note

See Also

Concepts

Checklist: Installing a DNS server