In this Video: 

• Discuss the benefits of storing Zones in Active Directory
• Take a closer look at the Active Directory Zone Replication Scope
• Demonstrate Replication in a Domain, Forest Environment
• Use DNS Manager and ADSI edit to view Domain and Forest Zone Data
• Demonstrate how to remove Zone Data from Active Directory.

Prerequisites: You must have access to or have installed in your lab the following:

• Windows 2016 server with DNS and Active Directory installed and the server promoted to a domain controller.
• Forward and Reverse lookup zone creation completed.

Adequate permissions will be needed.

• To configure a DNS server that is not running as a domain controller, you must be a member of the Administrators group for that computer.
• To configure a DNS server that is running on a domain controller, you must be a member of the DNS Administrators, Domain Administrators, or Enterprise Administrators group

The Benefits of Storing Zone Data in Active Directory 

• AD-integrated zones can only be configured on domain controllers.
• Domain controllers configured as a DNS server in a domain is the authoritative server for that domain. So, DNS records can be updated on any of these servers and the changes will be automatically replicated.
• Active Directory can compress replication data between sites and replicates data securely, hence DNS replication also becomes fast, secure and efficient. This works even over slow links.
• Redundancy - Because AD-integrated zones are replicated to either all Domain controllers in the Domain or all Domain controllers in the forest this provide redundancy thus, there’s no single point of failure in the DNS design.
• Security - If secure dynamic update is enabled, only authorized clients can update their records in DNS zone.  

In order to understand how replication works, we must understand some things about the structure of Active Directory. Here is an illustration. 

• A simple domain structure – DE.DNS-ZONE.COM

• A Domain is a logical group of computers, users, and printers that share the same database.

• Now let’s add a child Domain – DE.DNS-ZONE.COM

• This is considered a tree

• In this example, Active Directory calls this structure a Forest, which in this case is named DNS-ZONE.COM.

• Why, because in this example all the domains share the same schema. A schema is an AD component that defines all the objects and attributes that the directory service uses to store data.
• What we have is two domains and one Forest.  
• We will now put this knowledge to work, to replicate DNS Zone data, first to a domain then to a forest.

Active Directory Zone Replication Scope 

After using the Zone wizard to create Forward and Reverse Lookup Zones, the third step reveals three choices for replicating DNS data on our network.

• Forest - To all DNS servers on Domain Controllers in this Forest: DNS.COM
• To all DNS servers on Domain Controllers in this Domain: de.dns.com
• Windows 2000 Compatibility
• Directory Partition – A partition is a storage place for DNS zones, that distinguishes data for different replication purposes. In this case, this option is grayed out.

DNS Data Replication on all Domain Controllers in this Domain 

Let’s start with Domain Replication, because it is the easiest to understand.

If we choose the second selection we will be replicating DNS data to every Domain controller in the DE.DNS.COM domain. Even though in this case there is only one Domain Controller. 

We will now use DNS manager and ADSI edit to view Zone data at the Domain level. 

DNS Manager – Domain DNS data from the DE zone is displayed

• From DNS manager, take a look at the records that are present in the

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access