I have a Windows 2012 Essentials server in my house as primary domain controller of course and also DNS server. I have a laptop I'm setting up as a secondary domain controller and DNS server.  My hope is when I go to the next rev of Windows server I won't have the headaches redoing everything I originally did only having one Domain Controller and no secondary.

Anyway, I have seen a lot of instructions on how to configure a secondary DNS and for me it never matches what others gets.  After you install the role, they say to create a new zone under Forward Lookup Zone and show the current forward lookups are blank.  They then say to select "Secondary" which makes sense to me.  My problem, everything from my primary DNS server is already showing in the Forward and Reverse Zones  So if my domain was called test1.local the new DNS server has under Forward Lookup Zones test1.local and under that a replica of all the IP info.  When you select just "Forward Lookup Zones" on the right says it's "Active-Directory-Integrated Primary".  I know normally this should just say "Secondary".  Reverse Lookup Zones is the same.  Did I do something wrong?  Why does my system completely different from all the instructions out there?

Thanks.

Steve

Hi

Is your laptop going to be the server forever? why dont you create a vm on one of your servers and then setup the DC? Laptops are not meant to be DC's.

Hi

Is your laptop going to be the server forever? why dont you create a vm on one of your servers and then setup the DC? Laptops are not meant to be

The short answer to why things are different for you than "everything else out there" is probably because you are searching on the term "secondary DNS" or similar. And if you were *just* making your laptop a secondary DNS server, the instructions you found would work fine.

But you aren't doing that. You are making your laptop a DC. And DCs are intrinsically tied to DNS, so the very act of making your laptop a DC changes all the DNS settings that occur, making "normal" secondary DNS instructions utterly useless.

The good news is you don't need to do anything. DCs are DNS servers. They aren't technically "secondary" because AD is multimaster in operation, but the end result is very similar. So unless you manages to break something, your DC is ready to be used as a DNS server, no further changes required.

Just want to add that your router is a perfectly good DNS server. If the Essentials server is unavailable for a time, turn on DHCP on the router and have it be the DHCP and DNS server until the Essentials box comes back to life.

Alternatively, consider what you will do if the entire Essentials server is destroyed and never comes back to life.  The second DC will do what?  Users can logon to the domain with cached credentials for weeks (not sure anyone actually knows how long or how many times), so the second DC is not a lot of use in an Essentials Domain as without verified backups you will have to build a new domain.

Thank you all for the reply. Very useful information.  I mainly created the "laptop" based secondary DC because I only had one DC and when I rebuilt Windows 2012 with the R2 version, all my clients lost their association to the domain and had to add them back to the domain which created new profiles on the client and was a real pain.  Then read you always want two DC's so you can make the secondary primary during the time you are rebuilding the primary DC and then when it's ready switch it back to primary.

That said, so I started thinking well if I now have this secondary DC, and when I take the primary offline everyone complains they can't get on the internet anymore, why isn't the DNS services running on the laptop taking over?  I have both IP's in the DNS settings on the client, laptop as secondary.  Not sure why this happens.

Thoughts?

Steve

Steve:

I have no idea what disrupted your stations membership in the SBS domain.  I have never seen this happen and don't think I have ever heard of it before.  If you created an Server 2012 domain and joined the clients to it, that might explain what you experienced.

In any SBS/Essentials domain the only setting in the DHCP from the server (or the router) for DNS should be that of the IP of the server.  Any computer or server in the LAN should have ONLY the server DNS settings in ipconfig /all.  Full stop. 

When the server is off line, (which should be very infrequent or you need better/different hardware), turn on DHCP from the router with the ISP DNS settings (or change DNS if the router is the DHCP server as is allowed in Essentials) embedded there and reboot or ipconfig /renew the stations. 

When the SBS/Essentials server is back, turn off the settings on the router, restart or ipconfig /renew on the stations.

Let me try a different approach:

Environment:

• 192.168.1.1 -- Primary DC and DNS Server (Windows 2012 R2 Essentials)
• 192.168.1.5 -- Secondary DC and DNS Server (Windows 2012)

Client workstation network settings:

• Primary DNS: 192.168.1.1
• Secondary DNS: 192.168.1.5

If I turn off the Primary DC, client workstations stop pulling up webpages.  Isn't the point of the secondary DNS entry in the network settings on the client to switch to it when the primary is not responding?

Steve

Yes... that is the whole point.  You CAN do that... but there is no point.  If the Essentials box fails and there are no backups you have to start over.  If the Essentials box fails and there are backups, turn on DHCP on the router until you get the Essentials box recovered.  Provisioning and maintaining a second DC in such a small environment is more expense and trouble than it is worth.

Yes... that is the whole point.  You CAN do that... but there is no point.  If the Essentials box fails and there are no backups you have to start over.  If the Essentials box fails and there are backups, turn on DHCP on the router until you get the Essentials box recovered.  Provisioning and maintaining a second DC in such a small environment is more expense and trouble than it is

Let me try a different approach:

Environment:

• 192.168.1.1 -- Primary DC and DNS Server (Windows 2012 R2 Essentials)
• 192.168.1.5 -- Secondary DC and DNS Server (Windows 2012)

Client workstation network settings:

• Primary DNS: 192.168.1.1
• Secondary DNS: 192.168.1.5

If I turn off the Primary DC, client workstations stop pulling up webpages.  Isn't the point of the secondary DNS entry in the network settings on the client to switch to it when the primary is not responding?

Steve

• Edited by JustIke 2 hours 14 minutes ago

• Edited by JustIke Saturday, March 14, 2015 4:46 AM

There are a couple things. First it is my understanding that Essentials does not allow any other DC. It can be the only Domain Controller in a single forest (no backup PDC).

Not so.  Add as many other DCs as you like.  No restrictions, no limits.  Also no functionality in the short run, and in the long run either your backup puts the Essentials server back, or you start fresh with a new domain, or you have a massive clean up job to kill off any reference to the Essentials server in the domain.  Note that I have not tested the latter, not even sure it would work.