Active Directory and DNS help needed. I know there are issues. How to resolve?

R

RavinDJ

Supreme [H]ardness
Joined
Apr 9, 2002
Messages
4,448
So how do I resolve AD and DNS issues? I have a domain with a bunch of networked PCs. Most of them are Windows 7 Pro. The DC is a Server 2008 R2 server. But, I want to move it to a new 2012 R2 server. I have 2 VMs that I want to treat as DC1 and DC2.

I know the DC and DNS and AD were never set up correctly or something happened and things went sour. For example, a lot of the downloads start up fast and within seconds they fall to a halt.

The connection is Ultra 101 (101Mbps down) and a download from www.ubuntu.com can start off with a 5 minute download and then it can turn into 2 hours or 4 hours.

Would migrating it to a new server resolve the issue or is there something deep down that hurts all the machines?

Sorry for the n00bie questions, but I'm a n00bie when it comes to a DC/AD/DNS machine.
 
ok where to start hmmm and I will try and be nice.
First is it a work network and if so can you hire someone who knows what they are doing to troubleshoot this?
AD and DNS issues will not cause a download from a single ip address to stall.
The internet connection itself, the modem, the router, the switch, the wiring, bad nic in one or more PSs. the pc itself or AV installed on the PC can cause that but once the connection is made dns is cached on the computer and the dns server does not matter.
 
Last edited:
I agree with the above poster. This doesn't sound DNS problem at all. Typically DNS issues will be pass/fail type scenarios with not much middle ground.

Could be funky firewall/router setup, possibility of QoS that's throttling downloads.

Based on your post, sounds like you might be a bit "out of your league" when it comes to figuring this one out.
 
RavinDJ? Where are you at? There are a bunch of professionals on the forums that might be able to comein to help.
 
Off the top of my head you would need to make the 2012 box a dc, and then promote that and demote the old then you can go from there. This way you don't have to deal with de-join/re-join from one domain to another. You will want to map this out and plan it in steps.

For your download speed, your ISP may have some bulk QOS rules, they give you fast speed but it isn't uncommon for them to re-prioritize the file stream and throttle it down.
 
sc0tty8 said:
Off the top of my head you would need to make the 2012 box a dc, and then promote that and demote the old then you can go from there. This way you don't have to deal with de-join/re-join from one domain to another. You will want to map this out and plan it in steps.

For your download speed, your ISP may have some bulk QOS rules, they give you fast speed but it isn't uncommon for them to re-prioritize the file stream and throttle it down.
Click to expand...

Correct, need to add the new DC to the domain as a secondary and then demote the original DC. This will move the PDC roles to the remaining DC.

Then you can join another new DC to act as a secondary.

Finally for DNS if you are running dual DCs you will probably want to setup DNS replication.
 
No, the real problem needs to be found before any server updates are done.
Don't throw new hardware or OS into a broken network without first fixing the problem.

btw a virtual server for the primary AD controller is not best practices.

I recent was called in to fix an outage that both the primary and secondary DC were virtual machines on the same physical server which was down from a hardware failure. How dumb can you get......
 
stormy1 said:
No, the real problem needs to be found before any server updates are done.
Don't throw new hardware or OS into a broken network without first fixing the problem.

btw a virtual server for the primary AD controller is not best practices.

I recent was called in to fix an outage that both the primary and secondary DC were virtual machines on the same physical server which was down from a hardware failure. How dumb can you get......
Click to expand...

There is a difference between a virtual PDC and being dumb and putting the Primary and Secondary on the same physical machine ;)

The "problem" does not sound like AD/DNS as other posters have already said.
 
Grentz said:
There is a difference between a virtual PDC and being dumb and putting the Primary and Secondary on the same physical machine ;)
Click to expand...
True but it is still against best practices and can result in no support from MS and is not allowed in any type of regulated industry network.
 
And don't snapshot your DC if you virtualize. Prob want to disable time sync to host and setup something to sync weekly.
 
stormy1 said:
No, the real problem needs to be found before any server updates are done.
Don't throw new hardware or OS into a broken network without first fixing the problem.
Click to expand...
I tend to agree. The problem is very unlikely to be related to DC/AD/DNS, but it's better to start any significant upgrade process from a known clean point.
btw a virtual server for the primary AD controller is not best practices.
Click to expand...
Of course it is. More than that, you'd be hard pressed to find a physical AD DC box in any business of significant size anymore. Hell, a lot of small businesses are moving that way simply for the efficiencies realized from task consolidation.
I recent was called in to fix an outage that both the primary and secondary DC were virtual machines on the same physical server which was down from a hardware failure. How dumb can you get......
Click to expand...
Ok, ya; that's dumb and not best practice
 
sc0tty8 said:
And don't snapshot your DC if you virtualize. Prob want to disable time sync to host and setup something to sync weekly.
Click to expand...

Yes you definitely disable time sync from the host for the PDC and point it at an external NTP server. It will need to be way more than once a week, but the PDC should take care of that on its own.

I'm about to just disable time sync on all VMs. I've had hosts stop syncing from the DC, then it starts updating all hosts on that machine with the wrong time. And since the VMs default to the host as the time source (not the local DC) when that option is selected it can (and has) caused auth. problems.
 
You must log in or register to reply here.
Back
Top