No announcement yet.

Do AD Sites and DNS Zones have to both be child objects?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Do AD Sites and DNS Zones have to both be child objects?

    I have a root domain setup at the corporate office in Atlanta and have a new company that is a totally seperate domain in North Carolina. They have no website and I am now hosting thier e-mail domain on my e-mail server in ATL. If I just demote thier DC and repromote as a Site on my domain do I create a new zone in DNS like if I didn't create a child domain called in AD?

    I guess I'm asking if the DNS Zone and Child Domains in AD are linked by name?

    From my reading it says that adding a remote site is better than a child domain if you will be using the same security settings (Group Policies) Which I will be.

    Any help would be appreciated.

  • #2
    Re: Do AD Sites and DNS Zones have to both be child objects?

    when you create a Child Domain you actually also adding a Sub domain in the Roots DNS, e.g
    when you add/create a DC on a remote site on the same Domain , you use the same name space as the root domain DNS name , e.g.
    the only problem if you demote that DC , you would lose all it's Users/groups/Computers/etc on that domain that it used to be a member of.
    the question you should be asking is , do you need that name space or not?
    if it's only for external email services so you can talk to the ISP to change the MX records of that domain name to your Email server's front end IP address and authorize your exchange/mail server that domain name in it's autherasation domains list.


    • #3
      Re: Do AD Sites and DNS Zones have to both be child objects?

      Well the users and computers are not that important right now because there are only 10 users and all of them actually have accounts on the root domain because they have to use terminal services to connect to a Trucking software package that authenticates to AD on the root domain. So I had to create user accounts here so they can login to the Logistics system. I just want to "bring them into the root domain" by demoting/repromote their DC and create the bridgehead server and GC on their end and set them up just as a site in AD. I just am not positive what to do with the DNS on thier end. Just setting them as a seperate zone so that all resolution can be done to thier DC and then forwarded out to the Root domain DC's and then a public name server? I have a T1 on both ends and a persistant VPN setup and working now.

      I need to go up to NC in the near future and make the switch either after hours or on a weekend so I just want to have the process mapped out so I have as few problems as possible and keep the VPN traffic to a minimum.

      Do you think the site on the root domain or the child domain is the way to go?

      thanks for the reply.


      • #4
        Re: Do AD Sites and DNS Zones have to both be child objects?

        ok, just to clear things up a bit, once you join that DC to the root domain , that DC would no longer be part of the Child domain name space (since you removed it from that AD and joined it to the root AD and if that is the last DC in that Domain, then well that domain would no longer exist).

        if you claim that all the users are any way login to the root domain I don't see a reason why leaving that child domain in place, just b/c of it's name space?
        you can always open a sub domain in the root dns zone for that name and you got that covered as well.


        • #5
          Re: Do AD Sites and DNS Zones have to both be child objects?

          Yes, The DC in the remote location was a single DC in a forest of one Domain not hosting any website or any external services. I just want to bring them in to our domain structure so I can administer them using my AD and Group Policy's and give the access to our shared resources on our servers in Atlanta. So I will be "destroying" their domain and just adding a remote DC at their location that will replicate from my DC's here in Atlanta. I was just unsure of how DNS will be setup at the remote location to keep the VPN traffic to a minimum. I had seen examples of setting up Zones for remote child domains but not not just remote sites of the same domain. Maybe I'm just complicating things and should let the wizard do it.. haha


          • #6
            Re: Do AD Sites and DNS Zones have to both be child objects?

            ok , you made it more clear now, the remote domain has a name nothing related to the root domain at your site (e.g. vs
            if you need the name space ( then you can just create that zone on your DNZ as additional zone and you can even copy the records which in my opinion are not needed, but you have the option if you would like to.
            once you demote that DC and join it to the domain , it would be part of and not part of, but that is fine b/c you created a new zone under the name of in the DNS.
            as far as DNS traffic goes, there would be no difference what so ever if it is a child domain or part of the root domain since client access DNS via IP address (usually configured through the DHCP Server/Service or machines with Static IP in the DNS configuration of the machine's NIC/IP settings) and not by name space, hence client in the remote site would still get DNS services from the new joined DC that remains on site as you stated.
            if you would ask me , if the name has no meaning and you don't really need it , then go for a DC on remote site configuration, if you do need that name ( then a child domain would not really help you here anyway since it would be called, so you going to have to keep that name by creating a new domaintree in the forest (not a child domain).
            If I would you I would try and avoid at all cost the creation of a new Domain just b/c you might need the old domain name.
            I hope I answered your question.
            Last edited by Akila; 23rd September 2008, 16:39.