Saturday, December 22, 2012

How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain



You may want to create a child domain and then delegate the Domain Name System (DNS) namespace to a domain controller located in this child domain for any the following reasons:
·         Added DNS servers can reduce network traffic.
·         Added DNS servers can provide redundancy.
·         Active Directory namespace delegation and DNS namespace delegation remain consistent, simplifying your overall namespace design.
Global catalog and domain records exist only in parent (root) DNS server.


Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server
  1. Right-click the root zone, click New Delegation, and then click Next.
  2. Type the domain name for the child domain, and then click Next.
  3. Add the child DNS server to host the new zone, and then click Next.NOTE: A domain controller that is a DNS server should have a static Transport Control Protocol/Internet Protocol (TCP/IP) address. Verify that this step is performed before you install DNS on the child domain controller. If no DNS TCP/IP address exists, DNS is installed as a root server. If you see that a "." folder is created after you install DNS, you must remove the root configuration. For additional information about how to do this, click the article number below to view the article in the Microsoft Knowledge Base: http://support.microsoft.com/kb/229840/EN-US
 DNS Server's Root Hints and Forwarder Pages Are Unavailable
  1. On the child domain DNS server, right-click My Network Places, and then click Properties.
  2. Right-click the appropriate local connection, and then click Properties.
  3. Under Components checked are used by this connection, click Internet Protocol (TCP/IP), and then click Properties.
  4. Click Use the following DNS server addresses:, and then type the TCP/IP address of the parent (root) DNS server.


Install DNS on the Child Domain Server
  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
  3. Click Networking Services, and then click Details.
  4. Click to select the Domain Name System (DNS) check box, click OK, click Next, and then click Finish.


Create a Child Zone on the Child Domain Server
  1. Click Start, point to Programs, point to Administrative Tools, right-click the appropriate server name, and then click New Zone. You can use the wizard to configure the child zone.
  2. Click Next, click Standard Primary, and then click Forward lookup zone.
  3. Type a name for the child zone, such as child.mydomain.com. You can use default settings for the zone file information.
  4. Click Next, and then click Finish.


Enable Dynamic Updates
  1. Right-click the child zone you just created, and then click Properties.
  2. In the Allow dynamic updates? drop-down list, click Yes, and then click OK.


Promote the Child Domain Server
Before you promote the child domain server, review the "Checklist: Installing a domain controller" in Windows 2000 Help.

To promote the server to a domain controller, click Start, click Run, type dcpromo, and then click OK.

Note that it can take up to 15 minutes for the child domain to populate the subfolders. The following folders are created:
  • _msdcs
  • _sites
  • _tcp
  • _udp


Optional Configuration Considerations
NOTE: The following options depend on how your organization wants to setup its DNS name resolution and namespace, and using proxy servers or firewalls can influence this decision as well.
  • On the TCP/IP properties of the child domain server, change the TCP/IP address of the DNS server to point to its own TCP/IP address.
  • Consider integrating DNS with the Active Directory on the child DNS server.
  • Add the parent (root) DNS server as a forwarder on the child DNS server.

No comments:

Post a Comment