Configure AD Integrated Zones

  • Article

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

You can use this procedure to change a primary zone so that it is stored in Active Directory Domain Services (AD DS). When you store a primary zone in AD DS, the zone type is changed from primary to Active Directory (AD)-integrated. For more information, see Understanding Zone Types (https://go.microsoft.com/fwlink/?LinkId=165769).

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Changing the zone type to AD integrated

  • Using the Windows interface

  • Using a command line

To change a zone type to AD integrated using the Windows interface

  1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.

  2. In the console tree, right-click the zone you wish to configure, and then select Properties.

  3. On the General tab, next to Type, click Change.

  4. In Change Zone Type, select the Store the zone in Active Directory check box, and then click OK.

  5. Click Yes when you are prompted to confirm this change, and then click OK to close zone properties.

To change the zone type to AD integrated using a command line

  1. Open an elevated command prompt.

  2. Type the following command, and then press ENTER:

    dnscmd <ServerName> /ZoneResetType <ZoneName> /DsPrimary

Additional considerations

  • The option to store the zone in Active Directory is only available if the DNS server computer is operating as a domain controller. When this zone type is selected for use, zone data is stored and replicated as part of the AD DS database.

  • Only primary zones can be stored in the directory. If a zone is configured on other domain controllers as a secondary zone, these zones will be converted to primary zones when you convert the zone to AD integrated. This is because the multimaster replication model of Active Directory removes the need for secondary zones when a zone is stored in Active Directory. Conversion of the zone from secondary to primary will occur when AD DS is restarted.

  • Changing the DNS zone type or storage can be time consuming for large zones.

  • To view help for the dnscmd /ZoneResetType command, type the following at a command prompt and then press ENTER:

    dnscmd /ZoneResetType /help

  • Use the following syntax when configuring zone type settings. Information about the available properties and options is provided in a table below.

    dnscmd <ServerName> /ZoneResetType <ZoneName Property> [<MasterIPaddress...>] [/file <FileName>] {/OverWrite_Mem|/OverWrite_Ds|/DirectoryPartition <FQDN>}
    Parameter Description

    dnscmd

    Specifies the name of the command-line tool for managing DNS servers.

    <ServerName>

    Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.) or omit the host name.

    <ZoneName>

    Required. Specifies the fully qualified domain name (FQDN) of zone.

    <Property>

    Required. One of the following zone types:

    • /Primary

      Standard primary zone. The /fileFileName option is required.

    • /DsPrimary

      AD DS-integrated primary zone. If the zone is not already a primary zone, you must convert it to a primary zone (using /Primary) before you use this parameter to integrate the zone with AD DS.

    • /Secondary

      Secondary zone. You must specify at least one MasterIPaddress.

    • /Stub

      Stub zone. You must specify at least one MasterIPaddress. If the zone is an AD DS-integrated primary zone, you must use /DsStub to convert it to an AD DS-integrated stub zone before you use this parameter.

    • /DsStub

      AD DS -integrated stub zone. You must specify at least one MasterIPaddress. If the zone is not already a stub zone, you must convert it to a stub zone (using /Stub) before you use this parameter to integrate the zone with AD DS.

    /file <FileName>

    Required for /Primary. Specifies the name of a file for the new zone. This parameter is not valid for the /DsPrimary zone type.

    <MasterIPaddress...>

    Required for /Secondary, /Stub and /DsStub. Specifies one or more IP addresses for the master servers of the secondary zone or stub zone, from which zone data is copied.

    /OverWrite_Mem | /OverWrite_Ds | /DirectoryPartition <FQDN>

    /OverWrite_Mem overwrites existing DNS data using the data in AD DS. /OverWrite_Ds overwrites Active Directory data with data in DNS. /DirectoryPartition stores the new zone in the application directory partition that is specified by FQDN, such as DomainDnsZones.corp.widgets.tailspintoys.com.

See Also

Concepts

Configure the Discretionary Access Control List (DACL)
Allow Only Secure Dynamic Updates
Checklist: Implementing a Secure DNS Configuration