Disabling AD Integration

Does anyone here know how to turn off AD Integration on the forward and reverse lookup zones of a DNS server (service stopped)? I'm having a heck of a time finding how, myself....

 

Here's a page I have bookmarked to assist my feeble brain. Scroll about halfway down, and look for a purple header "configuring zones." Look above it, especially # 4, and below it, and see if that helps. If not post back and please tell a little more about your network - how many servers this affects, which version OS, and which ones/types you want to affect. I'll try to help. AD is fabulous and horribly frustrating all in the same breath...

http://www.comptechdoc.org/os/windows/win2k/win2kdns.html

 

Also, if you post back, please tell if any of the affected servers are inside/outside of a dmz, and which is which.

 

Here's another site I use quite a bit. Scroll about halfway down the page to see the screen shots. I "think" you turn the integration off in DNS service, rather than AD. Maybe someone knows better, but I have done this...see the check box at the bottom of the configuration box - is that what you need?

http://www.computerperformance.co.uk/w2k3/services/DNS_install_zones.htm

 

Heh, link no 1 wasn't much help I'm afraid. The zones don't appear in the DNS mmc unless the DNS server is started. This is the page that I am referencing. I am trying to resolve warning number 4515 in the DNS log on our 1 W2K3 server, which isn't inside a DMZ.

Thank you for your help, what I've done is restarted the DNS Server service, and stopped AD Integration on all our zones, and THEN stopped the service, contrary to this article. Seems to have worked.

 

Hi, thanks for posting back. How did you do it when you said "stopped AD integration on all our zones" in the first place? Was it in the dns service as shown in that dialogue box's check box halfway down here: http://www.computerperformance.co.uk...tall_zones.htm or did you find a place in AD to stop it?

Hey I took exam 70-294 - "Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure" and passed it, but I have to say that I walked out of there realizing I had a ton left to learn. I still do, even though I use it every day.

I've always stopped it as shown in that link above. Did you find a better way?

 

Alright...what I did was ensure that the DNS Server service was running. (zones apparently don't appear in the console without it - d'oh!)
Then, I opened the DNS console from Administrative Tools. This listed forward and reverse lookup zones in the tree. I expanded these to view our zones, on the general tab of the properties of each zone is a button to stop AD Integration from running.

Unfortunately, it turned out that this hasn't solved the problem at all. This was SUPPOSED to stop a duplicate zone from replicating to our other DNS server, but the darn thing still exists.

Heh, you weren't kidding when you said AD was frustrating. Any idea how to delete a zone from DomainDNSZones?

 

Ahhh, stupid Milty...

I just described how to PAUSE ad integration, and not stop it. What worked was pressing the change button next to zone type, and unchecking the integrate with active directory checkbox. That worked f'sho this time, as the DNS service started without logging the damn 4515 error...whoopeeeee!

 

Gosh, do I have to call myself stupid everytime it takes a while to balance AD issues with other services and issues? LOL

I'm sorry I didn't get back quicker. I'm working today unfortunately, and thanks for posting the results. As I said, I was "almost" sure it was in the DNS service snap-in rather than actually in Active Directory. That's where we often get fooled.

We think AD controls everything, and it almost seems to, so we go there first.

For what it's worth, if it's a policy or permissions type of issue, or something I can relate as similar to that, I go to AD.

If it's a "Service" issue like this, I go there first. The setup, properties, etc of the services usually have their own controls. Permissions, policies and the like don't usually have their separate controls of course with an AD domain controller. That's why I took the stand about it being in the DNS snap-in. I couldn't remember exactly where, I just expected it to be there because I've done it before.

Another problem with this stuff is we don't set one up everyday the way a helpdesk tech might set up a new machine fairly often. We administer it, but the raw setup of services including dns, AD etc gets partly forgotten by the next time.

A couple of days ago I had to poke around "forever" to find out where to turn off ICS in XP Pro. I can't remember if I ever had done it, or if I had forgotten. I know how it works, what it's for, how it affects things, etc, I just couldn't find the @#$%#@ control.

So why should I feel bad when I have to hunt for this? You knew what you wanted, understood how it worked, what it was for and how it was affecting you. You just needed the @#$%#@ button.

If I scratch my head and use that little "theory" of mine above, I usually go right to the control panel.

Good job!!