Oftentimes, DNS is the culprit when Active Directory goes down. First and foremost, it's essential not to run DNS servers on top of Active Directory servers. This can cause a lot of abnormalities which would be avoided with separate machines for the separate functionalities. You will also want to check the DNS records for the following items: PDC, GC, GCIPAddress, DSaCname, Kdc and DC. For the DNS records returned for each client, make sure that the Domain Controller is specified as well as the Primary Domain Controller. You also want to specify the Kerberos and Global Catalog servers in the DNS configuration file.
When DNS is a problem with Active Directory Authentication, there are specific error messages returned. The Microsoft Knowledge Base outlines the appropriate measures to troubleshoot Active Directory issues due to DNS Configuration items here. Depending on the error message received, the DNS configuration should be updated to adapt to the expected parameters to ensure replication if the Primary Domain Controller becomes unavailable.
Dig Deeper on Campus area network
Related Q&A from Lindi Horton
Lindi Horton explains how to provide the fastest Internet sharing speed to a client when many users are trying to access the internet as well as ... Continue Reading
Network Administration expert, Lindi Horton provides her expertise on advantages of DNS, and provides an example of a reliable and flexible DNS ... Continue Reading
Network administration expert, Lindi Horton answers a query regarding file server troubleshooting. She explains potential reasons for file server ... Continue Reading