Hi, The article 825036 ( http://support.microsoft.com/?kbid=825036 ) states that "If the server is the first domain controller that you installed in the domain, and the server runs DNS, configure the DNS client settings to point to that first server's IP address". I don't understand what do they mean by "the first domain controller of the domain". Is there a special role for this? I have a large network (one domain) with tens of Windows 2003 DC's (most of them have DNS service installed, and DNS is AD-integrated). The DC's are scattered around tens of physical sites. The article also states: "Configure additional domain controllers that have DNS installed to point to the first domain controller that was installed in the domain and that runs DNS. Configure these additional domain controllers to point to themselves as secondary." (does it refer only to Non AD-integrated DNS or that it doesn't matter!?) I don't know or remember who was the first DC to be installed, and if I do know who it was? what should I do? Do I need to configure this one DC as Preffered DNS Server for all DC's in my Domain, and then the DC's themselves as Alternate DNS Servers? Can I just pick one DNS Server to be Primary? I have 2 server data centers - One Primary and a Secondary. Can I just Pick a Server at the Primary data center and it will fill out the role of "the first DC in the Domain"?

Basically the first DC in the domain has all the FSMO's and is a GC, when the netlogon service starts it tries to register its srv records with the preferred DNS server, ldap, global catalog, keberos records etc....without these your domain wont function correctly. If your unsure, pick one DNS server in the domain and point all of them to it as preferred, restart the netlogon service and it will register with that DNS server, then the changes replicate around the DNS servers (presuming they are AD integrated) and you can point the DC's back to wherever after that

Don't forget to enable forwarding on that DNS server also to handle requests outside the local zone.

"The article also states: "Configure additional domain controllers that have DNS installed to point to the first domain controller that was installed in the domain and that runs DNS. Configure these additional domain controllers to point to themselves as secondary." (does it refer only to Non AD-integrated DNS or that it doesn't matter!?)" I think they have to be talking about about non-AD integrated because says: KB article 291382 says: "The most common mistakes are: * The domain controller is not pointing to itself for DNS resolution on all network interfaces." It makes no sense to me to point one DNS server to another - if the machine can't do lookups for itself, how can it do them for clients?? (I am not talking about forwarding - that is another issue) Anyway, I have always pointed them to themselves only, and it works for me. The clients all have two DNS server entries, so there is redunancy, and if the DNS service goes bad on the server, then I'd rather know right away than have it go to another DNS server for lookups. I think Stu is essentially saying the same thing - you could temporarily point the DCs to the FSMO/GC role holder but they should end up pointing to themselves. But I dunno, seems like a big hassle, and AD should replicate quickly. BTW, there can, and IMO should, be more than one GC holder. Peter

This 'first' DC can most likely be indentified by finding the the DC that holds the FSMO roles. You find that in AD Users and Computers, right click on the domain and select Operation Masters. See what the Operations Master is for the RID, PDC, and Infrastructure Master. Since you have multiple DC's the Infrastructure Master role should be not be running on the DC that functions as the GC. If this hasn't been changed, check your event log and you'll probably see several errors referencing this. The DNS issue configuration you are referring to is to prevent a problem known as DNS Islanding. If the DC points to itself it thinks it has all the records it needs and may not replicate or received replication from new DNS entries. By pointing the DNS servers to one 'main' DNS server this can be avoided. This is not as big an issue in Window 2003 and Windows 2000 with the latest service packs and is a bit too complex to explain here. Do a search on DNS Islanding for more information. Pointing DNS servers to themselves usually works, however it is possible it is causing AD problems that don't show up easily. The general feeling is that DNS servers should point to a main server, then the main server points to itself but this is not a hard and fast rule. Read up on it and pick the solution that works best for your environment. The FSMO thing is not really related to this issue. And yes, you should have more than one GC especially if you have multiple sites.

Hi, Thanks all for your comments. First, all of the FSMO roles are already scattered around in different DC's. BTW, all of my DC's are also GC's. Microsoft recommends that if you have more than 50-100 users per site to have at least one GC. I've got tens of sites, and most of them have 2 GC's in them. I thought maybe Microsoft refers to a problem similar to a recommendation by them to point the WINS server to another server, because it takes time for the WINS service to load and therefor the Server cannot register itself in its database when it starts up. About the Infrastructure that needn't be a GC - T think it only refers to multiple domains, if you have only one then it's not a problem. So, in the end, you all say that I just need to pick one DC - it doesn't matter who it is... or am I wrong?