I'm looking at a Microsoft AD design best practices paper and they make a recommendation that I don't fully understand. They recommend that you make all (non forest root) DNS servers secondary for the _msdcs.<ForestRoot> domain. I understand why having the _msdcs domain available everywhere is a good idea, but why not just make the DNS servers secondary for the whole <ForestRoot> domain?
In my AD design I have two AD domains: The forest (empty) root ads.kimball.com, and kii.kimball.com which holds all users and servers. The domain controllers for each domain also run DNS, each serving as the primary for their domain, and secondary for the other domain. In the lab, this seems to work just fine. Am I missing something here? Am I going to create problems by having more than the _msdcs zone replicated to the other DNS server? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
