Hi Everybody,
we recently upgraded our domain controllers from Server 2012R2 to Server 2019. Before upgrade there were four domain controllers - dc1, dc2, dc3 and dc4. We moved DNS to a server, which is not a domain controller (because we intend to use 3rd party DNS server
in the future), so now the DNS is not active directory integrated. We have exported the DNS zones and records and after that imported them back to the non-AD integrated DNS. dc1, dc2 and dc3 were demoted and the only dc4 is operational, it owns all the FSMO
roles. So far so good. Four new domain-controllers were added to the domain - newdc1, newdc2, newdc3 and newdc4. The partitions forestdnszones and domaindnszones in DNS contain _ldap records only for the old domain controllers (these partitions are not
being maintained by active directory, because the DNS is not AD integrated). We found something strange with application, that are using LDAP to authenticate users: when dc4 is powered on - the authentication is OK, when dc4 is powered off - the authentication
is unsuccessful. Does anybody know whether both partitions are mandatory for LDAP authentication? If you have any questions I will ask to them.
Thanks in advance!
