I am putting a new RODC into a site with already has 2 RODCs in it, ths site is called Mgmt. I am running the dcpromo command and I have gotten to the "Additional Domain Controller Options" window (where you check off the box for Read-only domain controller (RODC"). It runs a DNS check and comes back with the following error: "We could not determine whether dynamic updates are enabled on DNS server 'DNS01.company.com' for domain 'company.com'. If dynamic updates are turned off, registration of DNS records in the domain will be affected. Having dynamic DNS updates disabled may result in failures to register host (A or AAAA), LDAP service (SRV), and alias (CNAME) resource records, which can cause many operations to fail, including domain join, domain controller promotion, user logon, replication of Active Directory partitions. Make sure that dynamic updates are allowed on this server."
This error is expected, as this new RODC, as well as the existing RODCs, are not allowed to update DNS01.company.com. A little background of the setup is likely needed at this point. Our DNS is done through Cisco DNS servers. The DNS01 server is the authoritative DNS for our domain company.com. Our WDCs in our company LAN are allowed to dynamically update DNS01. The RODCs in the Mgmt site do not point to DNS01, they point to the authoritative DNS for the Mgmt network (called MgmtDNS01).
According to our DNS guys, this MgmtDNS01 server is a secondary server to DNS01. MgmtDNS01 accept dynamic updates from the RODCs in the Mgmt network/site and forward these update records onto DNS01 to do the actual update to the company.com zone. So MgmtDNS01 does not update the company.com zone directly. MgmtDNS01 then receives the company.com zone from DNS01 as a zone transfer, so all the CNAME, SRV and A records exist on MgmtDNS01, throught he zone transfer.
So, the error message I am receiving during dcpromo is technically correct, the new RODC does not have dynamic update priviledges on DNS01. I was wondering if anybody could confirm that this is a setup that will actually work.