DC DNS Requirement?

I started this as a reply on one of your comments, but it started to become long and referenced more of your other comments, so I decided to move this to the top.

First of all, the way your worded your post makes it sound like you lack the basic understanding of how an AD DS infrastructure works. You mention you have primary and backup DC's; these terms disappeared since the release of AD in Server 2000. All DC's are DC's. You're running DNS on at least one of your DC's from what I gather from some of your comments. You then comment that you have forwarding disabled. Why would you do that? When you promote a DC, you need to have the DNS infrastructure already in place, which means you need to have the A and SRV records created ahead of time, or have the install set up DNS for you.

Also, why do you need to run your own domain? Do you have a trust with the university's primary domain, so your users can auth to campus services? I work in IT at a university and 99/100 times, what you really need is an OU in the primary domain, not an entire domain. Can you think of any services you are going to provide via your own domain that the central domain couldn't? As a former student, having to create an account for each college so I could use their labs/resources was the dumbest thing I had ever seen. Think of how the end users (the most important end users: the students) would feel about using this system.

You don't sound like you really know what you are doing, as you seem to not even understand what an SRV record is. I would be embarrassed if I found out that you were a domain admin at my university. Furthermore, I also saw on a different comment that it sounds like you are standing up a new domain to retire out your 2003 boxes. Why are you not simply adding 2012 R2 DC's, demoting out the 03 boxes, and bumping the functional levels?

You sound exactly like some of the "campus admins" at the university I work for. They seem to always think that their IT island is the best, central IT sucks, and don't know what they are doing. Then you end up with people in security groups they shouldn't be in, everyone having local admin, no centralization or automation, and differing standards between the different "islands", furthering the disappointment of the students using these systems, as well as faculty and staff.

/r/sysadmin Thread