Normally, use the GMC to manage the Microsoft Management members.

When you delete a MS server in NIOS, all zones synced from that MS server are removed from the Grid.

Never use GM to do MS AD ID Sync.

When connecting to MS servers, you should enable SSL. Import the root CA certificate and make sure you use the FQDN to connect (not the IP) as only the FQDN will match against the certificate.

You will also need to ensure that the service account being used is a member of the DNSAdmins Group and the DHCPAdmins group in Active Directory.

The service account may also need to have higher privileges on the local system of the MS server it is connecting to.

Official list here.

• Microsoft Server 2003 Standard and Datacenter SP2
• Microsoft Server 2003 R2 Standard and Datacenter
• Microsoft Server 2008 Standard and Datacenter SP2
• Microsoft Server 2008 R2 Standard and Datacenter
• Microsoft Server 2012 Standard and Datacenter
• Microsoft Server 2012 R2 Standard and Datacenter
• Microsoft Server 2016 Standard and Datacenter
• Microsoft Server 2019 Standard and Datacenter

• _msdcs.company.com
• _sites.company.com
• _tcp.company.com
• _udp.company.com

The Infoblox Management Member must be able to talk to the DHCP hot spare server in addition to the main DHCP server in order to be able to deactivate scopes and re-active scopes.

Remember, you do not really want the Grid Master doing the managment. If you only have two appliances, get the Grid Master Candidate to manage the Microsoft servers but, ideally, you wan't dedicated management appliances.

The remote procedure calls made by Infoblox are destined for TCP ports # 135 and 445 and therefore you would want to ensure that these ports are open on any firewalls in between AND on the windows firewall itself (should be open by default).

Older versions of NIOS used SMBv1 for MS server access and if SMBv1 is specifically disabled on your Windows servers due to security concerns, this feature will not work. NIOS version 8.2.0 and newer, supports the following versions of SMB (Server Message Block) protocol for Microsoft Windows servers: SMB version 1 (SMBv1), SMB version 2.x (SMBv2.x), and SMB version 3.x (SMBv3.x).

Based on the number of DNS zones, DHCP scopes, their data, other features being utilized such as Identity mapping/AD sites and subnets, number of MS servers being synced and any protocols already being served authoritatively by your Infoblox boxes, you would also want to do some capacity planning and calculation by contacting your Infoblox account team.