Re: Forward lookup zone not automatically created for new domain in fo
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Fri, 17 Nov 2006 15:25:38 -0600
"Shawn Conaway" <ShawnConaway@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4A9419E5-6ACA-4910-9AE4-E9553F945581@xxxxxxxxxxxxxxxx
Hi,
I have a forest with three domains that are in separate trees:
company.biz,
sight.company, and shell.company. Company.biz is the forest root.
Shell.company is the new domain. In DNS, all three domains appear in the
forward lookup zones on the domain controllers hosting shell.company.
Domain
controllers for the other two domains only show the two domains.
You need your DNS servers in every domain/tree
to be able to find the others so you can make them Secondaries
(as you have done with shell.company), use Stubs instead if
zones are giant, conditionally forward, or if ALL DC-DNS
servers are Win2003 you can do forest wide AD Integration
and replication.
DNS is Active Directory-Integrated. Replication is set for 'All DNS
servers
in the Active Directory Forest'.
Chances are the problem is due to the DCs in all the
"other" zones/domains to be able to initially find the
one that is working.
Try (TEMPORARILY) changes the DCs in those domains
to use the main DNS servers ONLY in their NIC->IP
properties.
Re-register them with DNS (DCDiag /fix or restart NetLogon service.)
Check replication. Once it replicated the other zones
you can put them back to the most efficient DNS settings.
Zone transfers are allowed to 'only to
servers listed on the Name Servers tab'. Under the Name Servers tab, I
have
update the name servers so that the two new shell.company domain
controllers
appear in all three zones.
Zone transfer settings are NOT relevant to AD integration
replication -- only to ordinary secondaries.
Adding the servers under the Name Servers tab appears to have resolved my
Kerberos issues because now in Sites and Services, the correct domain
appears
for both of my shell.company domain controllers. Previously, the servers
were in the site, but the domain did not show.
Check time -- and especially TIME ZONE settings if
you suspect Kerberos issues.
One common mistake is to set the time on a server based
on an INCORRECT time zone and thus end up being hours
away (in GMT) from the correct time.
Adding the servers to the Names Servers tab also appears to have fixed my
name resolution problem. Pinging the shell.company is now resolvable from
other domain controllers. Pinging one shell.company DC from the other
shell.company DC now returns the FQDN instead of just the name.
Although I can resolve names, I'm not sure how the resolution is occurring
as the servers doing the resolution do not have the shell.company domain
forward lookup zone. I suspect the forest root is resolving names because
of
an A record for a shell.company domain controller in
company.biz\forestdnszones.
Are zone transfers actually occurring? Will manually creating a forward
lookup zone in the company.biz and sight.company domains cause DNS
corruption? Is there a setting I can change so that the shell.company
forward lookup zones automatically propagate into the other zones?
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
----------------
DCDIAG:
C:\>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Site\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Site\DC1
Starting test: Replications
......................... DC1 passed test Replications
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: Services
......................... DC1 passed test Services
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1 passed test frssysvol
Starting test: frsevent
......................... DC1 passed test frsevent
Starting test: kccevent
......................... DC1 passed test kccevent
Starting test: systemlog
......................... DC1 passed test systemlog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : shell
Starting test: CrossRefValidation
......................... shell passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... shell passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running enterprise tests on : company.biz
Starting test: Intersite
......................... company.biz passed test Intersite
Starting test: FsmoCheck
......................... company.biz passed test FsmoCheck
NETDIAG -------------------------------------------------------------------
C:\>netdiag
Computer Name: DC1
DNS Host Name: DC1.shell.company
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 33 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB904942
KB905414
KB908519
KB908531
KB909520
KB910437
KB911280
KB911562
KB911567
KB911927
KB912919
KB914388
KB914389
KB917159
KB917344
KB917422
KB917734
KB917953
KB918439
KB918899
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB922819
KB923191
KB923414
KB924191
KB924496
KB925486
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : DC1.shell.company
IP Address . . . . . . . . :
Subnet Mask. . . . . . . . :
Default Gateway. . . . . . :
Primary WINS Server. . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{92CF28BD-0ECC-4EDC-A934-915B8D99B36E}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server ''
and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server ''
and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver ''. Please wait for 30 minutes for DNS server replication.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{92CF28BD-0ECC-4EDC-A934-915B8D99B36E}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{92CF28BD-0ECC-4EDC-A934-915B8D99B36E}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
.
- Follow-Ups:
- Re: Forward lookup zone not automatically created for new domain i
- From: Shawn Conaway
- Re: Forward lookup zone not automatically created for new domain i
- References:
- Forward lookup zone not automatically created for new domain in fo
- From: Shawn Conaway
- Forward lookup zone not automatically created for new domain in fo
- Prev by Date: Re: Looking for suggestion
- Next by Date: Re: Export and Import Users
- Previous by thread: Forward lookup zone not automatically created for new domain in fo
- Next by thread: Re: Forward lookup zone not automatically created for new domain i
- Index(es):
Relevant Pages
|
