Re: MicrosoftDNS does not appear when using ADSI Edit

I believe only DC's that have DNS on them replicate that app partition.

"mikee4342" <mikee4342@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:44BD3149-19CF-43CD-988A-37104D0D84E1@xxxxxxxxxxxxxxxx
Recently we decided to start monitoring DNS record changes on our Windows
2003 servers due to manually entered records mysteriously disappearing. In
order to do this, we decided to set change our security policy and use ADSI
Edit as shown below:

1. Enable Directory Service Access auditing in your default Domain Policy:



a) Edit the Domain Security Policy

b) Navigate to Local Policies -> Audit Policy

c) Define 'Audit directory service access' for success and failure

d) Refresh the policy on all Domain Controllers



2. Enable auditing on the DNS zone:



a) Open ADSIEdit (Start, Run, adsiedit.msc)

b) Right-click ADSI Edit, and connect to the
DC=DomainDnsZones,DC=<domain>,DC=<top level domain> container

c) Expand MicrosoftDNS, and navigate to the location of the DNS zone

d) Right-click the zone and choose Properties

e) On the Security tab, click the Advanced button

f) Select the Auditing tab, and click Add

g) Under User or Group, type in Everyone

h) On the Object tab, select Success and Failure for access types Write All
Properties, Read All Properties, Delete, and Delete Subtree



3. When a record is changed from DNS, Event ID such as 566 will be logged in
the Security Event Log on the related DC.

Everything was going well except when I got to instruction 2c, there was no
MicrosoftDNS container to Expand. All that shows are the CN=LostAndFound and
CN=NTDS Quota folders.

Can someone give me an indication as to what could be wrong?

Thank you!

.