Re: MicrosoftDNS does not appear when using ADSI Edit

Thanks Brandon.

I am on a DC with DNS installed when attempting this.



"Brandon Shell" wrote:

I believe only DC's that have DNS on them replicate that app partition.

"mikee4342" <mikee4342@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:44BD3149-19CF-43CD-988A-37104D0D84E1@xxxxxxxxxxxxxxxx
Recently we decided to start monitoring DNS record changes on our Windows
2003 servers due to manually entered records mysteriously disappearing.
In
order to do this, we decided to set change our security policy and use
ADSI
Edit as shown below:

1. Enable Directory Service Access auditing in your default Domain Policy:



a) Edit the Domain Security Policy

b) Navigate to Local Policies -> Audit Policy

c) Define 'Audit directory service access' for success and failure

d) Refresh the policy on all Domain Controllers



2. Enable auditing on the DNS zone:



a) Open ADSIEdit (Start, Run, adsiedit.msc)

b) Right-click ADSI Edit, and connect to the
DC=DomainDnsZones,DC=<domain>,DC=<top level domain> container

c) Expand MicrosoftDNS, and navigate to the location of the DNS zone

d) Right-click the zone and choose Properties

e) On the Security tab, click the Advanced button

f) Select the Auditing tab, and click Add

g) Under User or Group, type in Everyone

h) On the Object tab, select Success and Failure for access types Write
All
Properties, Read All Properties, Delete, and Delete Subtree



3. When a record is changed from DNS, Event ID such as 566 will be logged
in
the Security Event Log on the related DC.

Everything was going well except when I got to instruction 2c, there was
no
MicrosoftDNS container to Expand. All that shows are the CN=LostAndFound
and
CN=NTDS Quota folders.

Can someone give me an indication as to what could be wrong?

Thank you!


.