Re: DNS and active directory

Simon -

I really appreciate the information.
Let's see if I can explain my "problem".

When I run the ADISEDIT.MSC tool on my root W2K3 domain (which is also a DNS
server), I see both FORESTDNSZONES and DOMAINDNSZONES under the MicrosoftDNS.
In both zones, my other two w2k3 DNS servers are listed so I am guessing
that is where the conflict is because I would guess they should only be
listed in ONE of the two zones.

Now my question is this. How do I know which one to delete? The Replication
on my Root domain dns server is set to replicate to "All DNS servers in the
Active Directory forest". The replication for the particular domain's zone
on one of the other DNS servers is set to replicate to "all DNS servers in
the Active Directory forest". Same is true for my third DNS server. These
SHOULD be set to replicate to the forest so that the updates for each zone
can be replicate to the other DNS servers in the forest? If they aren't,
then the DNS information in these zones will not be in the other zones.

I do not want to cause a DNS loop as Herb was describing.

I sure hope this makes some sense.....

Rachel

"simonwhyley via WinServerKB.com" wrote:

Rachel

DNS data can be replicated in various application directory partitions (in
2k3) These being either forestdnszones or domaindnszones (and the domainNC
partition) which is the only partition 2K can replicate DNS data too

The error you have means the same zone is being replicated in 2 application
direcotry partitions - i think, therefore there is a conflict.

You need to check the replication scope of the zone - from memeory that can
be all domain controllers in the domain (domainNC) all DNS servers in the
domain (domaindnszones) and all dns servers in the forest (forestdnszones).
AFAIK you do need to use ADSIedit (or LDP) to browse the LDAP data base
(active directory) and remove the duplicate

The article yo have found 867464 is the correct KB art to resolve your issue
AFAIK - what specifically are you having a problem with

Apologies if this is not 100% but I am at work and cant check on my LAN.

Regards

Simon





Rachel L Chipman wrote:
It does make sense that you certainly don't want to set them up to forward to
each other thus creating a circle. Currently, I do not have zone transfers
or forwarding setup on the zones.

Here's something I came across when I restarted my DNS Server service on my
DNS servers (currently one in each domain, currently have three domains).
Error 4515 which says the following:
The zone hbrsag.hbr-inc.com was previously loaded from the directory
partition DomainDnsZones.hbrapp.hbr-inc.com but another copy of the zone has
been found in directory partition ForestDnsZones.hbrapp.hbr-inc.com. The DNS
Server will ignore this new copy of the zone. Please resolve this conflict as
soon as possible.

If an administrator has moved this zone from one directory partition to
another this may be a harmless transient condition. In this case, no action
is necessary. The deletion of the original copy of the zone should soon
replicate to this server.

If there are two copies of this zone in two different directory partitions
but this is not a transient caused by a zone move operation then one of these
copies should be deleted as soon as possible to resolve this conflict.

To change the replication scope of an application directory partition
containing DNS zones and for more details on storing DNS zones in the
application directory partitions, please see Help and Support.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I found article 867464 and ran the adsiedit.msc utility but am not certain
how to fix this. I am a little leary of deleting a zone but by the sounds of
the article, that's what needs to happen to resolve the conflict. How do I
know for certain what to delete? I realize this is probably an "HUGE"
open-ended question. I appreciate any direction you can give. Thanks.

Hi

[quoted text clipped - 28 lines]
Simon
MCDST MCP A+

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-dns/200604/1

.

Relevant Pages

  • Re: 2003 AD DNS Issue
    ... Even if you choose forest wide it will only replicate to the Win2k3 ... but I'm not sure how many Win2k DNS servers you ... And by changing these settings at any time can ... > it was suppose to be set as a secondary zone so I changed ...
    (microsoft.public.windows.server.dns)
  • Re: DNS in different domains, different tree
    ... All DNS servers for a zone are authoritative for that zone ... > an AD integrated zone it would aoutmatically replicate to ... change each of the secondaries to AD-integrated and ensure that ...
    (microsoft.public.windows.server.dns)
  • Re: DNS and active directory
    ... DNS data can be replicated in various application directory partitions (in ... partition) which is the only partition 2K can replicate DNS data too ... The error you have means the same zone is being replicated in 2 application ...
    (microsoft.public.windows.server.dns)
  • Re: DNS in different domains, different tree
    ... > All DNS servers for a zone are authoritative for that zone ... >> an AD integrated zone it would aoutmatically replicate to ... > (All DNS servers in Forest) but FIRST you must get AD ...
    (microsoft.public.windows.server.dns)
  • Re: 2 DNS servers and SBS zone issue
    ... if the zones on both DNS servers are configured as Active Directory ... Have you determined that the Windows 2000 DC and the SBS ... My problem is that the AD zone from the SBS will not replicate to the ...
    (microsoft.public.windows.server.dns)