Re: Problem with AD and AD Integrated DNS
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Sun, 4 Jun 2006 15:27:29 -0500
Registry 316 wrote:
Got a problem with active directory and DNS.
When I got this job I was told that they had just been hit with a
virus. All 200 machines were affected all except the servers.. the
last system admin did only windows update to the servers and not the
clients.
With that said I had to re-image the machines to fix this issue. All
machines had a blue screen of death so I could not demote the
machines and then re-image them.
After re-imaging them the head it guy wanted us to rename the
computers in a strategic way and in a way we can understand what each
pc stands for.
What the head it guy try to was to delete the old computer's name
from DNS in the forward and reverse lookup zone.
All of the computers are split up at different offices. What is
strange is that at a particular site I can resolve the computer's ip
to a computer name which is the correct one but if I do this same
tracert of that ip on a server at another site I get a different
computer name and I think it may have been the old computer name that
it is resolving to.
What I was told before working at this place was that each DNS server
at each site was primary, secondary and AD integrated. It was all
mixed up. The previous admin guy converted them to be the same just
before he fled from this job.
I know I can go to ad computers and users and go to system and there
is a DNS folder there where I can delete forward DNS entries as well
as reverse. I don't think is a global way of fixing this. Can someone
explain if this is AD problem or just DNS or something else. I
believe we have one secondary DNS server still in existence could
this be the cause?
All the DNS servers are AD integrated we have windows 2k servers all
sp4 and all are up to date with windows updates.
If all DCs are in the same domain, if a zone is AD integrated on one DC, the
zone will replicate to all DCs as an AD integrated zone. The point of this
statement is, you cannot mix AD integrated with Standard Primary or
Secondary for the same zone on another DC.
You should not have to mess with the zone objects in ADU&C, use the DNS
management console for deleting records. If you delete a zone or remove it
from AD on one DC, it will go away on all other DCs.
If you suspect the zone data is corrupted, you can do an AD integrated zone
reinstall to clear the corruption from AD. Follow this KB step by step after
pointing all DCs to the one DC you're going to do the reinstall from. It is
usually not needed to reinstall the DNS service, uninstalling the DNS
service does not remove zones from AD, just reinstalling the zone usually
clears DNS problems.
294328 - How to Reinstall a Dynamic DNS Active Directory- Integrated Zone
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294328&sd=RMVP
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- Prev by Date: Re: AD Integrated DNS and event logs
- Next by Date: Re: PTR Regististration issue for Non-Windows Devices in W2K3 DNS
- Previous by thread: Re: AD Integrated DNS and event logs
- Next by thread: Re: Alias
- Index(es):
Relevant Pages
|
