Re: AD integrated/secondary zone entry discrepancies in W2k forest

W2K and W2K3 are slightly different, but the principle is the same. If your
root zone is being loaded, it must be being stored in AD. You can delete it
from AD in the System, Microsoft DNS OU.
You can then add it as secondary wherever you need it. You can choose to
store the zone in AD, if you prefer.
The reason for an incomplete zone must be that some clients (incl servers)
do not have the right DNS specified in their TCP/IP properties and therefore
do not register. This would add up if some of the zones are secondaries, as
they are not writable. I suppose it could also be an old faulty zone that is
still sitting in AD, which would be solved by deleting the copy in AD,
Anthony


"Richard Adams" <RichardAdams@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66E10EBB-F3B6-48E6-B23D-055F16D2F056@xxxxxxxxxxxxxxxx
I have a W2k forest with a root domain, biggroup.com and two child domains,
aaa.biggroup.com and bbb.biggroup.com. The DNS zone for biggroup.com is AD
integrated. The DNS servers in the aaa.biggroup.com hold secondary copies
of
the biggroup.com domain - these work fine. My problem lies with the DNS in
bbb.biggroup.com. Here there are several DNS servers, with some holding
secondary copies of bigroup.com and others showing ad-integrated versions
of
the zone. (I was not involved in the original setup). I realise that this
is
not correct, and naturally when the DNS service is restarted AD converts
the
secondary zone on that server to AD integrated. When this happens, only a
subset of the records in biggroup.com appear and replication problems
immediately start as server in the bbb.biggroup domain cannot find the
necessary records for its partner servers. The only workaround is to
convert
the zone back to secondary on the affected server.
Questions:
1) Why are only the subset of records found when the zone is running
ad-integrated?
2) Presumably the ad-integration/secondary zone conversion is something
controlled and applied at AD domain level? As I mentioned earlier, in my
aaa.biggroup.com domain, all the DNS servers happily run secondaries of
biggroup.com.
3) Presumably if I can resolve the missing record problem I should be
running the biggroup.com zone AD-integrated on all my DNS servers?

Thanks

--
Richard Adams
MCSE, CNE, etc


.

Relevant Pages

  • Re: ad and dns setup
    ... "Jorge Silva" wrote: ... domain It gave me 2 errors, no dns servers have dns records for this dc ... error no logon servers.. ... Make sure that the _msdcs zone exists and the scope is set ...
    (microsoft.public.windows.server.active_directory)
  • Re: Global catalog server died before completing replication to new GC server
    ... What about the DNS zones,are all machines listed there? ... Install DNS role and create a forward lookup zone for your complete ... Then make sure all servers are listed in the zones, ... cause Group Policy problems. ...
    (microsoft.public.windows.server.active_directory)
  • Re: http://support.microsoft.com/?id=255248 => GC
    ... we all speak this way) find names in the PARENT zone? ... now i have a DNS problem: ... but important Secondaries sufficient ... by definition in some domain) but rather are a FOREST ...
    (microsoft.public.win2000.dns)
  • Re: http://support.microsoft.com/?id=255248 => GC
    ... GC was activated on the site in the childdomain. ... the child.xxx.com was a secondary dns zone. ... but important Secondaries sufficient ...
    (microsoft.public.win2000.dns)
  • Re: ad and dns setup
    ... MCSE, MVP Directory Services ... _msdcs, forward zone, reverse lookup zone. ... To fully rebuild DNS: ... changes immediately to all servers, this helps to speedup the process. ...
    (microsoft.public.windows.server.active_directory)
Loading