Re: AD/DNS Setup Issues/Questions

Basic AD DNS is:
AD must have a DNS server for the AD domain

Install DNS on a DC and point that DC to itself for DNS in the properties of
TCP/IP. This will allow the DC to register it's SRV records in the DNS zone
it houses.
Point all AD clients ONLY to the DNS server set up for the AD domain. This
will allow clients to FIND the records the DC has registered in the DNS
zone.
For Internet access either set up forwarders on the AD DNS server and list
your ISP's DNS server(s) as the forwarders or use root hints.

"An Active Directory domain controller for the domain "" could not be
contacted... DNS name doesn't exist [error code 0x0000232b
RCODE_NAME_ERROR]"


The problem is the server you are trying to add to the domain can't find the
SRV records it must find to even "find" the domain. Either you are pointing
this server to a DNS server that does not contain the SRV records for your
domain (must users make the mistake of pointing it to their ISP) OR you have
it pointed to the correct server for DNS but the DC has not registered it's
SRV record on that DNS server for some reason.

hth
DDS

"Robert Lindholm" <RobertLindholm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:07B9BBC9-C6F9-4136-9898-8575701F3770@xxxxxxxxxxxxxxxx
Hello:

I'm attempting to setup an Active Directory [AD] test lab using two
Windows
2003 servers [Standard Edition], that will become the domain controllers
[DC]
and AD-integrated DNS servers for the domain.

For test purposes, the AD environment is going to be a relatively simple
single domain in a new forest with no existing primary DNS server.

I've configured the first server to be a DC and the primary DNS server for
the domain, but am running into a problem:

1) When I attempt to promote the second DC and join the domain, it cannot
locate the first DC and gives me the following error message:

"An Active Directory domain controller for the domain "" could not be
contacted... DNS name doesn't exist [error code 0x0000232b
RCODE_NAME_ERROR]"

When I look at the help screen for this error, it indicates that two RRs
are
missing:
- _ldap._tcp.dc._msdcs.DNSDomainName
- A record for entry above

This entries are indeed missing in the primary DNS servers DNS records.

While I could simply add these RRs, it appears that there may be other
missing RRs, as the only records that are currently in DNS are the
following:

- Forward Lookup Zones
- _msdcs.adtest.seas.rochester.edu
- (same as parent folder) Start of Authority (SOA) [3],
alpha.adtest.seas.rochester.edu., hostmaster.adtest.seas.rochester.edu.
- (same as parent folder) Name Server (NS)
alpha.adtest.seas.rochester.edu.
- adtest.seas.rochester.edu
- (same as parent folder) Start of Authority (SOA) [2],
alpha.adtest.seas.rochester.edu., hostmaster.adtest.seas.rochester.edu.
- (same as parent folder) Name Server (NS)
alpha.adtest.seas.rochester.edu.
- alpha Host (A) 192.168.1.100
- Reverse Lookup Zones
- No reverse lookup zones

This is my first attempt at AD, so I'm exactly not sure what to expect,
but
unless I installed the DC/DNS incorrectly, I would have thought that DNS
would be populated with the necessary RRs to run AD.

I took a look in netlogon.dns and there are a variety of RRs there,
including the ones outlined in the error message above, that I would have
expected to be in DNS.

If populating DNS is a manual process based on the requirements of each AD
environment, I can certainly follow the standard process for populating
DNS,
but I would like to proceed with an intelligent understanding of what
needs
to be present to run AD and how to achieve that end result in an efficent
manner rather then adding RRs adhoc.

Essentially, I'm looking to verify that what I currently have in DNS
should
be in DNS, determine what still needs to be added to DNS for it to work
and
what is the best way to make that happen.

I have been looking at several DNS tools [e.g. NSLookup, DNSLint, DCDIAG
/DNS], as well as a voluminous amount of Windows DNS reference material to
try and figure this out on my own, but based on my unfamiliarity with this
subject would appreciate any recommendations on where to start and how to
go
about resolving this situation.

Thanks,

Bob
--
Robert Lindholm
University of Rochester


.

Relevant Pages

  • Re: What am I doing wrong? (Want to use Server 2003 R2 for Domain Cont
    ... If you can't restart the server run net stop netlogon followed by net start netlogon and check for the SRV records. ... How To Reregister SRV records of a Domain Controller In DNS Zone ... lab-server.university.edu has the two DNS server IP addresses that I know set up in the DNS server as forwarders. ... The DNS server was installed as part of the dcpromo process. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... AD-Integrated DNS does not do zone transfers between the ... your DNS server will bypass ...
    (microsoft.public.windows.server.active_directory)
  • Re: Servers hang on boot
    ... The last DC at that site (not a DNS server). ... EventID: 0x00000457 ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.networking)
  • Re: DNS Redesign Issue
    ... set the new child domain DNS server as primary for the domain controllers? ... -If you are going to create a new AD Integrated Zone in each child domain, ...
    (microsoft.public.windows.server.dns)
  • Re: AD/DNS Setup Issues/Questions
    ... Prior to configuring the first DC / DNS server and installing AD there were ... the RRs didn't seem to be properly populated into ... SRV records it must find to even "find" the domain. ...
    (microsoft.public.windows.server.dns)