Solved

Reversing a New Delegation "continued"

Posted on 2006-07-13
7
1,113 Views
Last Modified: 2012-05-05
This is a Repost and continuation of a previous posting.  There appears to be some hardware/software issues that prohibits and trashes some of my postings.  Customer Service is aware of the problems.  The points remain at 500 and please post only to this posting now--

I made a mistake and chose to delegate our domain.local to a child domain "child.domain.local" using the new delegation.  The child dc isn't fully configured so I have a few replication issues. Otherwise things appear to be working fine.
The only thing I am concerned about is under our domain.local the _msdcs folder is grayed out. It has one NS record pointing to the server it is on.  The child domain folder appears to have the information.  Also the _msdcs.somain.local zone looks fine.
What does the grayed out icon mean?  Is there a way to revese or change back the delegation?
--Thanks
SM
 
 Send to a Friend     Printer Friendly  
   
 Comment from Pber
Date: 07/13/2006 05:12AM PDT
 Comment  


Delegations are normally grayed out.  It will only contain the NS records you've added of the delegated domain.  So this is normal behavior.  To reverse a delegation, you just delete it and re-create if needed.
 
Comment from smantz
Date: 07/13/2006 06:13AM PDT
 Your Comment  


Thanks for the help but I neeed clarification before I start deleting items.
1. Which folders do I delete?  I assume the grayed out delegation folder (_msdcs) but what do I do with the child domain folder which appears to have all info in it(where I delegated to)?  Do I delete it and add it back?
2. What are the steps to recreate the _msdcs folder and info in it?
3.  I have two root DC's with AD and DNS.  Do I need to do it to both for proper transfer?
4.  What about the child DC with AD?  How can I start over with it and have a clean slate? Demote/uninstall?
5.  Are there any clear and concise resources explaining setting up chil domains including what dns records are needed on it and how to create them?
--Thanks for the help
Steve
 
Comment from Pber
Date: 07/13/2006 07:26AM PDT
 Comment  


Well, this is a sticky situation because you delegated the root to the child.  I hope I getting that right.

You will probably want to do this off hours because you might have some issues if you delete the delegation.  

- I would write down/export  the _msdcs records so I have a backup.  The root DC's should have a file called netlogon.dns in %windir%\system32\config.  This file should contain the DNS SRV records.  It might help to have this if you need to re-create.
- I make sure my root DNS servers are pointing to themselves for DNS.  
- I would remove the delegation wait a about 2 minutes for replication.
- I would do a ipconfig /registerdns on each root DC.
- I would also stop/start netlogon on each root DC.
- Then I would check to see if it re-created the _msdcs folders.

You will need DNS to have the proper SRV records for each DC for proper replication.  You should make your AD DNS zone active Directory integrated (configured in General TAB of the zone properties).

You can try and do a IPconfig /registerDNS on the child DNS servers and see if they register properly.  If your child domain isn't in use it might be best to start from scratch.

Have you seen this article from M$: http://support.microsoft.com/kb/255248/
 
 
New from Steve in response to Pber

I think you are getting it right.  By the way, that article was the one I was using and if you notice, in the section:
Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server--- You delegate the root zone to a Dns server in the child zone.  Unfortunately my steps in the later part were slightly out of sync and this probably why things are not set up properely.  I thought it was the other way around and I was going to delegate the child to the root/parent.  The child server (dns/ad) isn't even running at this time.
The only grayed out item under the forward lookup zones is the domain.local _msdcs folder(zone?).  All other information under "domain.local" is there.  The _msdcs.domain.local above the zone "domain.local" is all in tack.  I'll assume this holds all the information for the forest and why everything is still working other than some replication errors.
What constitutes removing the delegation?  Is it deleting the grayed out icon as there is no "remove delegation" item?
Do I do it on both?  Do I delete the child zone with all the info in it?
Doesthis  affect the _msdcs.domain.local zone above the domain.local zone?
Thanks for the patience,
-Steve

0
Comment
Question by:smantz
  • 5
7 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17101460
Removing the delegation is right clicking the grayed out section and deleting.  If your DNS is AD integrated, it should only need to be done on one server.  This should only effect the _msdcs.domain.local zone.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17101516
0
 
LVL 26

Expert Comment

by:Pber
ID: 17103379
Did your test work?
(:
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:smantz
ID: 17107700
Well hello every one, Hope this posts.  The staff at E-E and I are trying to resolve an issue that affects only a few individuals.
Thus far I have:
1.  Deleted the child domain
2.  Deleted the delegation pointer (grayed out icon)
3.  Ipconfig /registerdns  on both DC's/dns servers
4.  Netlogon  Stop/Start both Dc's

As of last night before leaving work, the _msdcs folder under domain.local hadn't rebuilt itself.

Do I need to delete the whole domain.local zone for everything to rebuild?
--Steve
0
 
LVL 26

Expert Comment

by:Pber
ID: 17141014
Check out this:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd10.mspx

Also is your DHCP client running on the Domain controller?  Although you statically assign the IP address, the DHCP client is still needed as that is the service that registers your DNS entries.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17153655
Did you get it going?
0
 

Expert Comment

by:broberc6
ID: 27171925
Has anyone tried this solution of deleting the delegation of the child domain? If so, what are the potential side since the subdomain has already been delegated.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now