Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Reversing a New Delegation "continued"

Posted on 2006-07-13
7
Medium Priority
?
1,149 Views
Last Modified: 2012-05-05
This is a Repost and continuation of a previous posting.  There appears to be some hardware/software issues that prohibits and trashes some of my postings.  Customer Service is aware of the problems.  The points remain at 500 and please post only to this posting now--

I made a mistake and chose to delegate our domain.local to a child domain "child.domain.local" using the new delegation.  The child dc isn't fully configured so I have a few replication issues. Otherwise things appear to be working fine.
The only thing I am concerned about is under our domain.local the _msdcs folder is grayed out. It has one NS record pointing to the server it is on.  The child domain folder appears to have the information.  Also the _msdcs.somain.local zone looks fine.
What does the grayed out icon mean?  Is there a way to revese or change back the delegation?
--Thanks
SM
 
 Send to a Friend     Printer Friendly  
   
 Comment from Pber
Date: 07/13/2006 05:12AM PDT
 Comment  


Delegations are normally grayed out.  It will only contain the NS records you've added of the delegated domain.  So this is normal behavior.  To reverse a delegation, you just delete it and re-create if needed.
 
Comment from smantz
Date: 07/13/2006 06:13AM PDT
 Your Comment  


Thanks for the help but I neeed clarification before I start deleting items.
1. Which folders do I delete?  I assume the grayed out delegation folder (_msdcs) but what do I do with the child domain folder which appears to have all info in it(where I delegated to)?  Do I delete it and add it back?
2. What are the steps to recreate the _msdcs folder and info in it?
3.  I have two root DC's with AD and DNS.  Do I need to do it to both for proper transfer?
4.  What about the child DC with AD?  How can I start over with it and have a clean slate? Demote/uninstall?
5.  Are there any clear and concise resources explaining setting up chil domains including what dns records are needed on it and how to create them?
--Thanks for the help
Steve
 
Comment from Pber
Date: 07/13/2006 07:26AM PDT
 Comment  


Well, this is a sticky situation because you delegated the root to the child.  I hope I getting that right.

You will probably want to do this off hours because you might have some issues if you delete the delegation.  

- I would write down/export  the _msdcs records so I have a backup.  The root DC's should have a file called netlogon.dns in %windir%\system32\config.  This file should contain the DNS SRV records.  It might help to have this if you need to re-create.
- I make sure my root DNS servers are pointing to themselves for DNS.  
- I would remove the delegation wait a about 2 minutes for replication.
- I would do a ipconfig /registerdns on each root DC.
- I would also stop/start netlogon on each root DC.
- Then I would check to see if it re-created the _msdcs folders.

You will need DNS to have the proper SRV records for each DC for proper replication.  You should make your AD DNS zone active Directory integrated (configured in General TAB of the zone properties).

You can try and do a IPconfig /registerDNS on the child DNS servers and see if they register properly.  If your child domain isn't in use it might be best to start from scratch.

Have you seen this article from M$: http://support.microsoft.com/kb/255248/
 
 
New from Steve in response to Pber

I think you are getting it right.  By the way, that article was the one I was using and if you notice, in the section:
Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server--- You delegate the root zone to a Dns server in the child zone.  Unfortunately my steps in the later part were slightly out of sync and this probably why things are not set up properely.  I thought it was the other way around and I was going to delegate the child to the root/parent.  The child server (dns/ad) isn't even running at this time.
The only grayed out item under the forward lookup zones is the domain.local _msdcs folder(zone?).  All other information under "domain.local" is there.  The _msdcs.domain.local above the zone "domain.local" is all in tack.  I'll assume this holds all the information for the forest and why everything is still working other than some replication errors.
What constitutes removing the delegation?  Is it deleting the grayed out icon as there is no "remove delegation" item?
Do I do it on both?  Do I delete the child zone with all the info in it?
Doesthis  affect the _msdcs.domain.local zone above the domain.local zone?
Thanks for the patience,
-Steve

0
Comment
Question by:smantz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 17101460
Removing the delegation is right clicking the grayed out section and deleting.  If your DNS is AD integrated, it should only need to be done on one server.  This should only effect the _msdcs.domain.local zone.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17101516
0
 
LVL 26

Expert Comment

by:Pber
ID: 17103379
Did your test work?
(:
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:smantz
ID: 17107700
Well hello every one, Hope this posts.  The staff at E-E and I are trying to resolve an issue that affects only a few individuals.
Thus far I have:
1.  Deleted the child domain
2.  Deleted the delegation pointer (grayed out icon)
3.  Ipconfig /registerdns  on both DC's/dns servers
4.  Netlogon  Stop/Start both Dc's

As of last night before leaving work, the _msdcs folder under domain.local hadn't rebuilt itself.

Do I need to delete the whole domain.local zone for everything to rebuild?
--Steve
0
 
LVL 26

Expert Comment

by:Pber
ID: 17141014
Check out this:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/maintain/opsguide/part1/adogd10.mspx

Also is your DHCP client running on the Domain controller?  Although you statically assign the IP address, the DHCP client is still needed as that is the service that registers your DNS entries.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17153655
Did you get it going?
0
 

Expert Comment

by:broberc6
ID: 27171925
Has anyone tried this solution of deleting the delegation of the child domain? If so, what are the potential side since the subdomain has already been delegated.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question