Link to home
Start Free TrialLog in
Avatar of TokyoBrit
TokyoBritFlag for Japan

asked on

AD DNS Zone Information Seems Wrong

I've been having problems with AD/DNS recently, where the secondary DC at the data center fails due to DNS problems.

Looking in DNS on the primary DC at the office, I can see that the _msdcs zone is being replicated to "All domain controllers in user-defined scope". Trying to change replication to "All DNS servers in the active directory domain" results in this error -

The replication scope could not be set. The specified directory partition does not exist.

To check this, I ran dnscmd /enumdirectorypartitions on the primary DC, which gives this result -

Enumerated directory partition list:

        Directory partition count = 2

 DomainDnsZones.corporate.cvi.co.jp        Enlisted
 ForestDnsZones.corporate.cvi.co.jp        Enlisted

Command completed successfully.

However, I believe those partitions should also be "Auto" and "Domain/Forest".

So I'd like to add a third domain controller to the office, move all the FSMO roles from the primary DC, and demote the primary back to a member server.

However, looking through the checklists and posts for adding a second (third) domain controller, I've run into some conflicts.

Since my problems seem to stem from DNS, the one that stands out is that everyone suggests (in some cases demands) that DC's only point to themselves for their primary DNS. However, to do that I would have to install DNS before I install AD, which is the opposite of what is recommended on the Microsoft Technet site. In this case, any zone I create has to be secondary and cannot be stored in AD, since it's not installed yet. Since the _msdcs zone is vital to AD, I would have to manually create it before I install AD, so that it can contact the PDC in order to join the 3rd DC to the domain.

And I believe that leaves me with the same mess I have now.

Can anyone point me to a good step-by-step resource, or offer some kindly advice as to how I can untangle this AD/DNS problem without hosing AD (since it's been ADPREP'd a few times for Exchange and other services)?

Thank you.
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial