Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Deleted Active Directory integrated DNS comes back after restart

Posted on 2008-11-18
20
Medium Priority
?
1,032 Views
Last Modified: 2012-05-05
Hello,

I have 3 AD integrated DNS zone which I deleted. Every time I restart one of my domain controllers, these zones come back again and again. How can get rid of this? I am running Windows 2003 SP1

Thank you
S.
0
Comment
Question by:slimard
  • 10
  • 10
20 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23067875

It depends a little on where they're sitting, but you should be able to drop in and delete them from AD entirely.

Can you tell me the current replication scope setting (in the properties for the zone)?

Chris
0
 

Author Comment

by:slimard
ID: 23067894
Thanks. The replication scope is "All DNS servers in the Active directory domain cpy.org"
0
 

Author Comment

by:slimard
ID: 23067897
by the way all my DCs are DNS
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 71

Expert Comment

by:Chris Dent
ID: 23067924

Excellent, in that case we have a helpful little KB Article from Microsoft to refer to:

http://support.microsoft.com/?kbid=305967

If you do not need the zones any more you only need to follow the article as far as Step 7 (inclusive).

The commands to flush DNS, re-register and the restart of NetLogon are only required if the zone is your main AD zone (for your AD domain).

HTH

Chris
0
 

Author Comment

by:slimard
ID: 23067988
The issue is that they do not appear in Active Directory Users and Computers under System\MicrosoftDNS.

Please note that in DNS console the zone has a red cross.
0
 

Author Comment

by:slimard
ID: 23068000
When I tried to change the zone to Primary Zone, I got a message like "the data on the primary zone failed to set. the operation cannot be performed because this zone is shutdown"
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23068005

Interesting, but it's still listing the zone with that scope in the DNS console?

Perhaps search the registry for the zone name? Some zones will load because of configuration in the registry. Does this occur on all DCs?

Chris
0
 

Author Comment

by:slimard
ID: 23068017
This occurs on all DCs except the some new DC that were installed recently. The deletion of these zones was before the install if these new DCs

I will have a look at the rigistry right now
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23068029

Great, it's worth a try.

Otherwise, we could try creating the zone on a new DC with the replication scope set to all DCs in the AD Domain, that should load it into the area in AD Users and Computers. Just to see if we can force it to overwrite any existing configuration after replication.

Chris
0
 

Author Comment

by:slimard
ID: 23068046
you were right, I found them in the registry and I deleted them. Then I restarted DNS server service and they reappred again in the registry
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23068054

Same if you stop the DNS service first, then delete, then start?

Chris
0
 

Author Comment

by:slimard
ID: 23068091
Just did. Stop DNS --> remove registry --> start DNS and the zones came back again in registry.

I am struggling with this since months without success. I have read somewhere that I might do authorative restore for the DNS part but to be honnest I was a bit afraid
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 1000 total points
ID: 23068115

Hmm, no, it's likely to appear again and goes back to suggesting configuration in AD.

Just to verify, it's reappearing with "DsIntegrated: 1" in the registry?

There aren't many references to the zone itself in AD. We could potentially check the other two areas for the zone, wouldn't hurt to look.

1. Open ADSIEdit.msc (Start / Run)
2. Select "ADSI Edit"
3. Right click and select "Connect to..."
4. Enter the name ForestDNSZones
5. Select "Select or type a Distinguished Name or Naming Context"
6. Enter DC=ForestDNSZones,DC=yourdomain,DC=com. This assumes your forest root / domain is called yourdomain.com
7. Press OK
8. Expand ForestDNSZones
9. Expand MicrosoftDNS

The same can be done for DomainDNSZones.

Chris
0
 

Author Comment

by:slimard
ID: 23068193
Yes with "DsIntegrated: 1"

I found something strange. I have these
CN=MicrosoftDNS
CN=MicrosoftDNSCNF:ae30ac08-0366-4a04-bfc1-7a4292401ef5

In the second one I have all the deleted zones we are talking about
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23068223

The CNF version is a Conflict Object, created, as the name suggests, when two versions of the same object exist.

You should be able to delete that, but the same precautions with taking backups should be applied.

I would advise you run DCDiag and verify that AD itself is replicating happily in your environment if you haven't already.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23068241

Hmmm actually, I'd hold off on Deleting it for now unless you're very comfortable with it.

I'd also move any zone you currently require to the "All DNS Servers in the AD Domain" replication scope, that shifts them out of the current scope which might be a good idea.

Chris
0
 

Author Comment

by:slimard
ID: 23068267
Many thanks Chris. I delete it because it contained only older deleted zone. I have checked the replication and everything is fine. So I am going to wait 15 min and check on all other DCs the DNS console but I am pretty sure you pointed well the issue.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23068387

Fingers crossed then :)

Chris
0
 

Author Comment

by:slimard
ID: 23068910
worked great. the replication has gone on all the DCs and the deleted zone were removed from DNS servers after restarting the DNS service. So many thanks again
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 23069149

Great news :) Glad it worked.

Chris
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question