ForestDnsZones in a child domain


I'm having a problem with one of my MS DNS servers and searching so far had not produced any useful results. Also, I should mention that I'm actually a network engineer, but am stuck with this Active Directory problem so any advice might need to be dumbed down to a non MCP level

I have a forest with two child domains, so total of 3 zones.
Let's say those are:

where is the forest zone (it was the only domain back in the day so everything grew out of that one).

I also have 4 sites:

site1 and site2 each have two domain controllers for
site3 has two domain controllers for domain2.local
site4 has one domain controller for domain3.local

I'm doing a virtualization project in my site3, so I virtualized my pdc domain controller yesterday. Now I should mention that I have virtualized the secondary one a while ago and had no problems. I was told by our VMware consultant that virtualizing DCs is not usually a successful task and for that reason I should demote the DC before proceeding. I did that with dc2.domain2.local (which worked great) long time ago. Yesterday was the day for dc1.domain2.local which was the pdc.

I demoted it, P2V'd it and promoted it again. Since than, I get
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4007
Date:            5/21/2009
Time:            9:36:15 AM
User:            N/A
Computer:      DC1
The DNS server was unable to open zone _msdcs.domain2.local in the Active Directory from the application directory partition ForestDnsZones.domain2.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

For more information, see Help and Support Center at
0000: 0d 00 00 00               ....    

I thought there shouldn't be ForestDnsZones in domain2.local since it's a child domain to begin with. I do have ForestDnsZones in my

I get that message every time I restart the DNS server. I also, can't see any obvious issues resulting from that other than this message itself.

All three zones are AD stored and replicate to all DNS in the forest.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Was the first DC you virtualized set up as a global catalog server or as a DNS server when you repromoted it?
uncle_hoAuthor Commented:
yes, both DCs are global catalogs. In fact all DCs I have are global catalogs.
Did you see this thread?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

uncle_hoAuthor Commented:
I think you might have forgotten the link
Chris DentPowerShell DeveloperCommented:

You might try running:

dnscmd /EnumDirectoryPartitions

Just to see if it lists ForestDNSZones from the root in addition to this one.

You should also be able to see the partitions in NTDSUtil with:

domain management
connect to server <ADomainController>
select operation target
list naming contexts

Just checking to see if you were paying attention.  :)
uncle_hoAuthor Commented:
Z:\>dnscmd /EnumDirectoryPartitions
Enumerated directory partition list:

        Directory partition count = 4

 DomainDnsZones.domain2.local                 Enlisted Auto Domain                    Not-Enlisted
 DomainDnsZones.domain3.local                 Not-Enlisted                    Enlisted Auto Forest

Command completed successfully.

Found 9 Naming Context(s)
0 - CN=Configuration,DC=domain1,DC=com
1 - CN=Schema,CN=Configuration,DC=domain1,DC=com
2 - DC=domain1,DC=com
3 - DC=domain2,DC=local
4 - DC=domain3,DC=local
5 - DC=DomainDnsZones,DC=domain1,DC=com
6 - DC=DomainDnsZones,DC=domain3,DC=local
7 - DC=ForestDnsZones,DC=domain1,DC=com
8 - DC=DomainDnsZones,DC=domain2,DC=local
uncle_hoAuthor Commented:
zelron22, seems like there is no real solution in that thread or at least I can't see one. The second link, that I suspect might have helped is dead.
This link suggests that you can ignore this if it only happens on boot.  At the end, there's a description of what was done to correct it anyway.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
uncle_hoAuthor Commented:
Reinstalling DNS did the job. I guess, ForestDnsZones is not needed in child domains after all.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.