Ok, so this is a fun one. I am working with a customer who recently had an independent audit done, and has a whole list of things they need to confirm as resolved within their Windows network. Of the some 40 things on the list, only 1 has me completely puzzled. After quite a bit of Google time I am stumped so here I am!
This domain contains 2 domain controllers, 1 SBS 2008 and 1 Windows Server 2008, both functioning as global catalog servers. SBS 2008 holds all the FSMO roles. The reason for the 2 domain controllers is because of 2 physical locations (point to point circuit between them). Both servers are functioning DNS servers and network properties on physical interfaces on the 2 servers have 127.0.0.1 as the primary and the secondary as the IP of the other DC.
What I am running into is that within DNS under the forest name, within the _msdcs zone there are no NS records. Now as I understand without these records there is all kinds of bad juju that could happen. Under normal circumstances I would add a new other record, however there is not the option to add a new NS record here. In fact I cannot even right click properties either to modify the NS records for this zone like i would on a normal zone. Now there are 2 CNAME records within this zone (one for each DC) which is why I’m assuming AD is still functioning, but the auditor is specifically complaining about the missing NS records.
Any ideas on how i can get these records added so they will leave me alone?