Where is AD-integrated DNS data stored?

RGRodgers
RGRodgers used Ask the Experts™
on
I am using 3 Windows 2003 Advanced Servers in one forest under mydomain.com all with current updates.

I was having some DNS issues where the Event Log was throwing 4515 errors saying it was retrieving duplicate DNS data.  So, I checked into the status of my DNS servers.  I have 3 AD/DNS servers where 2 are local and one is on a remote site VPN.  I upgraded DNS to forest-integrated DNS to resolve the problem.

Now, using ADSIEDIT.MSC, I cannot seem to find the DNS data.  It is not in ForestDNSzones.mydomain.com nor DomainDNSzones.mydomain.com nor MyADserver.mydomain.com.
 
DNS manager is operating fine all on three machines and easily finds all the zones on each one no matter where I run it.  DNS clients work just fine.  Event Logs are 100% clean.  All is well.

However, I cannot find where the DNS data is stored! I thought I'd find it in ADSIEDIT.MSC under DC=forestdnszones,DC=mydomain,DC=com,CN=System,CN=MicrosoftDNS.  That's were it was before I did the upgrade.  But it was also in DC=domandnszones.... and DC=domainserver....  Now, I can't seem to find it anywhere?

Where the heck is forest-integrated DNS zone data stored???  Thanks...RG
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Chris DentPowerShell Developer
Top Expert 2010

Commented:
ForestDNSZones is stored in this naming context:

DC=ForestDNSZones,DC=root-domain,DC=com

In ADSIEdit you have to create a new connection and specify that path. The configuration subtree only contains the partition configuration, not the data.

The others are:

All DNS Servers in the Domain: DC=DomainDNSZones,DC=current-domain,DC=com
All DCs in the Domain: CN=MicrosoftDNS,CN=System,DC=current-domain,DC=com

HTH

Chris

Author

Commented:
Okay, got all that.  You say the subtree contains the configuration and not the data?  Where is the data?
Chris DentPowerShell Developer
Top Expert 2010

Commented:
In the first of the areas I mentioned above.

If you create a connection to this:

DC=ForestDNSZones,DC=root-domain,DC=com

Then expand MicrosoftDNS.

But... you must connect with an account that has rights to view this data. If you connect using someone without rights it will appear empty.

Chris
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Author

Commented:
Okay, I hear you.  But, the data doesn't seem to be there?  I am attaching screenshots of ADSIedit expansion of MicrosoftDNS and the DNS Zone settings.  Thanks...RG
ForestDNSZones.png
DNS-Settings.png
Chris DentPowerShell Developer
Top Expert 2010

Commented:
Ah, I see what you've done. You've called it ForestDNSZones, as a name, but you've opened the default naming context. You need to do exactly this:

1. Open ADSIEdit
2. Right click on ADSIEdit and select Connect to...
3. Under Name enter ForestDnsZones (just a name, you can call it what you please)
4. Under Connection Point select "Select or type a Distinguished Name or Naming Context" (you left this as the default value above)
5. Enter DC=domain,DC=com into the box immediately below
6. Leave "Computer" as the default and click OK

Now you should have a folder for MicrosoftDNS, an entirely different directory partition.

Chris

Author

Commented:
Okay, I think I have that.  Screenshot is attached.  I still don't see the DNS data, but maybe you can explain from here?  Thanks for you help...RG
Real-ForestDNSZones.png
Chris DentPowerShell Developer
Top Expert 2010

Commented:
You're still opening the Default Naming Context, which is basically your regular domain regardless of what you set the Name Field to.

Can you send me a screen shot of the Connect To... box before you press OK please?

I'll try and post you some screen shots from our test network if that fails, I just need to fix it a bit first :)

Chris
PowerShell Developer
Top Expert 2010
Commented:
Oh damn, I just realised I messed up my instructions above. Please find the correction below:

1. Open ADSIEdit
2. Right click on ADSIEdit and select Connect to...
3. Under Name enter ForestDnsZones (just a name, you can call it what you please)
4. Under Connection Point select "Select or type a Distinguished Name or Naming Context" (you left this as the default value above)
5. Enter DC=ForestDNSZones,DC=domain,DC=com into the box immediately below
6. Leave "Computer" as the default and click OK

I'm sorry about that.

Chris

Author

Commented:
No worries, mate!  That did it for me.  Thanks so much for your help...RG

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial