Deleted THE AD Integrated DNS Zone

Posted on 2014-08-22
Last Modified: 2014-08-27
Ok, due to a 'small' mistake, we deleted the AD Integrated DNS zone on the only Domain Controller and DNS Server

Server 2008 R2
Domain Function Level: Server 2008 R2
Active Directory Integrated Zone
Domain name: DOMAIN  (not DOMAIN.local etc etc)

Not sure how much more detail you need.

I need info on a) recreating it or b) undeleting it

I found this:
But it wont work The first command returns nothing, no error, no results
PS>  get-adobject -filter 'isdeleted -eq $true -and msds-lastKnownRdn -eq "..Deleted-DOMAIN"' -includedeletedobjects -searchbase "DC=ForestDnsZones,DC=DOMAIN" -property *

Open in new window

PS> get-adobject -filter 'isdeleted -eq $true' -includedeletedobjects

Open in new window

Deleted           : True
DistinguishedName : CN=Deleted Objects,DC=DOMAIN
Name              : Deleted Objects
ObjectClass       : container
ObjectGUID        : aa6b138c-224f-406c-8e9b-8a4f2f05ca11

Open in new window

Thanks for your advice
Question by:tetrauk
    LVL 38

    Expert Comment

    You can check if the AD Recycle Bin is enabled by running
    Get-ADOptionalFeature "Recycle Bin Feature"

    Open in new window

    and check if the "Enabled Scopes" property has anything set.

    Your zone might have been in a different naming context.  I don't know how much having a single-label domain name will affect things, if any.  Try searching DomainDnsZones (which is typical for a domain created in Server 2003 or newer), or just the default NC (i.e. DC=DOMAIN).
    get-adobject -filter 'isdeleted -eq $true -and msds-lastKnownRdn -eq "..Deleted-DOMAIN"' -includedeletedobjects -searchbase "DC=DomainDnsZones,DC=DOMAIN" -property *

    Open in new window

    LVL 1

    Author Comment

    searching the other base still gets nothing even removing it gets nothing
    LVL 1

    Author Comment

    From what i have been reading,  if i create a new zone with the same name and restart netlogon on domain controller it will rebuild everything, and the client pc will register when they reboot.

    Any problems with this idea?
    LVL 38

    Accepted Solution

    None at all.  If you don't have many records that you added manually (I'm guessing not with only one DC) then you won't have much work recreating them.  Clients configured with a static IP try to re-register their DNS records every 24 hours.  DHCP clients will also re-register, but I can't remember the time frame - I think it depends on your lease time.

    Do you have a separate _msdcs zone?

    BTW, I'd recommend moving away from a single-label domain name if you ever can.
    LVL 1

    Author Comment

    yes the _msdcs.DOMAIN zone was unaffected

    I have no clue why the person who set it up used a single label domain name....i just inherited it.

    not sure if there ever is a good way of moving away, I suppose i could create a new tree in the forest and slowly migrate over one day...any key disadvantage of a single label domain?

    I have noticed with other companies I can resolve domain.local in DNS, but in the company I cant resolve domain
    LVL 38

    Assisted Solution

    Great,  Just needed to know if _msdcs was a separate zone or a child of the primary one for your domain.  Since it is a separate zone, you will need to recreate the delegation for it in your DOMAIN zone.

    Depending on applications present, you may be able to perform a domain rename.  I've done one of these, and it is a non-trivial task.  Even when it is an option, I know some people prefer to create a new forest and use ADMT to migrate info (or if a small enough environment just manually join machines to the new domain).  MS has a good article that lays out some problems.
    And looking at it, I see mention of a problem with clients dynamically registering their DNS record unless a registry change is made.
    Another decent blog post is at
    LVL 1

    Author Closing Comment

    great, thats what i needed to know

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now