• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2207
  • Last Modified:

Deleted THE AD Integrated DNS Zone

Ok, due to a 'small' mistake, we deleted the AD Integrated DNS zone on the only Domain Controller and DNS Server

Server 2008 R2
Domain Function Level: Server 2008 R2
Active Directory Integrated Zone
Domain name: DOMAIN  (not DOMAIN.local etc etc)

Not sure how much more detail you need.

I need info on a) recreating it or b) undeleting it

I found this: http://blogs.technet.com/b/askds/archive/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2.aspx
But it wont work The first command returns nothing, no error, no results
PS>  get-adobject -filter 'isdeleted -eq $true -and msds-lastKnownRdn -eq "..Deleted-DOMAIN"' -includedeletedobjects -searchbase "DC=ForestDnsZones,DC=DOMAIN" -property *

Open in new window

however,
PS> get-adobject -filter 'isdeleted -eq $true' -includedeletedobjects

Open in new window

Returns:
Deleted           : True
DistinguishedName : CN=Deleted Objects,DC=DOMAIN
Name              : Deleted Objects
ObjectClass       : container
ObjectGUID        : aa6b138c-224f-406c-8e9b-8a4f2f05ca11

Open in new window



Thanks for your advice
0
tetrauk
Asked:
tetrauk
  • 4
  • 3
2 Solutions
 
footechCommented:
You can check if the AD Recycle Bin is enabled by running
Get-ADOptionalFeature "Recycle Bin Feature"

Open in new window

and check if the "Enabled Scopes" property has anything set.

Your zone might have been in a different naming context.  I don't know how much having a single-label domain name will affect things, if any.  Try searching DomainDnsZones (which is typical for a domain created in Server 2003 or newer), or just the default NC (i.e. DC=DOMAIN).
get-adobject -filter 'isdeleted -eq $true -and msds-lastKnownRdn -eq "..Deleted-DOMAIN"' -includedeletedobjects -searchbase "DC=DomainDnsZones,DC=DOMAIN" -property *

Open in new window

0
 
tetraukAuthor Commented:
searching the other base still gets nothing even removing it gets nothing
0
 
tetraukAuthor Commented:
From what i have been reading,  if i create a new zone with the same name and restart netlogon on domain controller it will rebuild everything, and the client pc will register when they reboot.


Any problems with this idea?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
footechCommented:
None at all.  If you don't have many records that you added manually (I'm guessing not with only one DC) then you won't have much work recreating them.  Clients configured with a static IP try to re-register their DNS records every 24 hours.  DHCP clients will also re-register, but I can't remember the time frame - I think it depends on your lease time.

Do you have a separate _msdcs zone?

BTW, I'd recommend moving away from a single-label domain name if you ever can.
0
 
tetraukAuthor Commented:
yes the _msdcs.DOMAIN zone was unaffected

I have no clue why the person who set it up used a single label domain name....i just inherited it.

not sure if there ever is a good way of moving away, I suppose i could create a new tree in the forest and slowly migrate over one day...any key disadvantage of a single label domain?

I have noticed with other companies I can resolve domain.local in DNS, but in the company I cant resolve domain
0
 
footechCommented:
Great,  Just needed to know if _msdcs was a separate zone or a child of the primary one for your domain.  Since it is a separate zone, you will need to recreate the delegation for it in your DOMAIN zone.

Depending on applications present, you may be able to perform a domain rename.  I've done one of these, and it is a non-trivial task.  Even when it is an option, I know some people prefer to create a new forest and use ADMT to migrate info (or if a small enough environment just manually join machines to the new domain).  MS has a good article that lays out some problems.
http://support.microsoft.com/kb/300684
And looking at it, I see mention of a problem with clients dynamically registering their DNS record unless a registry change is made.
Another decent blog post is at
http://blogs.msmvps.com/acefekay/2009/11/12/active-directory-dns-domain-name-single-label-names/
0
 
tetraukAuthor Commented:
great, thats what i needed to know
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now