Deleted THE AD Integrated DNS Zone

Ok, due to a 'small' mistake, we deleted the AD Integrated DNS zone on the only Domain Controller and DNS Server

Server 2008 R2
Domain Function Level: Server 2008 R2
Active Directory Integrated Zone
Domain name: DOMAIN  (not DOMAIN.local etc etc)

Not sure how much more detail you need.

I need info on a) recreating it or b) undeleting it

I found this:
But it wont work The first command returns nothing, no error, no results
PS>  get-adobject -filter 'isdeleted -eq $true -and msds-lastKnownRdn -eq "..Deleted-DOMAIN"' -includedeletedobjects -searchbase "DC=ForestDnsZones,DC=DOMAIN" -property *

Open in new window

PS> get-adobject -filter 'isdeleted -eq $true' -includedeletedobjects

Open in new window

Deleted           : True
DistinguishedName : CN=Deleted Objects,DC=DOMAIN
Name              : Deleted Objects
ObjectClass       : container
ObjectGUID        : aa6b138c-224f-406c-8e9b-8a4f2f05ca11

Open in new window

Thanks for your advice
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can check if the AD Recycle Bin is enabled by running
Get-ADOptionalFeature "Recycle Bin Feature"

Open in new window

and check if the "Enabled Scopes" property has anything set.

Your zone might have been in a different naming context.  I don't know how much having a single-label domain name will affect things, if any.  Try searching DomainDnsZones (which is typical for a domain created in Server 2003 or newer), or just the default NC (i.e. DC=DOMAIN).
get-adobject -filter 'isdeleted -eq $true -and msds-lastKnownRdn -eq "..Deleted-DOMAIN"' -includedeletedobjects -searchbase "DC=DomainDnsZones,DC=DOMAIN" -property *

Open in new window

tetraukAuthor Commented:
searching the other base still gets nothing even removing it gets nothing
tetraukAuthor Commented:
From what i have been reading,  if i create a new zone with the same name and restart netlogon on domain controller it will rebuild everything, and the client pc will register when they reboot.

Any problems with this idea?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

None at all.  If you don't have many records that you added manually (I'm guessing not with only one DC) then you won't have much work recreating them.  Clients configured with a static IP try to re-register their DNS records every 24 hours.  DHCP clients will also re-register, but I can't remember the time frame - I think it depends on your lease time.

Do you have a separate _msdcs zone?

BTW, I'd recommend moving away from a single-label domain name if you ever can.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tetraukAuthor Commented:
yes the _msdcs.DOMAIN zone was unaffected

I have no clue why the person who set it up used a single label domain name....i just inherited it.

not sure if there ever is a good way of moving away, I suppose i could create a new tree in the forest and slowly migrate over one day...any key disadvantage of a single label domain?

I have noticed with other companies I can resolve domain.local in DNS, but in the company I cant resolve domain
Great,  Just needed to know if _msdcs was a separate zone or a child of the primary one for your domain.  Since it is a separate zone, you will need to recreate the delegation for it in your DOMAIN zone.

Depending on applications present, you may be able to perform a domain rename.  I've done one of these, and it is a non-trivial task.  Even when it is an option, I know some people prefer to create a new forest and use ADMT to migrate info (or if a small enough environment just manually join machines to the new domain).  MS has a good article that lays out some problems.
And looking at it, I see mention of a problem with clients dynamically registering their DNS record unless a registry change is made.
Another decent blog post is at
tetraukAuthor Commented:
great, thats what i needed to know
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.