Solved

DNS Delegation on about to be decommissioned W2k3 DC

Posted on 2014-09-05
1
399 Views
Last Modified: 2014-09-08
Hello

I have a Windows 2003 native domain with 2008 R2 PDC and Secondary DCs and a 2003 SP2 DC that is about to be decommissioned. All FSMO roles are on the PDC (my boss's decision) and all DCs are Global Catalogs.

When I DCDIAG the report says that:

           DNS delegation for the domain  _msdcs.domain.local. is operational on IP 192.168.x.xx

And:
               TEST: Delegations (Del)
                  Delegation information for the zone: domain.local.
                     Delegated domain name: _msdcs.domain.local.
                        DNS server: old_dc.domain.local. IP:192.168.x.xx [Valid]

where 192.168.x.xx is the old 2003 DC. 2003 DC was an SBS server and used to be the primary (only) DC and used to run Exchange 2003 (now uninstalled).

My questions:
* What is the DNS Delegation for (we have no child domains)?
* Do I need to take any action regarding the DNS delegation before I DCPROMO it to make it just a member server?
* If so what do I need to do?

Help much appreciated.
0
Comment
Question by:dejected
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 40306220
The delegation is for the _msdcs.domain.local zone, which is effectively a child domain. (It may sometimes appear as a folder named _msdcs beneath the domain.local zone rather than a separate zone.)

In the DNS console, there should be a gray folder named _msdcs inside your domain.local zone. This is the delegation record, and it should contain name server (NS) records for each DC/DNS server that hosts a copy of the zone (every DC/DNS server in the forest by default, I believe).

Check all DCs which are also DNS servers and verify that at least one of them has an _msdcs.domain.local forward lookup zone. (It's an AD-integrated zone by default, so they should all have a copy of it unless you've changed that.) Then check the delegation record and make sure the NS records match the DCs which have a copy of the zone. If you find a discrepancy, you can only make changes by right-clicking the delegation record and selecting Properties - you can't directly modify the NS records in the delegation.

You shouldn't have to change anything if the NS records in the delegation are correct; it should be handled during the demotion, but you may want to go back and check after the server is demoted to make sure its NS record was removed from the delegation.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question