Solved

DNS Question _msdcs

Posted on 2014-11-25
4
170 Views
Last Modified: 2014-11-25
HI
I keep getting an error form the best practice analyzer. It is commenting on me missing this _msdcs zone, but as you can see in my pic attached it is under my domain name zone.
I looked around and a saw one example where someone had this zone right under the forward lookup zones main root as _msdcs.mydomain.com and then their mydomain.com was under that and also contained this zone.
Any ideas??
Thanks.
pic.jpg
0
Comment
Question by:valmatic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40465139
Either configuration is valid (having it as a subdomain of your domain zone, or having it as a separate zone).  By default, new AD domains created with Server 2003+ configure it as its own domain.  Here's a link with some more relevant info.
http://support.microsoft.com/kb/817470

If you want to change your configuration, all you do is delete the _msdcs subdomain, then create a new forward lookup zone called "_msdcs.yourdomain.com" with a replication scope of "all DNS servers in the forest".  Create a delegation under the yourdomain.com zone called "_msdcs" and add your DNS servers as the name servers.  Now restart the Netlogon service and the DC will autopopulate the _msdcs zone with its records (you'll want to do this for all DCs).
0
 
LVL 7

Author Comment

by:valmatic
ID: 40465245
thanks, yes i heard this _msdsc folder populates itself just seemed to good to be true haha. Yes since mine is under my domain folder i am guessing it has been taggging along since the server 200 days.
So if i add one under the forward lookup zones i call it _msdcs.mydomain.com? Then restart netlogon and let it populate? Then wehn it is done remove the one under mydomain.com or does it even matter if it is there?
I wonder if this will get rid of my error that i dont have any ldap srv records which i clearly do.
Thanks.
0
 
LVL 40

Expert Comment

by:footech
ID: 40465290
I can't recall which takes precedence if you have both the explicit zone and under your domain zone.  Best to delete the one under your domain (and remember to create the delegation).
0
 
LVL 7

Author Closing Comment

by:valmatic
ID: 40465332
thanks
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question