We help IT Professionals succeed at work.

DNS  / Active Directory Replication Issue

I have a Root / Child domain model. We have 4 Sites. Root domain is only in Main Site and Child Domain is across all of the sites.

We have Windows 2003 R2 and Windows 2012 R2 Active Directory model.

Main Office:

Root domain have TWO windows 2012 R2 DC's and THREE Windows 2003 R2 DC's.

Child Domain have TWO WINDOWS 2012 R2 DC's and TWO Windows 2003 R2 DC's


Each site have Windows 2003 R2 DC's


All DC's are running DNS Service and 1 additional DNS Server is also available which holds secondary zones.


I came across strange issue. While fixing my replication issues  appearing on DCDIAG, I added Master Servers under additional DNS Server and my replication starts without any error. But automatically my _mcdcs.root.domain converts to ForestDNSZone and after 1 days root.domain and child.root.domain also change to ForestDNSZone.  The evernt which logs this entry showing my user ID for this change but I didn't change this manually.

Please help me if there is any possibility of happening this automatically. Might be as I replicated and replication completed successfully this converts and as I did the replication the event for changing is generated with my ID.

I have not done the manual changes to the DNS Zones to converts them from domainDNSzones to forestDNSzones.

 I want to know if someone experience this issue that once proper replication happen automatically required zones convert to forestDNSzones.


Faisal Kamal
Watch Question

Distinguished Expert 2019

Don't understand the question?

But automatically my _mcdcs.root.domain converts to ForestDNSZone and after 1 days root.domain and child.root.domain also change to ForestDNSZone.

You mean to say domain.com got renamed to ForestDNSZone and child.domain.com got renamed to ForestDnsZone?

Can you post screen shot please to understand correctly?

The only way to resolve this situation is to create new AD integrated zones named domain.com in root domain and child.domain.com in child domain

Step by step
Record /  note down custom host(A) records, Alias, MX and other records if any in both zones
Create new domain.com ad integrated zone in parent dns server,
Restart netlogon service
wait for replication to occur, create any custom dns records if any as stated above
Create new child.domain.com ad integrated zone in child dns server
Restart netlogon service
wait for replication to occur, create any custom dns records if any as stated above
 Ensure that child domain dns delegation is created in parent dns server and conditional forwarder is set in child domain dns server pointing to parent dns server (domain)
Check AD replication between both domains

Once everything is set correctly, delete obsolong ForestDNSZone from both domain


Take this example

I have a root domain named group.root

Child domain named child.group.root

Hence we have 3 major zones in DNS and all 3 are Active Directory Integrated. named as follows:




After the upgrade of Active Directory I was facing few sync issues. After adding master server entries on the secondary zone servers and changing DNS server entries on DNS server itself to for some time and the reverting it back to DNS server IP itself replication started smoothly.

Once replication started smoothly we got some events under Event Viewer that _mcdcs.group.root moved to ForestDNSzone and after a day my group.root and child.group.root also have the same entries.

Now my question is as by default in Windows 2003 and above  _mcdcs.xxx.xxx and root domain zones store under ForestDNSzones so might be it converts automatically to ForestDNSzones.

Please check this and confirm. Currently my zones replication is set to All DNS servers across the Forest


Have you run dcdiag /v /e >c:\dcdiag.txt and repadmin /showrepl >c:\repamin.txt so we can see he stat of your AD environment.

Also screen shot of your AD structure would be helpful


The event id's generated 713, 516, 515,514, 4005 & 4015. My major concern is does it is possible that once the sync completes successfully these events generates automatically means without manual intervention.


Faisal Kamal
Hi Faisal,

This is the norms how Active Directory works. DNS replication configuration pushes automatically from the root domain to other DCs to make replication on health way.

I had the same issue when I was working with AD upgrade from 2003 to 2012 R2, few months ago, from heterogeneous multi-sites, parents- child domain environment. In order to avoid replication issues MS recommend to pace up migration process to get rid of old DCs ASAP otherwise it creates replication issues.

We were facing many issues in DNS replication within AD environment after the root domain upgrade. Windows 2012 AD recommends to have forest level DNS replication and we noticed the change in that while reviewing DNS event logs for fixing DNS replication issues. Seems like It doesn't like to keep Windows 2000 Compatible mode.

After fixing replication issues among the DCs in many sites, we observed trickle down behavior of DNS replication configuration changed from  "Windows 2000 Compatible mode" to "forest level". As noticed earlier event ID 713 on the root DC earlier, we discovered same event ID 713 on other DCs after automatic change in that configuration after successful replication.

So be calm for its normal behavior and I recommend to keep the same configuration to keep replication process smooth and healthy.
Distinguished Expert 2019

So you are assaying that you have zones for which replication scope is changed from entire domain to forest?

Am I right?

The way you expressed this, sorry I don't understood at 1st place

The general recommendations for DNS replication:
If you have domains \ forests with windows 2003 domain and forest functional level:

_Msdcs.domain.com should have replication scope to this forest
domain.com should have replication scope to this domain
child.domain.com should have replication scope to this domain