Solved

Why is the _msdcs zone also stored as subdomain in every forword lookup zone?

Posted on 2016-07-26
5
78 Views
Last Modified: 2016-09-02
whats the reason, that the _msdcs zone is also available as a subdomain in every forward lookup zone?
0
Comment
Question by:Thomas_1991
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 13

Expert Comment

by:cshepfam
ID: 41729593
The msdcs zone is extremely important.  Without it workstations wouldn't know which DC to authenticate to.  

That's why all your child domains have them.  The place where you can control what DC a workstation should authenticate to is by looking in _msdcs > dc > sites > [childdomain] > tcp

You'll see the Kerberos and LDAP record.  Those records should point to the DC in that specific domain
0
 
LVL 40

Expert Comment

by:footech
ID: 41729631
You'll have to describe what you're seeing better (screenshots would be good).

You can create any new forward lookup zone and _msdcs will not be present inside it, so your question is not clear, particularly when you refer to "every forward lookup zone".

In the zone corresponding to your domain, there should be a _msdcs subdomain, or a delegation for _msdcs along with a separate zone for _msdcs.yourdomain.com.
0
 

Author Comment

by:Thomas_1991
ID: 41729978
Sorry, the question should be, why the subdomain is also in the DNS zone from my domain.

So if i have a domain asd.intra, in the Forward lookup zone "asd.intra" will be a subdomain _msdcs.

Why is that subdomain there?
Because the _msdcs.asd.intra on top level is forest wide available?
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 41731383
I couldn't say what exactly resulted in what you're seeing.  The default for a new domain used to be to create the _msdcs subdomain, but this was changed with Server 2003 to creating a separate zone.  But existing setups would not be change when upgrading from say, Win2K to Win2K3.  Even with current Windows Server DCs, if the _msdcs zone is not present it will automatically create the _msdcs subdomain.

Since the separate zone is present, I would delete the subdomain, followed by a restart of the Netlogon service (causing the DC to re-register any records if needed).  Then I would create a delegation in place of the deleted subdomain with the name "_msdcs" and add entries for each of your DCs/DNS that hold a copy of the _msdcs zone.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 41742914
So if i have a domain asd.intra, in the Forward lookup zone "asd.intra" will be a subdomain _msdcs.

A screenshot of this would be helpful. Is there a full subdomain present there (in other words, are there records contained within that subdomain), or is it just a gray folder? If it's just a gray folder, that's a delegation record which should be left alone. If it's a full subdomain, it's redundant. Follow footech's advice above to remove it.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question