|
|
Our Hot Pick: Rising Antivirus 2006 - Certified by TUV & Checkmark! Get 10% discount by entering this coupon code: ONDISCOUNT10
top domain - a.int - dcdiag/test:dns works with no errors
user domain b.a.int - when i try dcdiag /test:dns it logs "test: basic,
warning, the active directory zone on this dc/dns was not found (probably
misconfiguration)" . No errors in dns log, netdiag - dns test pass....
I can't find much in kb on this particular issue
Any ideas where greatly appreciated
|
|
Read inline please.
In news:76E977F7-D071-45F5-82D6-E98CD7497606[ at ]microsoft.com,
Roman44 <Roman44[ at ]discussions.microsoft.com> typed:
[Quoted Text] > top domain - a.int - dcdiag/test:dns works with no errors
> user domain b.a.int - when i try dcdiag /test:dns it logs "test:
> basic, warning, the active directory zone on this dc/dns was not
> found (probably misconfiguration)" . No errors in dns log, netdiag -
> dns test pass....
> I can't find much in kb on this particular issue
> Any ideas where greatly appreciated
Apparently when you created your Child (b.a.int) Domain, you did not already
have a delegation in a.int named b giving the new domain's DNS server's NS
records and it register all of its b.a.int records in the existing a.int
zone?
It really doesn't make a big difference unless b.a.int has to cross a slow
link to the a.int DNS servers. But, I like to keep these things separate for
security reasons, you would have to delegate some security from the a.int
DNS to the Administrators in the b.a.int domain, which is not a good idea.
You can fix this, by creating a b.a.int zone on the b.a.int DCs, then delete
the b.a.int subdomain, in the a.int zone and replace it with a new
delegation named b, in the a.int zone, then add NS records for the DCs in
the child domain that will have the zone. You should also create a
Conditional Forwarder for a.int giving it the IP addresses of the a.int DCs.
One other note, when you created your first DC in the a.int domain, (If this
is all Win2k3) it would have created two Forward Lookup Zones, one named
a.int and one named _msdcs.a.int, this second zone should have replicated to
the child DCs with DNS on Win2k3...
Do you have this _msdcs.a.int zone?
Is its replication setting "To all DNS servers in the Active Directory
Forest a.int"?
In this _msdcs.a.int zone, are all Win2k3 DCs with DNS installed listed with
NS records?
Is there a delegation named _msdcs in the a.int zone?
Do ALL Win2k3 DCs in all domains have their NS records listed in this
delegation?
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Thank you Kevin,
This is what I have been able to see here:
dcdiag /test:dns gives me correct responce - there is no zone b.a.int
defined on any dns servers. Since a.int replicates to all dc's in the forest,
this is where b.a.int clients register and get name resolution from. There is
no delegation in a.int to b.a.int, instead folder b.a.int exists in a.int
zone with all host records, _msdcs and _sites including.
What benefits might have been considered in this setup by the original
installer, or as I suspect was it setup in error? I'm still trying to figure
out the best way to proceed. Deleting b.a.int folder from b.int zone,
creating delegation and creating b.a.int zone seems the way to go, but on the
other hand there might be many static dns entries created which would need
to be moved to the new zone b.a.int
Please read inline
As I'm not much of a dns guy, your ideas are greatly appreciated
"Kevin D. Goodknecht Sr. [MVP]" wrote:
[Quoted Text] > Read inline please.
>
> In news:76E977F7-D071-45F5-82D6-E98CD7497606[ at ]microsoft.com,
> Roman44 <Roman44[ at ]discussions.microsoft.com> typed:
> > top domain - a.int - dcdiag/test:dns works with no errors
> > user domain b.a.int - when i try dcdiag /test:dns it logs "test:
> > basic, warning, the active directory zone on this dc/dns was not
> > found (probably misconfiguration)" . No errors in dns log, netdiag -
> > dns test pass....
> > I can't find much in kb on this particular issue
> > Any ideas where greatly appreciated
>
> Apparently when you created your Child (b.a.int) Domain, you did not already
> have a delegation in a.int named b giving the new domain's DNS server's NS
> records and it register all of its b.a.int records in the existing a.int
> zone?
>
> It really doesn't make a big difference unless b.a.int has to cross a slow
> link to the a.int DNS servers. But, I like to keep these things separate for
> security reasons, you would have to delegate some security from the a.int
> DNS to the Administrators in the b.a.int domain, which is not a good idea.
> You can fix this, by creating a b.a.int zone on the b.a.int DCs, then delete
> the b.a.int subdomain, in the a.int zone and replace it with a new
> delegation named b, in the a.int zone, then add NS records for the DCs in
> the child domain that will have the zone. You should also create a
> Conditional Forwarder for a.int giving it the IP addresses of the a.int DCs.
>
> One other note, when you created your first DC in the a.int domain, (If this
> is all Win2k3) it would have created two Forward Lookup Zones, one named
> a.int and one named _msdcs.a.int, this second zone should have replicated to
> the child DCs with DNS on Win2k3...
>
> Do you have this _msdcs.a.int zone?
yes, it is there
>
> Is its replication setting "To all DNS servers in the Active Directory
> Forest a.int"?
yes
>
> In this _msdcs.a.int zone, are all Win2k3 DCs with DNS installed listed with
> NS records?
yes
>
> Is there a delegation named _msdcs in the a.int zone?
yes
>
> Do ALL Win2k3 DCs in all domains have their NS records listed in this
> delegation?
no, only 1 dc, dc1.a.int is listed here
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
|
|
Read inline please.
In news:AEF5C9F4-EBD4-413A-A285-28F920FCA796[ at ]microsoft.com,
Roman44 <Roman44[ at ]discussions.microsoft.com> typed:
[Quoted Text] > Thank you Kevin,
> This is what I have been able to see here:
> dcdiag /test:dns gives me correct responce - there is no zone b.a.int
> defined on any dns servers. Since a.int replicates to all dc's in the
> forest, this is where b.a.int clients register and get name
> resolution from. There is no delegation in a.int to b.a.int, instead
> folder b.a.int exists in a.int zone with all host records, _msdcs and
> _sites including.
> What benefits might have been considered in this setup by the original
> installer, or as I suspect was it setup in error? I'm still trying to
> figure out the best way to proceed. Deleting b.a.int folder from
> b.int zone, creating delegation and creating b.a.int zone seems the
> way to go, but on the other hand there might be many static dns
> entries created which would need to be moved to the new zone b.a.int
>
> Please read inline
>
> As I'm not much of a dns guy, your ideas are greatly appreciated
If a.int is replicated to all DNS servers in the forest, and it has sub
domains for b and _msdcs, and they contain all the records and are not just
delegations, I wouldn't worry about the warning dcdiag gives you, it may be
looking for a separate zone.
The reason for having separate zones are all administrative and not
technical, though it can increase replication traffic between the Forest
Root and child DCs, because by default only the _msdcs.forestroot is
replicated Forest Wide.
Of course, if you don't have replication traffic it will be replaced by DNS
traffic because by default all child member clients will search the Parent
DNS suffix on all queries. So it becomes a question of which is more, DNS
traffic or replication traffic.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|