> In news:566F9F29-7F8F-40FD-9439-71B037EAFC33[ at ]microsoft.com,
> Cep <Cep[ at ]discussions.microsoft.com> requesting assistance, typed the
> following:
> > Hi Ace,
> >
> > I have followed your instructions but when I reach the last point
> > about changing the replication scope I get a really daft error coming
> > up saying something about the name of the network device and then it
> > fails to complete. I believe I have heard this mentioned but I don't
> > think I have seen a fix.
> >
> > Do you know what this means?
> >
> Sounds like you may have had a replication issue at one point as well. It
> could have been caused by this, it may not have been caused by this. Either
> way, the error, even though it doesn't make sense, is due to the dupe. The
> following is a copy/paste from my blog at www.fekay.com showing the full
> method to clean it all up. It involves picking one DC (only one), and
> removing the zone from AD (make it no AD integrated), so it is now a Primary
> Standard zone. Then allow replication to happen. Then do the ADSI Edit
> deletions, but this time delete ALL references to the zone (not the
> ForestDnsZones, just the zones in DomainNC and DomainDnsZones).
>
> ==================================
> ==================================
>
> Conflicting AD Integrated zones if they exist in both the Domain NC and
> one of the Application Partitions or if you get a weird error message
> stating:
> "The name limit for the local computer network adapter card was exceeded."
>
> Under Windows 2000, the physcial AD database is broken up into 3 logical
> partitions, the DomainNC (Domain Name Context, or some call the Domain Name
> Container), the Configuration Partition, and the Schema Partition. The
> Schema and Config partitions replicate to all DCs in a forest. However, the
> DomainNC is specific only to the domain the DC belongs to. That's where a
> user, domain local or global group is stored. The DomainNC only replicates
> to the DCs of that specific domain. When you create an AD INtegrated zone in
> Win 2000, it gets stored in the DomainNC. This causes a limitation if you
> want this zone to be available on a DC/DNS server that belongs to a
> different domain. The only way to get around that is for a little creative
> designing using either delegation, or secondary zones. This was a challenge
> for the _msdcs zone, which must be available forest wide to resolve the
> forest root domain, which contains the Schema and Domain Name Masters FSMO
> roles.
>
> In Windows 2003, there were two additional partitions added, they are called
> the DomainDnsZones and ForestDnsZones Application Partitions, specifically
> to store DNS data. They were conceived to overcome the limitation of Windows
> 2000's AD Integrated zones. Now you can store an AD Integrated zone in
> either of these new partitions instead of the DomainNC. If stored in the
> DomainDnsZones app partition, it is available only in that domain's
> DomainDnsZones partition. If you store it in the ForestDnsZones app
> partition, it will be available to any DC/DNS server in the whole forest.
> This opens many more design options. It also ensures the availability of the
> _msdcs zone to all DCs in the forest. By default in Win 2003, the _msdcs
> zone is stored in the ForestDnsZones application partition.
>
> When selecting a zone replication scope in Win2003, in the zone's
> properties, click on the "Change" button. Under that you will see 3 options:
> To choose the ForestDnsZones:
> "To all DNS servers in the AD forest example.com"
>
> To choose DomainDnsZones:
> "To all DNS servers in the AD domain example.com"
>
> To choose the DomainNC (only for compatibility with Win2000):
> "To all domain controllers in the AD domain example.com"
>
>
> If you have a duplicate, that's indicating there is a zone that exists in
> the DomainNC and in the DomainDnsZones Application partition. This means at
> one time, or currently, you have a mixed Win2000/2003 environment and you
> have DNS installed on both operating systems. On Win2000, if the zone is AD
> Integrated, it is in the DomainNC, and should be set the same in Win2003's
> DC/DNS server to keep compatible. Someone must have attempted to change it
> in Win2003 DNS to put it in the DomainDnsZones partition no realizing the
> implications, hence the duplicate. In a scenario such as this where you want
> to use the Win2003 app partitions, you then must insure the zone on the
> Win2003 is set to the DomainNC, then uninstall DNS off the Win2000 machine,
> then once that's done, you can then go to the Win2003 DNS and change the
> partition's replication scope to one of the app partitions.
>
> In ADSI Edit, you can view all five partitions. You were viewing the app
> partitions, but not the main partitions. You need to add the DomainNC
> partition in order to delete that zone. But you must uninstall DNS off the
> Win2000 server first, unless you want to keep the zone in the DomainNC. But
> that wouldn't make much sense if you want to take advantage of the _msdcs
> zone being available forest wide in the ForestDnsZones partition, which you
> should absolutley NOT delete. I would just use the Win2003 DNS servers only.
>
> In ADSI Edit, rt-click ADSI Edit, connect to, in the Connection Point click
> on "Well known Naming Context", then in the drop-down box, select "Domain".
> Drill down to CN=System. Under that you will see CN=MicrosoftDNS. You will
> see the zone in there.
>
> But make sure to decide FIRST which way to go before you delete anything.
>
> Some reading for you...
> Directory Partitions:
>
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsbg_dat_favt.asp>
> kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app partitions
> issues:
>
http://www.kbalertz.com/kb_867464.aspx>
>
> How to fix it?
> -------------
>
> What I've done in a few cases with my clients that have issues with
> 'duplicate' zone entries in AD (because the zone name was in the Domain NC
> (Name Container) Partition, and also in the DomainDnsZones App partition),
> was first to change the zone on one of the DCs to a Primary zone, and
> allowed zone transfers. Then I went to the other DCs and changed the zone to
> a Secondary, and using the first DC as the Master. Then I went into ADSI
> Edit, (from memory) under the Domain NC, Services, DNS, and deleted any
> reference to the domain name. Then I added the DomainDnsZones partition to
> the ADSI Edit console, and deleted any reference to the zone name in there
> as well. If you see anything saying something to the extent of a phrase that
> says
> "In Progress...." or "CNF" with a long GUID number after it, delete them
> too. Everytime
> you may have tried tochange the replication scope, it creates one of them.
> Delete them all.
>
> Then I forced replication. If there were Sites configured, I juggled around
> the servers and subnet objects so all of the servers are now in one site,
> then I forced replication (so I didn't have to wait for the next site
> replication schedule). Once I've confirmed that replication occured, and the
> zones no longer existed in either the Domain NC or DomainDnsZones, then I
> changed the zone on the first server back to AD Integrated, choosing the
> middle button for it's replication scope (which puts it in the
> DomainDnsZones app partition). Then I went to the other servers and changed
> the zone to AD Integrated choosing the same replication scope. Then I reset
> the sites and subnet objects, and everything was good to go.
>
> Keep in mind, I left the _msdcs... zone alone, since that wasn't causing any
> problems and is located in the ForestDnsZones (default) in all of my client
> cases I've come across with so far.
>
> It seems like alot of steps, but not really. Just read it over a few times
> to get familiar with the procedure. You may even want to change it into a
> numbered step by step list if you like. If you only have one DC, and one
> Site, then it's much easier since you don't have to mess with secondaries or
> play with the site objects.
>
> I hope that helped!
>
> ==================================
> ==================================
> --Â
> Ace\
>
>