Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: dns copy
Re: dns copy [message #155518] Mon, 01 June 2009 12:25 Go to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"naguaramipana" <naguaramipana@discussions.microsoft.com> wrote in message news:18D8A084-48B4-48EA-80FA-F928063F260B@microsoft.com...
> Hi gurus
>
> I have the following problem
>
> I have two DC, DCA and DCB, DCA is my OEM and DCB is my secundary, for some
> reason I lost the DNS on DCB, is all blank, I need to copy everything that is
> on DCA to DCB, how can I do that with taking the risk of DCB overwriting DCA
>
> w2k server both DC
>
> Thanks a bunch gurus
>


If you created the zone name on the other DC, and then made manual entries, it would have wiped out the other one. If you had changed the replication scope on one of them and not the other, it would have now created a duplicate zone scenario and wiped out the other one. The idea with AD INtegrated zones (which I assume you have it set to), is to simply install DNS and walk away from it. Let replication take its course and it will auto-populate with the data.

To check if you have a dupe zone issue, follow these instructions...

============================================================ ==========================================
============================================================ ==========================================
Conflicting or duplicate AD Integrated DNS zones
By Ace Fekay, MCSE 2003, MCT

You may have a duplicate zone if a zone either exists in both the Domain NC and one of the Application Partitions, if you get an unusal error message stating, "The name limit for the local computer network adapter card was exceeded," or you installed DNS on another DC and manually created the AD zone and didn't wait for it to automatically populate.

Dupe zone errata:
A quick explanation: When you have an AD integrated zone, the DNS data is stored in the actual AD database and is replicated to all DCs and will be available to any DC that has DNS installed, depending on the zone replication scope setting. If rep scope is set to the bottom button, it will be store in the DomainNC partition of the AD database and compatible with Windows 2000. If the middle button, it will be stored in the DomainDnsZones and only works with Windows 2003 and newer DCs. These two scope types will be replicated to all DCs only in the domain it exists in. The third type, the top buttton, is stored in the ForestDnsZones application partition and is available to ALL DCs in the whole forest. The data in any of the AD integrated zone types are truly secured since you can;t get at them without the proper tools.

If you have an AD integrated zone existing on a DC and you install DNS on another DC in the domain or forest, depending what zone type, it will automatically appear on the new DNS installation without any interaction on your part. If you attempted to manually create the zone, then you pretty much just introduced a duplicate in the AD database, which will cause problems and other issues as well.

A Primary or Secondary zone that is not stored in AD is stored in a text file in the system32\dns folder. This type of zone storage has nothing to do with the above types ONLY unless it is truly a secondary with the Master being a DC transferring a copy of the zone. This types of zone storage is obviously not secure.

Now **IF** you did manually create a zone on one DC while it already existed on another DC, then you may have a duplicate. If this is the case, you can use ADSI Edit and look for zone data that starts with a "CNF..." in front of it. Delete them and you;re good to go.

Under Windows 2000, the physcial AD database is broken up into 3 logical partitions, the DomainNC (Domain Name Context, or some call the Domain Name Container), the Configuration Partition, and the Schema Partition. The Schema and Config partitions replicate to all DCs in a forest. However, the DomainNC is specific only to the domain the DC belongs to. That's where a user, domain local or global group is stored. The DomainNC only replicates to the DCs of that specific domain. When you create an AD INtegrated zone in Win 2000, it gets stored in the DomainNC. This causes a limitation if you want this zone to be available on a DC/DNS server that belongs to a different domain. The only way to get around that is for a little creative designing using either delegation, or secondary zones. This was a challenge for the _msdcs zone, which must be available forest wide to resolve the forest root domain, which contains the Schema and Domain Name Masters FSMO roles.

In Windows 2003, there were two additional partitions added, they are called the DomainDnsZones and ForestDnsZones Application Partitions, specifically to store DNS data. They were conceived to overcome the limitation of Windows 2000's AD Integrated zones. Now you can store an AD Integrated zone in either of these new partitions instead of the DomainNC. If stored in the DomainDnsZones app partition, it is available only in that domain's DomainDnsZones partition. If you store it in the ForestDnsZones app partition, it will be available to any DC/DNS server in the whole forest. This opens many more design options. It also ensures the availability of the _msdcs zone to all DCs in the forest. By default in Win 2003, the _msdcs zone is stored in the ForestDnsZones application partition.

When selecting a zone replication scope in Win2003, in the zone's properties, click on the "Change" button. Under that you will see 3 options:
To choose the ForestDnsZones:
"To all DNS servers in the AD forest example.com"

To choose DomainDnsZones:
"To all DNS servers in the AD domain example.com"

To choose the DomainNC (only for compatibility with Win2000):
"To all domain controllers in the AD domain example.com"


If you have a duplicate, that's indicating there is a zone that exists in the DomainNC and in the DomainDnsZones Application partition. This means at one time, or currently, you have a mixed Win2000/2003 environment and you have DNS installed on both operating systems. On Win2000, if the zone is AD Integrated, it is in the DomainNC, and should be set the same in Win2003's DC/DNS server to keep compatible. Someone must have attempted to change it in Win2003 DNS to put it in the DomainDnsZones partition no realizing the implications, hence the duplicate. In a scenario such as this where you want to use the Win2003 app partitions, you then must insure the zone on the Win2003 is set to the DomainNC, then uninstall DNS off the Win2000 machine, then once that's done, you can then go to the Win2003 DNS and change the partition's replication scope to one of the app partitions.

In ADSI Edit, you can view all five partitions. You were viewing the app partitions, but not the main partitions. You need to add the DomainNC partition in order to delete that zone. But you must uninstall DNS off the Win2000 server first, unless you want to keep the zone in the DomainNC. But that wouldn't make much sense if you want to take advantage of the _msdcs zone being available forest wide in the ForestDnsZones partition, which you should absolutley NOT delete. I would just use the Win2003 DNS servers only.

In ADSI Edit, rt-click ADSI Edit, connect to, in the Connection Point click on "Well known Naming Context", then in the drop-down box, select "Domain". Drill down to CN=System. Under that you will see CN=MicrosoftDNS. You will see the zone in there.

But make sure to decide FIRST which way to go before you delete anything.

To view the DomainDnsZones or the ForestDnsZones partitions, follow these steps:

[ForestDNSZones]
Click Start, click Run, type adsiedit.msc, and then click OK.
In the console tree, right-click ADSI Edit, and then click Connect to.
Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK:
DC=ForestDNSZones, DC=contoso, DC=com
In the console tree, double-click DC=ForestDNSZones, DC=contoso, DC=com.
Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.

Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.
If you have deleted a zone, restart the DNS service. To do this, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.

[DomainDNSZones]
Click Start, click Run, type adsiedit.msc, and then click OK.
In the console tree, right-click ADSI Edit, and then click Connect to.
Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK: DC=DomainDNSZones,DC=contoso,DC=com.
In the console tree, double-click DC=DomainDNSZones,DC=contoso,DC=com
Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.

Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.
If you have deleted a zone, restart the DNS service. To do this, follow these steps:
Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.

Some reading for you...

Directory Partitions:
http://www.microsoft.com/resources/documentation/Windows/200 0/server/reskit/en-us/distrib/dsbg_dat_favt.asp

kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app partitions issues:
http://www.kbalertz.com/kb_867464.aspx


How to fix it?
-------------

What I've done in a few cases with my clients that have issues with
'duplicate' zone entries in AD (because the zone name was in the Domain NC
(Name Container) Partition, and also in the DomainDnsZones App partition),
was first to change the zone on one of the DCs to a Primary zone, and
allowed zone transfers. Then I went to the other DCs and changed the zone to
a Secondary, and using the first DC as the Master. Then I went into ADSI
Edit, (from memory) under the Domain NC, Services, DNS, and deleted any
reference to the domain name. Then I added the DomainDnsZones partition to
the ADSI Edit console, and deleted any reference to the zone name in there
as well. If you see anything saying something to the extent of a phrase that says
"In Progress...." or "CNF" with a long GUID number after it, delete them too. Everytime
you may have tried tochange the replication scope, it creates one of them.
Delete them all.

Then I forced replication. If there were Sites configured, I juggled around
the servers and subnet objects so all of the servers are now in one site,
then I forced replication (so I didn't have to wait for the next site
replication schedule). Once I've confirmed that replication occured, and the
zones no longer existed in either the Domain NC or DomainDnsZones, then I
changed the zone on the first server back to AD Integrated, choosing the
middle button for it's replication scope (which puts it in the
DomainDnsZones app partition). Then I went to the other servers and changed
the zone to AD Integrated choosing the same replication scope. Then I reset
the sites and subnet objects, and everything was good to go.

Keep in mind, I left the _msdcs... zone alone, since that wasn't causing any
problems and is located in the ForestDnsZones (default) in all of my client
cases I've come across with so far.

It seems like alot of steps, but not really. Just read it over a few times
to get familiar with the procedure. You may even want to change it into a
numbered step by step list if you like. If you only have one DC, and one
Site, then it's much easier since you don't have to mess with secondaries or
play with the site objects.

I hope that helps!
============================================================ ==========================================
============================================================ ==========================================

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay
Re: dns copy [message #155525 is a reply to message #155518] Mon, 01 June 2009 12:41 Go to previous messageGo to next message
naguaramipana  is currently offline naguaramipana
Messages: 9
Registered: June 2009
Junior Member
Ace

I dont think windows 2000 server has integrated AD but but is realy strange
is that

dca is the way it suppost to be and DCb is like is the first time this will
be installed. I am pulling what isleft of my heair

Thanks


"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "naguaramipana" <naguaramipana@discussions.microsoft.com> wrote in message news:18D8A084-48B4-48EA-80FA-F928063F260B@microsoft.com...
> > Hi gurus
> >
> > I have the following problem
> >
> > I have two DC, DCA and DCB, DCA is my OEM and DCB is my secundary, for some
> > reason I lost the DNS on DCB, is all blank, I need to copy everything that is
> > on DCA to DCB, how can I do that with taking the risk of DCB overwriting DCA
> >
> > w2k server both DC
> >
> > Thanks a bunch gurus
> >
>
>
> If you created the zone name on the other DC, and then made manual entries, it would have wiped out the other one. If you had changed the replication scope on one of them and not the other, it would have now created a duplicate zone scenario and wiped out the other one. The idea with AD INtegrated zones (which I assume you have it set to), is to simply install DNS and walk away from it. Let replication take its course and it will auto-populate with the data.
>
> To check if you have a dupe zone issue, follow these instructions...
>
> ============================================================ ==========================================
> ============================================================ ==========================================
> Conflicting or duplicate AD Integrated DNS zones
> By Ace Fekay, MCSE 2003, MCT
>
> You may have a duplicate zone if a zone either exists in both the Domain NC and one of the Application Partitions, if you get an unusal error message stating, "The name limit for the local computer network adapter card was exceeded," or you installed DNS on another DC and manually created the AD zone and didn't wait for it to automatically populate.
>
> Dupe zone errata:
> A quick explanation: When you have an AD integrated zone, the DNS data is stored in the actual AD database and is replicated to all DCs and will be available to any DC that has DNS installed, depending on the zone replication scope setting. If rep scope is set to the bottom button, it will be store in the DomainNC partition of the AD database and compatible with Windows 2000. If the middle button, it will be stored in the DomainDnsZones and only works with Windows 2003 and newer DCs. These two scope types will be replicated to all DCs only in the domain it exists in. The third type, the top buttton, is stored in the ForestDnsZones application partition and is available to ALL DCs in the whole forest. The data in any of the AD integrated zone types are truly secured since you can;t get at them without the proper tools.
>
> If you have an AD integrated zone existing on a DC and you install DNS on another DC in the domain or forest, depending what zone type, it will automatically appear on the new DNS installation without any interaction on your part. If you attempted to manually create the zone, then you pretty much just introduced a duplicate in the AD database, which will cause problems and other issues as well.
>
> A Primary or Secondary zone that is not stored in AD is stored in a text file in the system32\dns folder. This type of zone storage has nothing to do with the above types ONLY unless it is truly a secondary with the Master being a DC transferring a copy of the zone. This types of zone storage is obviously not secure.
>
> Now **IF** you did manually create a zone on one DC while it already existed on another DC, then you may have a duplicate. If this is the case, you can use ADSI Edit and look for zone data that starts with a "CNF..." in front of it. Delete them and you;re good to go.
>
> Under Windows 2000, the physcial AD database is broken up into 3 logical partitions, the DomainNC (Domain Name Context, or some call the Domain Name Container), the Configuration Partition, and the Schema Partition. The Schema and Config partitions replicate to all DCs in a forest. However, the DomainNC is specific only to the domain the DC belongs to. That's where a user, domain local or global group is stored. The DomainNC only replicates to the DCs of that specific domain. When you create an AD INtegrated zone in Win 2000, it gets stored in the DomainNC. This causes a limitation if you want this zone to be available on a DC/DNS server that belongs to a different domain. The only way to get around that is for a little creative designing using either delegation, or secondary zones. This was a challenge for the _msdcs zone, which must be available forest wide to resolve the forest root domain, which contains the Schema and Domain Name Masters FSMO roles.
>
> In Windows 2003, there were two additional partitions added, they are called the DomainDnsZones and ForestDnsZones Application Partitions, specifically to store DNS data. They were conceived to overcome the limitation of Windows 2000's AD Integrated zones. Now you can store an AD Integrated zone in either of these new partitions instead of the DomainNC. If stored in the DomainDnsZones app partition, it is available only in that domain's DomainDnsZones partition. If you store it in the ForestDnsZones app partition, it will be available to any DC/DNS server in the whole forest. This opens many more design options. It also ensures the availability of the _msdcs zone to all DCs in the forest. By default in Win 2003, the _msdcs zone is stored in the ForestDnsZones application partition.
>
> When selecting a zone replication scope in Win2003, in the zone's properties, click on the "Change" button. Under that you will see 3 options:
> To choose the ForestDnsZones:
> "To all DNS servers in the AD forest example.com"
>
> To choose DomainDnsZones:
> "To all DNS servers in the AD domain example.com"
>
> To choose the DomainNC (only for compatibility with Win2000):
> "To all domain controllers in the AD domain example.com"
>
>
> If you have a duplicate, that's indicating there is a zone that exists in the DomainNC and in the DomainDnsZones Application partition. This means at one time, or currently, you have a mixed Win2000/2003 environment and you have DNS installed on both operating systems. On Win2000, if the zone is AD Integrated, it is in the DomainNC, and should be set the same in Win2003's DC/DNS server to keep compatible. Someone must have attempted to change it in Win2003 DNS to put it in the DomainDnsZones partition no realizing the implications, hence the duplicate. In a scenario such as this where you want to use the Win2003 app partitions, you then must insure the zone on the Win2003 is set to the DomainNC, then uninstall DNS off the Win2000 machine, then once that's done, you can then go to the Win2003 DNS and change the partition's replication scope to one of the app partitions.
>
> In ADSI Edit, you can view all five partitions. You were viewing the app partitions, but not the main partitions. You need to add the DomainNC partition in order to delete that zone. But you must uninstall DNS off the Win2000 server first, unless you want to keep the zone in the DomainNC. But that wouldn't make much sense if you want to take advantage of the _msdcs zone being available forest wide in the ForestDnsZones partition, which you should absolutley NOT delete. I would just use the Win2003 DNS servers only.
>
> In ADSI Edit, rt-click ADSI Edit, connect to, in the Connection Point click on "Well known Naming Context", then in the drop-down box, select "Domain". Drill down to CN=System. Under that you will see CN=MicrosoftDNS. You will see the zone in there.
>
> But make sure to decide FIRST which way to go before you delete anything.
>
> To view the DomainDnsZones or the ForestDnsZones partitions, follow these steps:
>
> [ForestDNSZones]
> Click Start, click Run, type adsiedit.msc, and then click OK.
> In the console tree, right-click ADSI Edit, and then click Connect to.
> Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK:
> DC=ForestDNSZones, DC=contoso, DC=com
> In the console tree, double-click DC=ForestDNSZones, DC=contoso, DC=com.
> Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.
>
> Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.
> If you have deleted a zone, restart the DNS service. To do this, follow these steps:
> Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
> In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.
>
> [DomainDNSZones]
> Click Start, click Run, type adsiedit.msc, and then click OK.
> In the console tree, right-click ADSI Edit, and then click Connect to.
> Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK: DC=DomainDNSZones,DC=contoso,DC=com.
> In the console tree, double-click DC=DomainDNSZones,DC=contoso,DC=com
> Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.
>
> Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.
> If you have deleted a zone, restart the DNS service. To do this, follow these steps:
> Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
> In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.
>
> Some reading for you...
>
> Directory Partitions:
> http://www.microsoft.com/resources/documentation/Windows/200 0/server/reskit/en-us/distrib/dsbg_dat_favt.asp
>
> kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app partitions issues:
> http://www.kbalertz.com/kb_867464.aspx
>
>
> How to fix it?
> -------------
>
> What I've done in a few cases with my clients that have issues with
> 'duplicate' zone entries in AD (because the zone name was in the Domain NC
> (Name Container) Partition, and also in the DomainDnsZones App partition),
> was first to change the zone on one of the DCs to a Primary zone, and
> allowed zone transfers. Then I went to the other DCs and changed the zone to
> a Secondary, and using the first DC as the Master. Then I went into ADSI
> Edit, (from memory) under the Domain NC, Services, DNS, and deleted any
> reference to the domain name. Then I added the DomainDnsZones partition to
> the ADSI Edit console, and deleted any reference to the zone name in there
> as well. If you see anything saying something to the extent of a phrase that says
> "In Progress...." or "CNF" with a long GUID number after it, delete them too. Everytime
> you may have tried tochange the replication scope, it creates one of them.
> Delete them all.
>
> Then I forced replication. If there were Sites configured, I juggled around
> the servers and subnet objects so all of the servers are now in one site,
> then I forced replication (so I didn't have to wait for the next site
> replication schedule). Once I've confirmed that replication occured, and the
> zones no longer existed in either the Domain NC or DomainDnsZones, then I
> changed the zone on the first server back to AD Integrated, choosing the
> middle button for it's replication scope (which puts it in the
> DomainDnsZones app partition). Then I went to the other servers and changed
> the zone to AD Integrated choosing the same replication scope. Then I reset
> the sites and subnet objects, and everything was good to go.
>
> Keep in mind, I left the _msdcs... zone alone, since that wasn't causing any
> problems and is located in the ForestDnsZones (default) in all of my client
> cases I've come across with so far.
>
> It seems like alot of steps, but not really. Just read it over a few times
> to get familiar with the procedure. You may even want to change it into a
> numbered step by step list if you like. If you only have one DC, and one
> Site, then it's much easier since you don't have to mess with secondaries or
> play with the site objects.
>
> I hope that helps!
> ============================================================ ==========================================
> ============================================================ ==========================================
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> aceman@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
> http://twitter.com/acefekay
>
>
Re: dns copy [message #155563 is a reply to message #155525] Tue, 02 June 2009 05:06 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello naguaramipana,

Does this also belong to the posting "dcpromo a DC that does not know is
a DC"? Then please stick to one posting, i assume the problems belong together.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Ace
>
> I dont think windows 2000 server has integrated AD but but is realy
> strange is that
>
> dca is the way it suppost to be and DCb is like is the first time this
> will be installed. I am pulling what isleft of my heair
>
> Thanks
>
> "Ace Fekay [Microsoft Certified Trainer]" wrote:
>
>> "naguaramipana" <naguaramipana@discussions.microsoft.com> wrote in
>> message news:18D8A084-48B4-48EA-80FA-F928063F260B@microsoft.com...
>>
>>> Hi gurus
>>>
>>> I have the following problem
>>>
>>> I have two DC, DCA and DCB, DCA is my OEM and DCB is my secundary,
>>> for some reason I lost the DNS on DCB, is all blank, I need to copy
>>> everything that is on DCA to DCB, how can I do that with taking the
>>> risk of DCB overwriting DCA
>>>
>>> w2k server both DC
>>>
>>> Thanks a bunch gurus
>>>
>> If you created the zone name on the other DC, and then made manual
>> entries, it would have wiped out the other one. If you had changed
>> the replication scope on one of them and not the other, it would have
>> now created a duplicate zone scenario and wiped out the other one.
>> The idea with AD INtegrated zones (which I assume you have it set
>> to), is to simply install DNS and walk away from it. Let replication
>> take its course and it will auto-populate with the data.
>>
>> To check if you have a dupe zone issue, follow these instructions...
>>
>> ============================================================ =========
>> =================================
>>
>> ============================================================ =========
>> =================================
>>
>> Conflicting or duplicate AD Integrated DNS zones
>>
>> By Ace Fekay, MCSE 2003, MCT
>>
>> You may have a duplicate zone if a zone either exists in both the
>> Domain NC and one of the Application Partitions, if you get an unusal
>> error message stating, "The name limit for the local computer network
>> adapter card was exceeded," or you installed DNS on another DC and
>> manually created the AD zone and didn't wait for it to automatically
>> populate.
>>
>> Dupe zone errata:
>> A quick explanation: When you have an AD integrated zone, the DNS
>> data is stored in the actual AD database and is replicated to all DCs
>> and will be available to any DC that has DNS installed, depending on
>> the zone replication scope setting. If rep scope is set to the bottom
>> button, it will be store in the DomainNC partition of the AD database
>> and compatible with Windows 2000. If the middle button, it will be
>> stored in the DomainDnsZones and only works with Windows 2003 and
>> newer DCs. These two scope types will be replicated to all DCs only
>> in the domain it exists in. The third type, the top buttton, is
>> stored in the ForestDnsZones application partition and is available
>> to ALL DCs in the whole forest. The data in any of the AD integrated
>> zone types are truly secured since you can;t get at them without the
>> proper tools.
>> If you have an AD integrated zone existing on a DC and you install
>> DNS on another DC in the domain or forest, depending what zone type,
>> it will automatically appear on the new DNS installation without any
>> interaction on your part. If you attempted to manually create the
>> zone, then you pretty much just introduced a duplicate in the AD
>> database, which will cause problems and other issues as well.
>>
>> A Primary or Secondary zone that is not stored in AD is stored in a
>> text file in the system32\dns folder. This type of zone storage has
>> nothing to do with the above types ONLY unless it is truly a
>> secondary with the Master being a DC transferring a copy of the zone.
>> This types of zone storage is obviously not secure.
>>
>> Now **IF** you did manually create a zone on one DC while it already
>> existed on another DC, then you may have a duplicate. If this is the
>> case, you can use ADSI Edit and look for zone data that starts with a
>> "CNF..." in front of it. Delete them and you;re good to go.
>>
>> Under Windows 2000, the physcial AD database is broken up into 3
>> logical partitions, the DomainNC (Domain Name Context, or some call
>> the Domain Name Container), the Configuration Partition, and the
>> Schema Partition. The Schema and Config partitions replicate to all
>> DCs in a forest. However, the DomainNC is specific only to the domain
>> the DC belongs to. That's where a user, domain local or global group
>> is stored. The DomainNC only replicates to the DCs of that specific
>> domain. When you create an AD INtegrated zone in Win 2000, it gets
>> stored in the DomainNC. This causes a limitation if you want this
>> zone to be available on a DC/DNS server that belongs to a different
>> domain. The only way to get around that is for a little creative
>> designing using either delegation, or secondary zones. This was a
>> challenge for the _msdcs zone, which must be available forest wide to
>> resolve the forest root domain, which contains the Schema and Domain
>> Name Masters FSMO roles.
>>
>> In Windows 2003, there were two additional partitions added, they are
>> called the DomainDnsZones and ForestDnsZones Application Partitions,
>> specifically to store DNS data. They were conceived to overcome the
>> limitation of Windows 2000's AD Integrated zones. Now you can store
>> an AD Integrated zone in either of these new partitions instead of
>> the DomainNC. If stored in the DomainDnsZones app partition, it is
>> available only in that domain's DomainDnsZones partition. If you
>> store it in the ForestDnsZones app partition, it will be available to
>> any DC/DNS server in the whole forest. This opens many more design
>> options. It also ensures the availability of the _msdcs zone to all
>> DCs in the forest. By default in Win 2003, the _msdcs zone is stored
>> in the ForestDnsZones application partition.
>>
>> When selecting a zone replication scope in Win2003, in the zone's
>> properties, click on the "Change" button. Under that you will see 3
>> options:
>>
>> To choose the ForestDnsZones:
>>
>> "To all DNS servers in the AD forest example.com"
>>
>> To choose DomainDnsZones:
>> "To all DNS servers in the AD domain example.com"
>> To choose the DomainNC (only for compatibility with Win2000): "To all
>> domain controllers in the AD domain example.com"
>>
>> If you have a duplicate, that's indicating there is a zone that
>> exists in the DomainNC and in the DomainDnsZones Application
>> partition. This means at one time, or currently, you have a mixed
>> Win2000/2003 environment and you have DNS installed on both operating
>> systems. On Win2000, if the zone is AD Integrated, it is in the
>> DomainNC, and should be set the same in Win2003's DC/DNS server to
>> keep compatible. Someone must have attempted to change it in Win2003
>> DNS to put it in the DomainDnsZones partition no realizing the
>> implications, hence the duplicate. In a scenario such as this where
>> you want to use the Win2003 app partitions, you then must insure the
>> zone on the Win2003 is set to the DomainNC, then uninstall DNS off
>> the Win2000 machine, then once that's done, you can then go to the
>> Win2003 DNS and change the partition's replication scope to one of
>> the app partitions.
>>
>> In ADSI Edit, you can view all five partitions. You were viewing the
>> app partitions, but not the main partitions. You need to add the
>> DomainNC partition in order to delete that zone. But you must
>> uninstall DNS off the Win2000 server first, unless you want to keep
>> the zone in the DomainNC. But that wouldn't make much sense if you
>> want to take advantage of the _msdcs zone being available forest wide
>> in the ForestDnsZones partition, which you should absolutley NOT
>> delete. I would just use the Win2003 DNS servers only.
>>
>> In ADSI Edit, rt-click ADSI Edit, connect to, in the Connection Point
>> click on "Well known Naming Context", then in the drop-down box,
>> select "Domain". Drill down to CN=System. Under that you will see
>> CN=MicrosoftDNS. You will see the zone in there.
>>
>> But make sure to decide FIRST which way to go before you delete
>> anything.
>>
>> To view the DomainDnsZones or the ForestDnsZones partitions, follow
>> these steps:
>>
>> [ForestDNSZones]
>>
>> Click Start, click Run, type adsiedit.msc, and then click OK.
>>
>> In the console tree, right-click ADSI Edit, and then click Connect
>> to.
>>
>> Click Select or type a Distinguished Name or Naming Context, type the
>> following text in the list, and then click OK:
>>
>> DC=ForestDNSZones, DC=contoso, DC=com
>>
>> In the console tree, double-click DC=ForestDNSZones, DC=contoso,
>> DC=com.
>>
>> Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You
>> should now be able to view the DNS records which exist in this DNS
>> partition. If you desire to remove this partition, right-click on
>> contoso.com and then click Delete.
>>
>> Note Deleting a zone is a destructive operation. Please confirm that
>> a duplicate zone exists before you perform a deletion.
>>
>> If you have deleted a zone, restart the DNS service. To do this,
>> follow these steps:
>>
>> Click Start, point to All Programs, point to Administrative Tools,
>> and then click DNS.
>>
>> In the console tree, right-click contoso.com, point to All Tasks, and
>> then click Restart.
>>
>> [DomainDNSZones]
>>
>> Click Start, click Run, type adsiedit.msc, and then click OK.
>>
>> In the console tree, right-click ADSI Edit, and then click Connect
>> to.
>>
>> Click Select or type a Distinguished Name or Naming Context, type the
>> following text in the list, and then click OK:
>> DC=DomainDNSZones,DC=contoso,DC=com.
>>
>> In the console tree, double-click DC=DomainDNSZones,DC=contoso,DC=com
>>
>> Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You
>> should now be able to view the DNS records which exist in this DNS
>> partition. If you desire to remove this partition, right-click on
>> contoso.com and then click Delete.
>>
>> Note Deleting a zone is a destructive operation. Please confirm that
>> a duplicate zone exists before you perform a deletion.
>>
>> If you have deleted a zone, restart the DNS service. To do this,
>> follow these steps:
>>
>> Click Start, point to All Programs, point to Administrative Tools,
>> and then click DNS.
>>
>> In the console tree, right-click contoso.com, point to All Tasks, and
>> then click Restart.
>>
>> Some reading for you...
>>
>> Directory Partitions:
>> http://www.microsoft.com/resources/documentation/Windows/200 0/server/
>> reskit/en-us/distrib/dsbg_dat_favt.asp
>> kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app
>> partitions issues: http://www.kbalertz.com/kb_867464.aspx
>>
>> How to fix it?
>> -------------
>> What I've done in a few cases with my clients that have issues with
>> 'duplicate' zone entries in AD (because the zone name was in the
>> Domain NC
>> (Name Container) Partition, and also in the DomainDnsZones App
>> partition),
>> was first to change the zone on one of the DCs to a Primary zone, and
>> allowed zone transfers. Then I went to the other DCs and changed the
>> zone to
>> a Secondary, and using the first DC as the Master. Then I went into
>> ADSI
>> Edit, (from memory) under the Domain NC, Services, DNS, and deleted
>> any
>> reference to the domain name. Then I added the DomainDnsZones
>> partition to
>> the ADSI Edit console, and deleted any reference to the zone name in
>> there
>> as well. If you see anything saying something to the extent of a
>> phrase that says
>> "In Progress...." or "CNF" with a long GUID number after it, delete
>> them too. Everytime
>> you may have tried tochange the replication scope, it creates one of
>> them.
>> Delete them all.
>> Then I forced replication. If there were Sites configured, I juggled
>> around the servers and subnet objects so all of the servers are now
>> in one site, then I forced replication (so I didn't have to wait for
>> the next site replication schedule). Once I've confirmed that
>> replication occured, and the zones no longer existed in either the
>> Domain NC or DomainDnsZones, then I changed the zone on the first
>> server back to AD Integrated, choosing the middle button for it's
>> replication scope (which puts it in the DomainDnsZones app
>> partition). Then I went to the other servers and changed the zone to
>> AD Integrated choosing the same replication scope. Then I reset the
>> sites and subnet objects, and everything was good to go.
>>
>> Keep in mind, I left the _msdcs... zone alone, since that wasn't
>> causing any problems and is located in the ForestDnsZones (default)
>> in all of my client cases I've come across with so far.
>>
>> It seems like alot of steps, but not really. Just read it over a few
>> times to get familiar with the procedure. You may even want to change
>> it into a numbered step by step list if you like. If you only have
>> one DC, and one Site, then it's much easier since you don't have to
>> mess with secondaries or play with the site objects.
>>
>> I hope that helps!
>>
>> ============================================================ =========
>> =================================
>>
>> ============================================================ =========
>> =================================
>>
>> -- Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
>> Microsoft Certified Trainer
>> aceman@mvps.RemoveThisPart.org
>> For urgent issues, you may want to contact Microsoft PSS directly.
>> Please check http://support.microsoft.com for regional support phone
>> numbers.
>>
>> "Efficiency is doing things right; effectiveness is doing the right
>> things." - Peter F. Drucker http://twitter.com/acefekay
>>
Re: dns copy [message #155584 is a reply to message #155525] Tue, 02 June 2009 09:23 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"naguaramipana" <naguaramipana@discussions.microsoft.com> wrote in message news:3DFC8527-6A36-440F-B5A4-F0D281515BCC@microsoft.com...
> Ace
>
> I dont think windows 2000 server has integrated AD but but is realy strange
> is that
>
> dca is the way it suppost to be and DCb is like is the first time this will
> be installed. I am pulling what isleft of my heair
>

I am not suire what you mean by the statement:
> dca is the way it suppost to be and DCb is like is the first time this will
> be installed.

And you don't "think" the zone is AD integrated? It is easy to check, go into each server's DNS console, click on the zone name, whatever it is, then right click on it, choose properties, and tell me if it says if the zone is AD integrated, Primary Zone or a Secondary Zone.

Ace
Re: dns copy [message #155586 is a reply to message #155525] Tue, 02 June 2009 09:25 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"naguaramipana" <naguaramipana@discussions.microsoft.com> wrote in message news:3DFC8527-6A36-440F-B5A4-F0D281515BCC@microsoft.com...
> Ace
>
> I dont think windows 2000 server has integrated AD but but is realy strange
> is that
>
> dca is the way it suppost to be and DCb is like is the first time this will
> be installed. I am pulling what isleft of my heair
>

And as Meinolf asked, is this related to the other post with subject line of "dcpromo a DC that does not know is a DC?"

Ace
Re: dns copy [message #155588 is a reply to message #155563] Tue, 02 June 2009 09:29 Go to previous messageGo to next message
naguaramipana  is currently offline naguaramipana
Messages: 9
Registered: June 2009
Junior Member
M.

Same problem to different aprroaches, one has to do with DCpromo not
working, the other one has to deal with replication failing or how to copy
one DNS form DC(1) to DC(2) without dealing with DCpromo

Thanks for keeping an eye out there


"Meinolf Weber [MVP-DS]" wrote:

> Hello naguaramipana,
>
> Does this also belong to the posting "dcpromo a DC that does not know is
> a DC"? Then please stick to one posting, i assume the problems belong together.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Ace
> >
> > I dont think windows 2000 server has integrated AD but but is realy
> > strange is that
> >
> > dca is the way it suppost to be and DCb is like is the first time this
> > will be installed. I am pulling what isleft of my heair
> >
> > Thanks
> >
> > "Ace Fekay [Microsoft Certified Trainer]" wrote:
> >
> >> "naguaramipana" <naguaramipana@discussions.microsoft.com> wrote in
> >> message news:18D8A084-48B4-48EA-80FA-F928063F260B@microsoft.com...
> >>
> >>> Hi gurus
> >>>
> >>> I have the following problem
> >>>
> >>> I have two DC, DCA and DCB, DCA is my OEM and DCB is my secundary,
> >>> for some reason I lost the DNS on DCB, is all blank, I need to copy
> >>> everything that is on DCA to DCB, how can I do that with taking the
> >>> risk of DCB overwriting DCA
> >>>
> >>> w2k server both DC
> >>>
> >>> Thanks a bunch gurus
> >>>
> >> If you created the zone name on the other DC, and then made manual
> >> entries, it would have wiped out the other one. If you had changed
> >> the replication scope on one of them and not the other, it would have
> >> now created a duplicate zone scenario and wiped out the other one.
> >> The idea with AD INtegrated zones (which I assume you have it set
> >> to), is to simply install DNS and walk away from it. Let replication
> >> take its course and it will auto-populate with the data.
> >>
> >> To check if you have a dupe zone issue, follow these instructions...
> >>
> >> ============================================================ =========
> >> =================================
> >>
> >> ============================================================ =========
> >> =================================
> >>
> >> Conflicting or duplicate AD Integrated DNS zones
> >>
> >> By Ace Fekay, MCSE 2003, MCT
> >>
> >> You may have a duplicate zone if a zone either exists in both the
> >> Domain NC and one of the Application Partitions, if you get an unusal
> >> error message stating, "The name limit for the local computer network
> >> adapter card was exceeded," or you installed DNS on another DC and
> >> manually created the AD zone and didn't wait for it to automatically
> >> populate.
> >>
> >> Dupe zone errata:
> >> A quick explanation: When you have an AD integrated zone, the DNS
> >> data is stored in the actual AD database and is replicated to all DCs
> >> and will be available to any DC that has DNS installed, depending on
> >> the zone replication scope setting. If rep scope is set to the bottom
> >> button, it will be store in the DomainNC partition of the AD database
> >> and compatible with Windows 2000. If the middle button, it will be
> >> stored in the DomainDnsZones and only works with Windows 2003 and
> >> newer DCs. These two scope types will be replicated to all DCs only
> >> in the domain it exists in. The third type, the top buttton, is
> >> stored in the ForestDnsZones application partition and is available
> >> to ALL DCs in the whole forest. The data in any of the AD integrated
> >> zone types are truly secured since you can;t get at them without the
> >> proper tools.
> >> If you have an AD integrated zone existing on a DC and you install
> >> DNS on another DC in the domain or forest, depending what zone type,
> >> it will automatically appear on the new DNS installation without any
> >> interaction on your part. If you attempted to manually create the
> >> zone, then you pretty much just introduced a duplicate in the AD
> >> database, which will cause problems and other issues as well.
> >>
> >> A Primary or Secondary zone that is not stored in AD is stored in a
> >> text file in the system32\dns folder. This type of zone storage has
> >> nothing to do with the above types ONLY unless it is truly a
> >> secondary with the Master being a DC transferring a copy of the zone.
> >> This types of zone storage is obviously not secure.
> >>
> >> Now **IF** you did manually create a zone on one DC while it already
> >> existed on another DC, then you may have a duplicate. If this is the
> >> case, you can use ADSI Edit and look for zone data that starts with a
> >> "CNF..." in front of it. Delete them and you;re good to go.
> >>
> >> Under Windows 2000, the physcial AD database is broken up into 3
> >> logical partitions, the DomainNC (Domain Name Context, or some call
> >> the Domain Name Container), the Configuration Partition, and the
> >> Schema Partition. The Schema and Config partitions replicate to all
> >> DCs in a forest. However, the DomainNC is specific only to the domain
> >> the DC belongs to. That's where a user, domain local or global group
> >> is stored. The DomainNC only replicates to the DCs of that specific
> >> domain. When you create an AD INtegrated zone in Win 2000, it gets
> >> stored in the DomainNC. This causes a limitation if you want this
> >> zone to be available on a DC/DNS server that belongs to a different
> >> domain. The only way to get around that is for a little creative
> >> designing using either delegation, or secondary zones. This was a
> >> challenge for the _msdcs zone, which must be available forest wide to
> >> resolve the forest root domain, which contains the Schema and Domain
> >> Name Masters FSMO roles.
> >>
> >> In Windows 2003, there were two additional partitions added, they are
> >> called the DomainDnsZones and ForestDnsZones Application Partitions,
> >> specifically to store DNS data. They were conceived to overcome the
> >> limitation of Windows 2000's AD Integrated zones. Now you can store
> >> an AD Integrated zone in either of these new partitions instead of
> >> the DomainNC. If stored in the DomainDnsZones app partition, it is
> >> available only in that domain's DomainDnsZones partition. If you
> >> store it in the ForestDnsZones app partition, it will be available to
> >> any DC/DNS server in the whole forest. This opens many more design
> >> options. It also ensures the availability of the _msdcs zone to all
> >> DCs in the forest. By default in Win 2003, the _msdcs zone is stored
> >> in the ForestDnsZones application partition.
> >>
> >> When selecting a zone replication scope in Win2003, in the zone's
> >> properties, click on the "Change" button. Under that you will see 3
> >> options:
> >>
> >> To choose the ForestDnsZones:
> >>
> >> "To all DNS servers in the AD forest example.com"
> >>
> >> To choose DomainDnsZones:
> >> "To all DNS servers in the AD domain example.com"
> >> To choose the DomainNC (only for compatibility with Win2000): "To all
> >> domain controllers in the AD domain example.com"
> >>
> >> If you have a duplicate, that's indicating there is a zone that
> >> exists in the DomainNC and in the DomainDnsZones Application
> >> partition. This means at one time, or currently, you have a mixed
> >> Win2000/2003 environment and you have DNS installed on both operating
> >> systems. On Win2000, if the zone is AD Integrated, it is in the
> >> DomainNC, and should be set the same in Win2003's DC/DNS server to
> >> keep compatible. Someone must have attempted to change it in Win2003
> >> DNS to put it in the DomainDnsZones partition no realizing the
> >> implications, hence the duplicate. In a scenario such as this where
> >> you want to use the Win2003 app partitions, you then must insure the
> >> zone on the Win2003 is set to the DomainNC, then uninstall DNS off
> >> the Win2000 machine, then once that's done, you can then go to the
> >> Win2003 DNS and change the partition's replication scope to one of
> >> the app partitions.
> >>
> >> In ADSI Edit, you can view all five partitions. You were viewing the
> >> app partitions, but not the main partitions. You need to add the
> >> DomainNC partition in order to delete that zone. But you must
> >> uninstall DNS off the Win2000 server first, unless you want to keep
> >> the zone in the DomainNC. But that wouldn't make much sense if you
> >> want to take advantage of the _msdcs zone being available forest wide
> >> in the ForestDnsZones partition, which you should absolutley NOT
> >> delete. I would just use the Win2003 DNS servers only.
> >>
> >> In ADSI Edit, rt-click ADSI Edit, connect to, in the Connection Point
> >> click on "Well known Naming Context", then in the drop-down box,
> >> select "Domain". Drill down to CN=System. Under that you will see
> >> CN=MicrosoftDNS. You will see the zone in there.
> >>
> >> But make sure to decide FIRST which way to go before you delete
> >> anything.
> >>
> >> To view the DomainDnsZones or the ForestDnsZones partitions, follow
> >> these steps:
> >>
> >> [ForestDNSZones]
> >>
> >> Click Start, click Run, type adsiedit.msc, and then click OK.
> >>
> >> In the console tree, right-click ADSI Edit, and then click Connect
> >> to.
> >>
> >> Click Select or type a Distinguished Name or Naming Context, type the
> >> following text in the list, and then click OK:
> >>
> >> DC=ForestDNSZones, DC=contoso, DC=com
> >>
> >> In the console tree, double-click DC=ForestDNSZones, DC=contoso,
> >> DC=com.
> >>
> >> Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You
> >> should now be able to view the DNS records which exist in this DNS
> >> partition. If you desire to remove this partition, right-click on
> >> contoso.com and then click Delete.
> >>
> >> Note Deleting a zone is a destructive operation. Please confirm that
> >> a duplicate zone exists before you perform a deletion.
> >>
> >> If you have deleted a zone, restart the DNS service. To do this,
> >> follow these steps:
> >>
> >> Click Start, point to All Programs, point to Administrative Tools,
> >> and then click DNS.
> >>
> >> In the console tree, right-click contoso.com, point to All Tasks, and
> >> then click Restart.
> >>
> >> [DomainDNSZones]
> >>
> >> Click Start, click Run, type adsiedit.msc, and then click OK.
> >>
> >> In the console tree, right-click ADSI Edit, and then click Connect
> >> to.
> >>
> >> Click Select or type a Distinguished Name or Naming Context, type the
> >> following text in the list, and then click OK:
> >> DC=DomainDNSZones,DC=contoso,DC=com.
> >>
> >> In the console tree, double-click DC=DomainDNSZones,DC=contoso,DC=com
> >>
> >> Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You
> >> should now be able to view the DNS records which exist in this DNS
> >> partition. If you desire to remove this partition, right-click on
> >> contoso.com and then click Delete.
> >>
> >> Note Deleting a zone is a destructive operation. Please confirm that
> >> a duplicate zone exists before you perform a deletion.
> >>
> >> If you have deleted a zone, restart the DNS service. To do this,
> >> follow these steps:
> >>
> >> Click Start, point to All Programs, point to Administrative Tools,
> >> and then click DNS.
> >>
> >> In the console tree, right-click contoso.com, point to All Tasks, and
> >> then click Restart.
> >>
> >> Some reading for you...
> >>
> >> Directory Partitions:
> >> http://www.microsoft.com/resources/documentation/Windows/200 0/server/
> >> reskit/en-us/distrib/dsbg_dat_favt.asp
> >> kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app
> >> partitions issues: http://www.kbalertz.com/kb_867464.aspx
> >>
> >> How to fix it?
> >> -------------
> >> What I've done in a few cases with my clients that have issues with
> >> 'duplicate' zone entries in AD (because the zone name was in the
> >> Domain NC
> >> (Name Container) Partition, and also in the DomainDnsZones App
> >> partition),
> >> was first to change the zone on one of the DCs to a Primary zone, and
> >> allowed zone transfers. Then I went to the other DCs and changed the
> >> zone to
> >> a Secondary, and using the first DC as the Master. Then I went into
> >> ADSI
> >> Edit, (from memory) under the Domain NC, Services, DNS, and deleted
> >> any
> >> reference to the domain name. Then I added the DomainDnsZones
> >> partition to
> >> the ADSI Edit console, and deleted any reference to the zone name in
> >> there
> >> as well. If you see anything saying something to the extent of a
> >> phrase that says
> >> "In Progress...." or "CNF" with a long GUID number after it, delete
> >> them too. Everytime
> >> you may have tried tochange the replication scope, it creates one of
> >> them.
> >> Delete them all.
> >> Then I forced replication. If there were Sites configured, I juggled
> >> around the servers and subnet objects so all of the servers are now
> >> in one site, then I forced replication (so I didn't have to wait for
> >> the next site replication schedule). Once I've confirmed that
> >> replication occured, and the zones no longer existed in either the
> >> Domain NC or DomainDnsZones, then I changed the zone on the first
> >> server back to AD Integrated, choosing the middle button for it's
> >> replication scope (which puts it in the DomainDnsZones app
> >> partition). Then I went to the other servers and changed the zone to
> >> AD Integrated choosing the same replication scope. Then I reset the
> >> sites and subnet objects, and everything was good to go.
> >>
> >> Keep in mind, I left the _msdcs... zone alone, since that wasn't
> >> causing any problems and is located in the ForestDnsZones (default)
> >> in all of my client cases I've come across with so far.
> >>
> >> It seems like alot of steps, but not really. Just read it over a few
> >> times to get familiar with the procedure. You may even want to change
> >> it into a numbered step by step list if you like. If you only have
> >> one DC, and one Site, then it's much easier since you don't have to
> >> mess with secondaries or play with the site objects.
> >>
> >> I hope that helps!
> >>
> >> ============================================================ =========
> >> =================================
> >>
Re: dns copy [message #155604 is a reply to message #155588] Tue, 02 June 2009 12:01 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"naguaramipana" <naguaramipana@discussions.microsoft.com> wrote in message news:0D6D1510-2ABC-4B7C-A014-E229F51B18E0@microsoft.com...
> M.
>
> Same problem to different aprroaches, one has to do with DCpromo not
> working, the other one has to deal with replication failing or how to copy
> one DNS form DC(1) to DC(2) without dealing with DCpromo
>
> Thanks for keeping an eye out there

There is no such thing as copying zones if using AD integrated zones, which is the default setup, unless you changed something or you have mixed IPs for DNS addresses, such as using an ISP address or your router's IP for DNS.


Tell you what, to better assist at this point, we need a better understanding of the DCs' configuration. Please post an unedited ipconfig /all of both DCs, as well as let us know what the AD DNS domain name is as you see it when you open up Active Directory Users and Computers console.

This will help us towards a more specific diagnosis, otherwise we are just guessing and throwing out ideas that may or may not make sense.

Thanks,

Ace
Previous Topic:Cannot join to domain after sysprep (XP SP2)
Next Topic:Re: Creating Home Folders
Goto Forum:
  


Current Time: Sat Oct 21 19:01:32 EDT 2017

Total time taken to generate the page: 0.08968 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software