none
_msdcs zone was deleted accidentally RRS feed

  • Question

  • Hi,

    My junior accidentally deleted the _msdcs folder from dns console. I need it back again working with all the entries it originally had.

    Please let me know the best approach to troubleshoot this issue.

    TIA


    - thestriver

    Tuesday, May 29, 2012 1:43 PM

Answers

  • The _msdcs zone, by default will only have records that are dynamically created by the domain controllers in your domain.  If you have more than one domain controller, you need to restart the NetLogon service on all DCs.  If you had other records in there that were statically created, you would have to recreate those manually, or restore them from a backup.  

    If you have another DNS server that is acting as a secondary zone, you may want to quickly access that secondary zone before a zone transfer occurs.  You could then convert that zone into a primary zone to prevent further transfers and salvage the records, in the event that you have no backup for static records you may have created in that zone.

    Generally, it isn't common to create static records in the _msdcs zone.


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • Proposed as answer by Ace Fekay [MCT] Tuesday, May 29, 2012 3:18 PM
    • Marked as answer by thestriver Tuesday, May 29, 2012 3:26 PM
    Tuesday, May 29, 2012 2:26 PM
  • In addition, the zone must be set to to forest wide replication scope.

    More info:

    How to reconfigure an _msdcs subdomain to a forest-wide DNS application directory partition when you upgrade from Windows 2000 to Windows Server 2003
    http://support.microsoft.com/kb/817470

    .

    I assume your "junior" admin was reprimanded. :-) Usually "junior" admins are not provided domain admin rights, rather they are delegated per OUs and other specifics, unless it's a small infrastructure.

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by thestriver Tuesday, May 29, 2012 3:26 PM
    Tuesday, May 29, 2012 3:21 PM
  • Not a direct bearing, rather forest wide scope is for forest wide availability of the zone for all domains. Each DC tegisters its own data into the zone, including if it's a GC. Eventually all DCs will register automatically, because they register every 60 min by default, but it's best to manually do it on all if them right away to populate their SRV data.

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by thestriver Tuesday, May 29, 2012 3:53 PM
    Tuesday, May 29, 2012 3:41 PM

All replies

  • Recreate the zone, then restart the netlogon service on all of your domain controllers.

    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    Tuesday, May 29, 2012 2:05 PM
  • I recreated the zone with same name. Then, restarted netlogon on the DNS server from where the zone was deleted. This has brought back the  sub folders and records for this DNS server only. I had other entries as well, atleast 100 of them, like cname, a, ns.

    What is the sequence of steps required: Restart netlogon on all other DC's and then again restart netlogon on this server?

    TIA


    - thestriver

    Tuesday, May 29, 2012 2:12 PM
  • The _msdcs zone, by default will only have records that are dynamically created by the domain controllers in your domain.  If you have more than one domain controller, you need to restart the NetLogon service on all DCs.  If you had other records in there that were statically created, you would have to recreate those manually, or restore them from a backup.  

    If you have another DNS server that is acting as a secondary zone, you may want to quickly access that secondary zone before a zone transfer occurs.  You could then convert that zone into a primary zone to prevent further transfers and salvage the records, in the event that you have no backup for static records you may have created in that zone.

    Generally, it isn't common to create static records in the _msdcs zone.


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • Proposed as answer by Ace Fekay [MCT] Tuesday, May 29, 2012 3:18 PM
    • Marked as answer by thestriver Tuesday, May 29, 2012 3:26 PM
    Tuesday, May 29, 2012 2:26 PM
  • In addition, the zone must be set to to forest wide replication scope.

    More info:

    How to reconfigure an _msdcs subdomain to a forest-wide DNS application directory partition when you upgrade from Windows 2000 to Windows Server 2003
    http://support.microsoft.com/kb/817470

    .

    I assume your "junior" admin was reprimanded. :-) Usually "junior" admins are not provided domain admin rights, rather they are delegated per OUs and other specifics, unless it's a small infrastructure.

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by thestriver Tuesday, May 29, 2012 3:26 PM
    Tuesday, May 29, 2012 3:21 PM
  • So I'm understanding from your valuable comments that the other entries would get added once the netlogon service is restarted on all other DC's. This I understand has a direct bearing on whether or not the zone is replicating across forests. There are no static entries in _msdcs.

    'Junior' is only Junior age-wise not experience. ;)


    - thestriver


    • Edited by thestriver Tuesday, May 29, 2012 3:31 PM .
    Tuesday, May 29, 2012 3:30 PM
  • Not a direct bearing, rather forest wide scope is for forest wide availability of the zone for all domains. Each DC tegisters its own data into the zone, including if it's a GC. Eventually all DCs will register automatically, because they register every 60 min by default, but it's best to manually do it on all if them right away to populate their SRV data.

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by thestriver Tuesday, May 29, 2012 3:53 PM
    Tuesday, May 29, 2012 3:41 PM
  • Yes, actually it has a direct bearing, at least in our scenario, as there were other forests' entries before this happened. Thanks a lot, guys. Appreciate the quick responses.

    - thestriver

    Tuesday, May 29, 2012 3:53 PM
  • YOu are welcome. But one question - Other forest entries in the _msdcs zone? Can you elaborate?

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, May 30, 2012 2:28 AM
  • Was referring to other domain's AD integrated DNS servers' records. Thanks!

    - thestriver

    Wednesday, May 30, 2012 3:25 AM
  • You are welcome!

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, May 30, 2012 4:06 AM