none
_msdcs zone question (AD BPA) RRS feed

  • Question

  • I've just upgraded our domain controllers from 2003 R2 to 2008 R2 and when I run the BPA I get a warning that there is no _msdcs zone in our DNS - which there isn't (there is one under domain.co.uk) as we upgraded our domain from NT to 2000 then 2003 then 2008 (2003 functional level).

    I've looked at http://support.microsoft.com/kb/817470/ and just want to be sure I've got the process 100% clear and that it can be done non-disruptively.

    Do I need to change the DNS of all my DCs to temporarily point to the same DNS server?

    Can I create the new zone and just wait for it to populate?

    What do I do with the existing _msdcs subdomain?

    Thanks.

    Thursday, April 26, 2012 10:43 AM

Answers

  • The greyed _msdcs folder represent delegation but considering you are running with single forest/domain environment, you don't need to bother. The delegation option started with windows 2003 R2. Why BPA reports this because it still looks to forest/root bases under the main zone and since this design as been changed, hence it reports wrongly.You can ignore just verify you have other _msdcs folder with all the sub folder with records inside.

    Also, look at the comment in the previous article i posted earlier will help you why to ignore this error.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.


    Thursday, April 26, 2012 11:02 AM
    Moderator

All replies

  • Hello,

    that is the correct article.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, April 26, 2012 10:49 AM
  • Do I need to create a delegation for _msdcs under the existing domain.com zone?

    That's where there is a bit of a conflict between what I've read and what the KB article states - what I've read keeps referencing a "greyed out" _msdcs subdomain under domain.com?

    Thursday, April 26, 2012 10:54 AM
  • The error _msdcs is not found reported by BPA is actually a bug and should be ignored. Take a look at below article and comments from the Ned(DS lead) at the end.

    http://blogs.technet.com/b/askds/archive/2010/08/02/new-dns-and-ad-ds-bpa-s-released-or-the-most-accurate-list-of-dns-recommendations-you-will-ever-find-from-microsoft.aspx

    Its always better to point current DC to another DNS server as a preferred DNS server,itself in the alternate DNS server and loopback (127.0.0.1)IP as 3rd DNS server. The benefit of pointing each DC to another DNS server there might be race condition when DC is rebooted for start of the DNS service before network is fully loaded, so you can avoided it.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, April 26, 2012 10:54 AM
    Moderator
  • Thanks Awinish, to confirm our domain/DNS is working just fine, it's not like it's broken but with the new DC's I ran the BPA and this is the thing it highlighted.

    I do ordinarily have each DC pointing to the other as primary DNS then at itself, the KB article suggests the change is just temporary but now I don't even know if there's any benefit in bothering to create/change the _msdcs zone?

    Thursday, April 26, 2012 10:57 AM
  • The greyed _msdcs folder represent delegation but considering you are running with single forest/domain environment, you don't need to bother. The delegation option started with windows 2003 R2. Why BPA reports this because it still looks to forest/root bases under the main zone and since this design as been changed, hence it reports wrongly.You can ignore just verify you have other _msdcs folder with all the sub folder with records inside.

    Also, look at the comment in the previous article i posted earlier will help you why to ignore this error.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.


    Thursday, April 26, 2012 11:02 AM
    Moderator