none
W2k8 R2 - _msdcs.domain.local - missing and reconstruction RRS feed

  • Question

  • Hi,

    a customer asked me to remove old DC´s from AD - this is a simple job using NTDSUTIL but after that, we realized that we don´t have 'SERVER\FORWARD LOOKUP ZONES\_msdcs.domain.local' but only 'SERVER\FORWARD LOOKUP ZONES\domain.local\_msdcs'.

    >>> I followed this article with no sucess: http://support.microsoft.com/kb/310568/en-us
    >>> I tried to reconstruct as the article 'http://itcalls.blogspot.com.br/2011/11/active-directory-integrated-dns-zone.html' but shows a msg like "The zone cannot be created. There was a server failure".

    After look the article 'http://networkadminkb.com/KB/a218/how-to-correct-dns-event-id-4521.aspx'; I have a question:

    >>> If I follow it, do I would loose all entries to my zone 'SERVER\FORWARD LOOKUP ZONES\domain.local'?


    Just to complement the information:

    C:\Users\Administrator.FISCHER>dnscmd  /enumzones
    
    Enumerated zone list:
            Zone count = 4
    
     Zone name                      Type       Storage         Properties
    
     .                              Cache      AD-Legacy
     0.0.10.in-addr.arpa            Primary    AD-Legacy       Update Rev Aging
     website2ofcompany.com		Primary    AD-Legacy       Secure
     domain.local		      Primary    AD-Legacy       Secure Aging
    * both servers are W2k8-R2.

    tks,

    Renato P




    • Edited by 9073241516 Wednesday, February 26, 2014 3:07 AM update info
    Wednesday, February 26, 2014 2:36 AM

Answers

  • Hi Renato,

    What OS version did you have?

    Why didn't you use dcpromo instead of ntdsutil?

    Are there other DC's in that domain that have the DNS application partition?

    Can you detail the steps you did using ntdsutil?

    From what I understand the Domain Controller also had an ADI (Active Directory Integrated zone) so it would be an expected behavior.

    You could backup your DNS zone using dnscmd /zone export, or convert the zones into Primary zones, meaning that the zone will be stored in a file instead of AD. If you do the second option you can copy that file for backup.

    In addition, if you have any system state backups of that DC and the DNS zone was ADI then you can revoer from there.

    More details here:

    Extracting DNS Active Directory-Integrated Zone Files


    http://mariusene.wordpress.com/

    Wednesday, February 26, 2014 4:47 AM
  • Hi,

    You can try the suggestions from the earlier reply, basically set the zone to primary, or simply create a backup, then recreate the AD integrated zone. Here are the steps detailed:

    How to reinstall a Dynamic DNS Active Directory Integrated Zone

    Let me know if it works out.

    Marius


    http://mariusene.wordpress.com/

    Wednesday, February 26, 2014 11:58 AM

All replies

  • Hi Renato,

    What OS version did you have?

    Why didn't you use dcpromo instead of ntdsutil?

    Are there other DC's in that domain that have the DNS application partition?

    Can you detail the steps you did using ntdsutil?

    From what I understand the Domain Controller also had an ADI (Active Directory Integrated zone) so it would be an expected behavior.

    You could backup your DNS zone using dnscmd /zone export, or convert the zones into Primary zones, meaning that the zone will be stored in a file instead of AD. If you do the second option you can copy that file for backup.

    In addition, if you have any system state backups of that DC and the DNS zone was ADI then you can revoer from there.

    More details here:

    Extracting DNS Active Directory-Integrated Zone Files


    http://mariusene.wordpress.com/

    Wednesday, February 26, 2014 4:47 AM
  • Hi Marius,

    tks for quick reply, regarding you questions, take a look:

    What OS version did you have?
    >>> Today only two servers running W2k8R2.

    Why didn't you use dcpromo instead of ntdsutil?
    >>> I´m not sure about what happened in this environment, it could be hw crash or a non experienced it guy in a way to use DCPROMO to demote correctly. I ran the NTDSUTIL in a way to remove 'trash' from AD regarding no more available server.

    Are there other DC's in that domain that have the DNS application partition?
    >>> For the currenc scenario they have only 02 servers (one physical and another virtual). On both servers we face errors when trying to create a new 'Reverse zone'.

    Can you detail the steps you did using ntdsutil?
    >>> I ran commands to remove and also 'SEIZE' as the articles below.

    How to remove data in Active Directory after an unsuccessful domain controller demotion
    http://support.microsoft.com/kb/216498/en-us

    Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
    http://support.microsoft.com/kb/255504/en-us

    * They never backuped the SystemState from DC´s, so before start services I installed Symantec BackupExec in trial mode only to avoid bad surprises.




    • Edited by 9073241516 Wednesday, February 26, 2014 11:21 AM .
    Wednesday, February 26, 2014 11:17 AM
  • Hi,

    You can try the suggestions from the earlier reply, basically set the zone to primary, or simply create a backup, then recreate the AD integrated zone. Here are the steps detailed:

    How to reinstall a Dynamic DNS Active Directory Integrated Zone

    Let me know if it works out.

    Marius


    http://mariusene.wordpress.com/

    Wednesday, February 26, 2014 11:58 AM
  • Hi,

    Do you need further assistances on this issue by now?

    If yes, please feel free to let us know.

    Have a nice day!

    Amy Wang

    Friday, February 28, 2014 9:22 AM
    Moderator