Active-Directory Integrated DNS Problem
And...@community.nospam
We have one zone, domain.com for all of our sites, and about 7 reverse
lookup zones.
A remote sysadmin added a new domain controller to the site and
installed DNS incorrectly. What happened is that server somehow took an
incorrect version of the DNS zone and replicated it to the other sites.
Now about 300 entries are missing in the domain.com zone.
HOWEVER, our main dc (PDC Emulator, all roles), still has a correct copy
of the zone. It seems to have not replicated to this box yet.
How can I force this domain controller to replicate it's copy of the
zone to all the other domain controllers running active directory
integrated DNS?
And...@community.nospam
The zone hq.domain.com was previously loaded from the directory
partition MicrosoftDNS but another copy of the zone has been found in
directory partition DomainDnsZones.hq.domain.com. The DNS Server will
ignore this new copy of the zone. Please resolve this conflict as soon
as possible.
If an administrator has moved this zone from one directory partition to
another this may be a harmless transient condition. In this case, no
action is necessary. The deletion of the original copy of the zone
should soon replicate to this server.
If there are two copies of this zone in two different directory
partitions but this is not a transient caused by a zone move operation
then one of these copies should be deleted as soon as possible to
resolve this conflict.
To change the replication scope of an application directory partition
containing DNS zones and for more details on storing DNS zones in the
application directory partitions, please see Help and Support.
However I can't find the second copy. Please help.
Ace Fekay [MCT]
news:%2336hm3W...@TK2MSFTNGP02.phx.gbl...
What happened was you accidentally created a duplicate zone in AD. Keep in
mind, AD integrated zones simply means the data is stored in AD and not as a
text file in the system32\dns folder, where non-AD integrated zones are
kept.
So if you created a zone on another DC, such as when you built a new DC, and
said to yourself (one scenario), oh, there should be such and such zone
here, so you created it and set the replication scope the same as the other
zone on the other DCs. This would have created a dupe. In a scenario where
you install a new DC, install DNS, WAIT for awhile, the zone will
automatically appear. If you manually created it, then problems with dupes
ensue.
Read my following blog for more info on how to find the dupes, and what to
do about it.
Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
And...@community.nospam
OK Your blog has helped. Here is what I found - All DOMAIN CONTROLLERS
are set to replicate to ALL DNS Servers in the AD Domain
The DOMAIN CONTROLLER that has the correct copy of the ZONE is set to
replicated to ALL DOMAIN CONTROLLERS in the AD domain
From what I can gather, this is for windows 2000 backwards compatibility.
So the question is, if I change it to the correct replication, will it
overwrite all the other DC's with the correct information?
Ace Fekay [MCT]
news:uvbqoPXL...@TK2MSFTNGP02.phx.gbl...
Possibly, but I do not thinks so, because of the dupe. You will have to
delete the zone from DNS, then delete the dupes in ADSI Edit.
It may be better to change the good copy on that specific DC to a Primary
zone, which will remove it from AD, then go into ADSI Edit and delete ALL
copies of any remants of the zone in both partitions, delete them out of the
other DCs, allow replication, then simply change it on the Primary to AD
integrated, this time choosing the correct replication scope, go have lunch
or something, then the zone will auto appear on all DCs.
Ace
And...@community.nospam
1 - goto my DC with the good copy of the domain - convert the zone to
primary zone (should I uncheck store in active directory?)
2 - delete all the bad zones from DNS in AD, let it replicate, then
delete any leftovers with ASDIEDIT
3 - go back to dc with primary zone - check the box to store in active
directory, change replication to all DNS servers in the domain
is this correct?
Ace Fekay [MCT]
news:ejUwWjXL...@TK2MSFTNGP04.phx.gbl...
Yes, uncheck store in AD. It will make it a primary zone.
The rest is perfect. Post back with your results.
Ace
And...@community.nospam
and IP addresses, will they still be able to replicate when its gone?
Ace Fekay [MCT]
news:e3UKWEYL...@TK2MSFTNGP03.phx.gbl...
I think I mentioned in my blog that you have to point all the other DCs to
the one and only primary that you changed. This makes that server the
'central' DNS server so they have resolution. Once you go through it and
allow replication, the zone will auto appear on the other DCs, then you go
about changing their settings to itself as first, and a local replica as
second.
Ace
And...@community.nospam
Ace,
it worked! The new zone has now replicated to all of our DC's.
Thanks a lot!
Ace Fekay [MCT]
news:%23pisA1Y...@TK2MSFTNGP05.phx.gbl...
Good to hear! Now go have a cold beverage of your choosing. :-)
Cheers!
Ace