Hi all, I had an AD with 2 DC, let's say DC1 and DC2, DC1 was the FSMO holder. DC1 have crushed and can't be restored so I've seized the FSMO roles to the DC2 and have cleaned the metadata with "ntdsutil metadata cleanup" no errors have arisen during theese tasks. I've rebooted DC2 and have theese problems: DNS Error ID 4000 "The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code." If I go to my dns manager I can't se the AD integrated zone

Try resolution mentioned here: http://technet.microsoft.com/en-us/library/dd349683(v=WS.10).aspx Please make sure that the DC is not yet pointing to the old DC as a DNS server and that it is pointing to itself as primary DNS server. Do you have missing zones? If yes, which one of them? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Have just tryed that solution, it obvious not worked... DC2 is now pointing to itself as DNS server I'm missing all AD integrated zone both forward and reverse lookup

Okay, create an AD integrated zone for your domain and then run ipconfig /registerdns and restart netlogon. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Hello, sounds that the second DC is not installed as DNS server? Please confirm this. If this is the case install the DNS server role and create a zone for your AD domain name. Then restart the netlogon service.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I've tryed to create a forward AD integrated zone "test.intra" but failed with this message "The zone cannot be crated, the data is invalid"

Check which event logs are created in the event viewer when creating your zone. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

The event log, section DNS, register Warning ID 4013 "The DNS Server was unable to open the active directory"

Okay, is AD DS running? Looks like I would suggest trying another thing. Do you have a member server? Please install DNS on it, create a primary zone for your domain on it and then let your DC points to it as primary DNS server. Once done, run ipconfig /registerdns and restart netlogon service. Check that DNS records are registered in the new zone and then restart your DC. Try this action plan and inform as for the results. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

How can I check that AD DS is running? No I haven't an other member server.

Have a look to this article: http://technet.microsoft.com/en-us/library/cc732714(WS.10).aspx Are you able to create a primary zone non-integrated to AD on your DC? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

I'm on Windows Server 2003. Yes, I'm able to create a primary non-integrated zone

Okay, create one for your domain and then run ipconfig /registerdns and restart netlogon. Once done, reboot the DC and check if all is okay or not. If all is okay then try again to make your zone AD-integrated. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Ok, I've created a primary non AD Integrated zone, I've run ipconfig /registerdns and have restarted NETLOGON, after having done theese steps in the registry I see 3 event of type"warning" source "Netlogon" ID 5781 1-> "Dynamic registration or deletion of one or more DNS records associated with DNS domain 'filco-ven.intranet.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition)." 2-> "Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.filco-ven.intranet.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition)." 3-> "Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.filco-ven.intranet.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition)." nothing has changed after a reboot

If you look into your new zone, is there new records present? Are you able to change the type of the zone to AD-Integrated now? This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

I've only 1 SOA and 1 NS record. If I try to make the zone AD Integrated I get this dialog box of error: "the data on the primary zone failed to set. The active directory service is not avilable"

Okay, have a look to this Microsoft KB316685: http://support.microsoft.com/kb/316685 Backup your system state and then try the registry modifications. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Have just seen and tryed that solution with no success.