I just added my 1st w2k8r2 server DC to my 2003 domain. Every thing seems to be working okay, replication , no events etc. Except when I run the Best Practices Analyzer in DNS I get the following error: the active directory integrated DNS zone _msdcs was not found. Under the zone for my domain I have the _msdcs folder . I read articles where it said to create a _msdcs zone so I did that and the error went away but then I kept getting the error 4010 in my event log every time I stopped and restarted DNS. I followed this http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/3ada55e6-344f-430f-a2f2-394e3bb6b0bf but it did not resolve the issue. I am not sure if I am getting the errors because I have only 1 w2k8r2 server and it will go away once I install the second one? I want to transfer the roles from my W2k3 server to the 2k8 server but don't want to do so till I get this resolved. Any help would be appreciated.

Hello, follow case 2 in the following document to create it, applies also to Windows server 2008 and higher: http://support.microsoft.com/kb/817470/ I did it some weeks ago on domain that hadn't the _msdcs.domain.com zone.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Thank you for the link I did read this article and created a zone for _msdcs.domain .com the thing is before I did this I do have the _msdcs zone listed under my domain . Domain.com _mcdcs I created a _mcdcs.domain.com have it replicating at forest level so now my zones are domain.com _mcdcs.domain.com the error is gone when run best practices analyzer...but that is the only place I see an error.. I get the error 4010 now when I restart the service...I am kinda confused when the say _msdcs.forestzone was /is it supposed to be under my domain name or a totally separate zone and I remove the _msdcs record under my domain

Hello, please see: http://technet.microsoft.com/en-us/library/cc735667(WS.10).aspx http://www.eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1 http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I did the same and in my case it worked too. I rode in another article that its Best Practise to have the _msdcs.mydomain.com seperate and not an _msdcs under mydomain.com Then you have to create a delegation record (grey folder) under mydomain.com. In my case i just had to create the folder _msdcs.mydomain.com and everything else worked automaticaly.

I did the same and in my case it worked too. I rode in another article that its Best Practise to have the _msdcs.mydomain.com seperate and not an _msdcs under mydomain.com Then you have to create a delegation record (grey folder) under mydomain.com. In my case i just had to create the folder _msdcs.mydomain.com and everything else worked automaticaly. Did you step through Case 2 of Meinolf's replied support article? http://support.microsoft.com/kb/817470/ Or did you just create a a new zone _msdcs.mydomain.com? Did you create the delegation record...your reply is a little convoluted in what you did exactly. I am asking as I created the new zone with the property of replicate to all DNS servers in this Forest and my records look like they are all there. So I'm wondering if it's safe to delete the _msdcs subzone under mydomain.com, or should I repoint all of my DNS server's DNS IP addresses to my root DNS server for a while to make sure (as suggested by the KB article 817470 listed), then delete the subzone. Thanks.

Just an update... I forgot I had already set my primary DNS ip's on my DNS server's NIC's (say that 5 times fast), to my primary root DNS server (based on BPA suggestions for replication). So I went ahead and checked all my records. Had to manually add two of my DNS servers to the zone's properties, "Name Servers" tab... (the others were found automatically???) and then life was good. Forced replication, waited for about 30 minutes, and deleted the remnant _msdcs under the mydomain.com zone. Ran BPA again and it did not find that to complain about. Event viewer for all roles shows up clean.