zone msdcs missing
HelloOn all DC server of my domain, in DNS under Forward lookup Zones, the zone _msdcs.domain.com is missing. I don't know how, maybe someone have delete this zone.For now I haven't problem and I don't know the consequence.So I need your help to recover or recreate this zone at first and then to make a backup and finally setup a monitor.I use Windows 2003 Server.Thank you
February 26th, 2010 2:58pm

Restarting the NETLOGON service on the DC will kick off the process to create the subdomain (if its missing) and the associated records. However, from my experience, if the zone is not there, it will create this as a subdomain in your primary dns domain.You can simply just create the zone manually and then restart the service, the appropriate records should populate. The zone if self standing should be configured as AD Integrated with a scope of Forest Wide. This is not a requirement though, just as a default. In our domain, I run it from within the primary zone because we did not want the DNS admins in the child domain to have any access what so ever to the zone, along with other reasons.It is acceptable either way, it all depends on where you want to have it sitting. Visit my blog: anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
February 27th, 2010 4:40am

Hello,this normally occurs when upgrading a Windows server 2000 to Windows server 2003. See the following article to recreate the _msdcs zone:http://support.microsoft.com/kb/817470/Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
March 1st, 2010 1:23am

Thank you for your answer.Actually, you are right Jorge, I found msdcs zone as a subdomain in my primary dns domain. With your explication, I think I will let it here. But there are not bad consequence with replication between my domain and child domain ?
Free Windows Admin Tool Kit Click here and download it now
March 1st, 2010 1:06pm

If you leave it in the primary zone, the major downside that i see is that if you allow others to pull the zone, they will have access to view these AD related records. If the organization is highly trusted, it really shouldnt be a problem for you.Alternatively, if you keep it seperated and allow zone transers of you primary zone, the information will not be included, therefore not exposing these records.from a technical perspective, as long as you have the proper forwarding in your organization, name resolution will work with this zone seperated or consolidated in one zone. Visit my blog: anITKB.com, an IT Knowledge Base.
March 1st, 2010 5:49pm

Thank you very much. It is clear now.
Free Windows Admin Tool Kit Click here and download it now
March 1st, 2010 5:58pm

Awesome job, Oronra!Visit my blog: anITKB.com, an IT Knowledge Base.
March 3rd, 2010 3:24am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics