Computer 'promotion' needn't mean AD problems

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!

When a Windows 2003 Server is converted to a domain controller, a number of special domain name system entries are written to that machine's DNS Server (which is usually Microsoft's own DNS server, but a third-party server can also be used). These entries include information about the domain's global unique identifier (GUID), so that Active Directory can query DNS through the GUID address.

If an admin mistakenly promotes a computer to the status of domain controller without first installing and configuring DNS, then AD's DNS entries won't be written correctly. And when these special entries are missing, tests like the command-like dcdiag will fail on simple connectivity tests with the DNS server. The error message usually looks something like this:
's server GUID DNS name could not be resolved to an IP address. Check items such as the DNS server, DHCP and server name. Although the GUID DNS name (._msdcs.domain-name.local) couldn't be resolved, the server name () resolved to the IP address () and was pingable. Check that the IP address is registered correctly with the DNS server.

Obviously, a problem like this is going to cripple AD functionality, so here's how to fix it:

1. Make sure the system's TCP/IP settings are correctly configured to support a local DNS server:
2. Open My Network Places | Local Area Connection (or whichever network connection is being used) | Internet Protocol (TCP/IP) | Properties | Advanced | DNS.
3. Set the first DNS server to be the local computer -- either the machine's own network address or 127.0.0.1 (the loopback address).
4. Select "Append primary and connection-specific DNS suffixes" as well as "Append parent suffixes of the primary DNS suffix."
5. Select "Register this connection's address in DNS." Click OK to close.
6. At a command prompt, type ipconfig /flushdns, then ipconfig / registerdns to flush out the DNS resolver cache and register the DNS source records, respectively.
7. Open the DNS Management Console and look for a host (A) record for the computer name, a Start of Authority (SOA) record and a Name Server record (NS).
8. In Forward Lookup Zones, right-click and get the Properties for the Active Director domain's DNS zone (usually listed as your domain ...
   
   To continue reading for free, register below or login

   Requires Membership to View

   To gain access to this and all member only content, please provide the following information:

   Email Address:
   
   
   

   By joining SearchWindowsServer.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   To read more you must become a member of SearchWindowsServer.com

   As an existing member of the TechTarget network please activate your SearchWindowsServer.com account 

   By joining SearchWindowsServer.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   
   
   

   Digg This!     StumbleUpon     Del.icio.us

   
   
   
   

   RELATED CONTENT Microsoft Windows Server 2003 Administration How to install Windows Server 2003 patches when offline Validating Windows server clusters with ClusPrep Exploring the Windows Server 2003 Resource Kit: Clusfileport.dll Exploring the Windows Server 2003 Resource Kit: Cmdhere.inf and CMGetCer.inf Windows server security management: Security expert roundup Windows server management with Remote Desktop Avoid DC restoration problems with authoritative restore Exploring the Windows Server 2003 Resource Kit: Confdisk.exe Exploring the Windows Server 2003 Resource Kit: Compress.exe and Expand.exe Exploring the Windows Server 2003 Resource Kit: Clusterrecovery.exe Microsoft Windows Server 2003 Administration Research Domain Name System (DNS) DNS troubleshooting best practices Generating a DNS health check in Windows Domain Name System (DNS) Guide An alternate strategy for DNS server backup DNS troubleshooting tips for Active Directory How the DC locator works in Active Directory For Active Directory performance gains, delegate the _MSDCS DNS zone Best practices for DNS structure design DNS best practices: Making AD rock-solid Name resolution in DNS Microsoft Active Directory Design and Administration Utilizing Active Directory snapshots in Windows Server 2008 Active Directory tops the list of hot Windows Server 2008 R2 features Creating Windows taskpad views for Active Directory management When to add new domains to your Windows environment Forcing the removal of a Windows Server 2008 domain controller Performing a staged installation of an RODC in Windows Server 2008 Using Active Directory to manage Macs in a Windows environment Scripting domain controller installations: A must for Server Core Taming the LSASS.exe process for Active Directory performance and security Top 5 Active Directory tips of 2008

   RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Active Directory  (SearchWindowsServer.com)

   RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

   
   
   name).

9. Select "Active Directory-integrated" for the zone type and "Secure Only" for the dynamic updates type. Click OK to close
10. At a command prompt, type netdiag /fix, then net stop netlogon and net start netlogon to finalize the changes.
11. Run dcdiag one more time to make sure the domain controller's DNS is working.