SUMMARY
Background information
Windows 2000 behavior
When a server that is running Microsoft Windows 2000 is promoted as the first domain controller in a new Active Directory directory service forest, the Windows 2000 Active Directory Installation Wizard (Dcpromo.exe) creates a DNS forward lookup zone that is named after the first domain in the forest (ForestName), and it creates a subdomain and names it _msdcs.ForestName. For example, if your Active Directory forest name is reskit.com, the Installation Wizard creates the reskit.com DNS zone and the _msdcs.reskit.com subdomain as a child of the forest root domain zone.The forest domain zone hosts the DNS resource records for each Active Directory domain controller in the domain. The _msdcs.ForestName subdomain hosts the domain controller locator DNS resource records for all the domain controllers in an Active Directory forest. It is also used to locate domain controllers that have specific roles in the Active Directory domain or in the Active Directory forest, and to locate a domain controller by searching for its GUID when a domain has been renamed.
Windows Server 2003 behavior
When the DNS root domain of a new Active Directory forest is created on a Windows Server 2003-based domain controller, two DNS zones are automatically created. One zone is created for the forest root domain; this zone is replicated between all domain controllers in that domain. The other zone is created for the _msdcs.ForestName subdomain; this zone is stored in the forest-wide DNS application directory partition. This partition replicates to all Windows Server 2003-based domain controllers in the forest that are running the Windows Server 2003 DNS Server service.Upgrading domain controllers from Windows 2000 to Windows Server 2003
If you upgrade from Windows 2000 to Windows Server 2003, your DNS zone configuration is not modified, and the _msdcs.ForestName zone is stored on your Windows Server 2003-based domain controller in one of the following ways:- Case 1: The _msdcs.ForestName zone is a subdomain of your Active Directory-integrated forest root DNS zone, and the secondary _msdcs.ForestName zones are stored in your child domains (if child domains are present).
- Case 2: The _msdcs.ForestName is a subdomain of your Active Directory-integrated forest root DNS zone.
Case 1: Configure the domain-wide _msdcs.ForestName zone to the forest-wide DNS application directory partition
- In the DNS console, right-click the _msdcs.ForestName zone, and then click Properties.
- On the General tab, note the current zone replication type, and then do one of the following:
- If the type is not the forest-wide replication scope, click Change, and then go to step 3.
- If the type is the forest-wide replication scope, skip this step, and then go to step 4.
- Select the forest-wide replication scope for the zone.
- Delete any secondary _msdcs.ForestName zones that are stored in your child domains.
- To perform this procedure, you must be a member of the DnsAdmins or the Domain Admins security group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using the Secondary Logon service command to perform this procedure. You can access this command through the built-in Runas.exe command.
- When you change the storage of a zone from the domain partition to an application directory partition (for example, after you promote a new Windows Server 2003-based domain controller in an existing Windows 2000 domain), the domain controller that holds the domain naming master role must be running Windows Server 2003 for the DNS application directory partitions to exist. If you receive an error when you change the storage of a zone from the domain partition to an application directory partition, transfer the domain naming master role to a domain controller that is running Windows Server 2003, create the default DNS application directory partitions, and then try again.
- After the new forest-wide zone is propagated to the application partition of all the DNS servers in the forest, delete the previous secondary zone. To delete the zone, right-click the zone in the DNS console, and then click Delete.
- The zone replication type change is made one time per forest; however, you must delete the secondary zones from each DNS server individually.
Case 2: Configure the Windows 2000 _msdcs subdomain to a Windows Server 2003 zone that is stored in the forest-wide DNS application directory partition
The following steps assume that the DNS zones for the Active Directory forest root domain were created during the promotion of a Windows 2000-based domain controller, and that all domain controllers in the forest root domain that host the DNS server have been upgraded to Windows Server 2003.The following is a summary of the procedure that you use to configure the subdomain. This procedure is described in detail after the notes.
- Configure the primary DNS server setting in the network connections of all domain controllers in your forest with the IP address of a single root domain controller.
- Create the _msdcs zone for the Active Directory forest name, and then store the _msdcs.ForestName zone in the DNS forest-wide application directory partition.
- Force replication.
- Delete the old _msdcs subdomain.
- Return the primary DNS server setting in the network connections of all domain controllers in your forest to their previous settings.
- By default, only members of the Enterprise Admins security group can create a DNS application directory partition.
- When you change the storage of a zone from the domain partition to an application directory partition (for example, after you promote a new Windows Server 2003-based domain controller in an existing Windows 2000 domain), the domain controller that holds the domain naming master role must be running Windows Server 2003 for the DNS application directory partitions to exist. If you receive an error when you change the storage of a zone from the domain partition to an application directory partition, transfer the domain naming master role to a domain controller that is running Windows Server 2003, create the default DNS application directory partitions, and then try again.
- Click Start, click Run, type cmd in the Open box, and then press ENTER.
- At the command prompt, type the following command, and then press ENTER: net stop netlogon
- Type net start netlogon, and then press ENTER.
- On all the domain controllers
in the forest, modify the network connection configuration on all
domain controllers to point to a single DNS Server:
- Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.
- Right-click the network connection that you want to configure, and then click Properties.
- On the General tab (for a local area connection), click Internet Protocol (TCP/IP), and then click Properties.
- Confirm that Use the following DNS server addresses is enabled.
- Make a note of the existing IP address that appears in the Preferred DNS server box. (You will need this address in a later step in this procedure.)
- In the Preferred DNS server box, type the IP address of a single root domain controller that is running the DNS Server service.
- Click OK.
Important You must use the same IP address of a single root domain controller for all domain controllers in the forest. The purpose of this configuration is to make sure that all domain controllers in the forest register their DNS resource records in copies of the same _msdcs.ForestName zone. - Log on to the Windows Server 2003-based root domain controller by using an account that is a member of the Enterprise Admins security group.
- Verify that a Windows Server 2003-based domain controller holds the domain naming master role.
- Verify that all DNS servers that currently host the _msdcs.ForestName subdomain in primary zones are running Windows Server 2003.
- Start the DNS console. To do this, click Start, click Run, type dnsmgmt.msc, and then click OK.
- In the DNS console, right-click Forward Lookup Zones, and then click New Zone. Click Next
- On the Zone Type page in the New Zone Wizard, click Primary zone, and then click to select the Store the zone in Active Directory check box. Click Next
- On the Active Directory Zone Replication Scope page, click To all DNS servers in the Active Directory forest ForestName.
- On the Zone Name page, in the Zone Name box, type _msdcs.ForestName.
- Complete the wizard by accepting all the default options.
The zone is created, and the Net Logon service populates the zone with the _msdcs.ForestName resource records for the local domain controller. -
The zone will now replicate to all other DNS servers in the replication
scope by using the replication schedules and paths that are configured
in the forest, or you can force replication. To force replication, use
Active Directory Sites and Services, or use the Repadmin.exe tool:
- To use Active Directory Sites and Services:
- Open Active Directory Sites and Services.
- In the console tree, click NTDS Settings for the server that you want to force replication from.
- In the details pane, right-click the connection that you want to replicate directory information over, and then click Replicate Now.
- To use the Repadmin.exe tool:
- With the Support Tools installed, open a command prompt.
- At the command prompt, type the following, and then press ENTER:repadmin /syncallThis will synchronize all the directory partitions.
- To use Active Directory Sites and Services:
- Delete the old _msdcs subdomain from the zone where it was created before you upgraded. To do this:
- Open the DNS console.
- In the console tree, expand the zone that contains the _msdcs subdomain.
- Right-click the _msdcs subdomain folder, and then click Delete.
- After replication is
confirmed for all the domain controllers in the forest, perform the
following network connection configuration on all the domain controllers
in the forest:
- Click Start, click Control Panel, click Network and Internet Connections, and then click Network Connections.
- Right-click the network connection that you want to configure, and then click Properties.
- On the General tab (for a local area connection), click Internet Protocol (TCP/IP), and then click Properties.
- Confirm that Use the following DNS server addresses is selected, and in the Preferred DNS server box, type the IP address that was used previously (that is, the one that you noted in step 1e).
- Click OK.
Essentially wish to say the article is astounding. The clarity in this post is simply fantastic.used office cubicles for sale
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteClick here Phone number for Norton
ReplyDeleteClick here McAfee tech support phone number
Click here Malwarebytes support phone number
Click here Hp printer support phone number
Click here Canon printer support number
ReplyDeletethe panda helper is the best app to download latest app for free so download now panda app to unlock a many feature now download now.
find scrabble words online
ReplyDelete