Server 2003 introduced DomainDnsZones and ForestDnsZones application partitions. These moved DNS data out of the domain partition where it was replicated to the GC to its own partition.
In ADSIEdit you can see where each of the partitions stores DNS zone information (2 domain forest example):
Domain partition - cn=MicrosoftDNS,cn=System,dc=childdomain,dc=example,dc=com
DomainDnsZones partition (child domain) - cn=MicrosoftDNS,dc=DomainDnsZones,dc=childdomain,dc=example,dc=com
DomainDnsZones partition (root domain) - cn=MicrosoftDNS,dc=DomainDnsZones,dc=example,dc=com
ForestDnsZones partition - cn=MicrosoftDNS,dc=ForestDnsZones,dc=example,dc=com
If you try to change the replication scope from one to the other, and receive a message like:
"the name limit for the local computer network adapter card was exceeded"
then this likely to be because the zone already exists in the other location.
e.g. you try and move the replication scope of a DNS zone to DomainDnsZones and receive the message above.
Open up adsiedit and navigate to the relevant location in DomainDnsZones. You will likely already see a copy of the partition you are trying to move there.
Delete it, along with any ...in progress... zones you see there as these are the failed attempts to create the zone.
You will immediately be able to change the replication scope.
How did this get created?
Well, in my case it was creating a Server 2003 forest. This automatically installs DNS to the new partitions. However, I wanted to move them back, as well as move _msdcs.forestname to a sub domain of the forest root to represent how a Windows 2000 forest would look. Therefore, when I came to "upgrade" it to a Server 2003 forest-style DNS configuration again, the partition had already existed from when it was first installed.
_msdcs.forestname
Under Server 2003, this is in its own zone, replicating forest wide.
In Windows 2000, it's a sub-domain of the forest root domain. Which was always a pain as you had to ensure the child DCs also had a copy of the forest root DNS data, often using a secondary zone.
It can be upgraded using the instructions in kb817470.
To downgrade it, as I did here, I had to dfo the following:
The newly created _msdcs zone was deleted followed by the deletion of the automatically created delegation (under the forest name DNS zone), then create a new _msdcs subdomain under the forest name DNS zone and restart the netlogon service on every Domain Controller in the forest in order to force related DC RR registration.
Finally, you may speed the ForestDNSzone NC replication by running repadmin /syncall or /replicate /force commands.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment