child domains, dns replication

[Guest]

when a child domain is created, what exactly is supposed to happen with DNS? i have a situation where a production child domain is not replicating its changes to its parent domain, whos DCs also have a copy of the dns zone

my problem is, in my lab testing, i cannot reproduce this behavior, as matter of fact, i get totally different behavior. in my lab, i have 2 DCs of a parent zone, and they work completely normally. when i created this lab parent domain, DNS was installed, but no zones were configured. dcpromo configured the zone for me, and off i went. i have 2 more DCs for the lab child domain, and they also had DNS preinstalled, but unconfigured. dcpromo did not set up any DNS zones on the child DCs. i added an AD-integrated DNS zone to the child DCs, but it is not replicating changes from the parent's zones properly

if someone could shed some light for me on the proper creation of child domains with replicating DNS zone, i would really appreciate it

thanks in advance
jonathan

 

[Tim Hines [MSFT]]

There is a knowledge base article that discusses how to set up a delegation
for a child domain. The article is
http://support.microsoft.com/default.aspx?scid=kb;en-us;255248

All data is not replicated between parent and child domains. Every domain
in the forest will replicate the schema and configuration partitions but
they do not replica their domain partitions. The only exception to this is
Global catalog replication since GC replication does a partial replication
of each partition in the forest. In Windows 2003 DNS was changed so that
the DNS zone information can be replicated throughout the forest. I've
pasted info from the help file below about the new change.

DNS zone replication in Active Directory
DNS zones can be stored in the domain or application directory partitions of
Active Directory. A partition is a data structure within Active Directory
used to distinguish data for different replication purposes. For more
information, see Active Directory integration.

Important

a.. If you are changing the storage of a zone from the domain partition to
an application directory partition, such as following the promotion of a new
Windows Server 2003 domain controller in an existing Windows 2000 domain,
the domain controller holding the domain naming master role must be running
Windows Server 2003 for the DNS application directory partitions to exist.
If you receive an error when changing the storage of a zone from the domain
partition to an application directory partition, transfer the domain naming
master role to a domain controller running Windows Server 2003, create the
default DNS application directory partitions, and try again. For more
information about creating the default DNS application directory partitions
and transfering the domain naming master role, see To create the default DNS
application directory partitions; To transfer the domain naming master role.
The following table describes the available zone replication scopes for
Active Directory-integrated DNS zone data. Zone replication scope
Description
All DNS servers in the Active Directory forest Replicates zone data to
all DNS servers running on domain controllers in the Active Directory
forest. Usually, this is the broadest scope of replication.
All DNS servers in the Active Directory domain Replicates zone data to
all DNS servers running on domain controllers in the Active Directory
domain. This option is the default setting for Active Directory-integrated
DNS zone replication in the Windows Server 2003 family.
All domain controllers in the Active Directory domain Replicates zone
data to all domain controllers in the Active Directory domain. If you want
Windows 2000 DNS servers to load an Active Directory zone, this setting must
be selected for that zone.
All domain controllers in a specified application directory partition
Replicates zone data according to the replication scope of the specified
application directory partition. For a zone to be stored in the specified
application directory partition, the DNS server hosting the zone must be
enlisted in the specified application directory partition. For more
information, see To create a DNS application directory partition and To
enlist a DNS server in a DNS application directory partition.


When deciding which replication option to choose, consider that the broader
the replication scope, the greater the network traffic caused by
replication. For example, if you choose to have Active Directory-integrated
DNS zone data replicated to all DNS servers in the forest, this will produce
greater network traffic than replicating the DNS zone data to all DNS
servers in a single Active Directory domain in that forest. For information
about changing zone replication scope, see To change zone replication scope.

Notes

a.. This feature is not included on computers running the Microsoft®
Windows® Server 2003, Web Edition, operating system. For more information,
see Overview of Windows Server 2003, Web Edition.
b.. Active Directory-integrated DNS zone data stored in an application
directory partition is not replicated to the global catalog for the forest.
The domain controller that contains the global catalog can also host
application directory partitions, but it will not replicate this data to its
global catalog.
Active Directory-integrated DNS zone data stored in a domain partition is
replicated to all domain controllers in its Active Directory domain and a
portion of this data is stored in the global catalog. This setting is used
to support Windows 2000.

c.. If an application directory partition's replication scope replicates
across Active Directory sites, replication will occur with the same
intersite replication schedule as used for domain partition data.
d.. Root hints are stored in the domain-wide application directory
partition if the domain functional level is set to Windows Server 2003. If
the domain functional level is set to Windows 2000 mixed or Windows 2000
native, root hints are stored in the domain partition. For more information
about functional levels, see Domain and forest functionality.
e.. By default, the Net Logon service registers domain controller locator
(Locator) DNS resource records for the application directory partitions
hosted on a domain controller in the same manner as it registers domain
controller locator (Locator) DNS resource records for the domain partition
hosted on a domain controller.


--
--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

when a child domain is created, what exactly is supposed to happen with

DNS? i have a situation where a production child domain is not replicating
its changes to its parent domain, whos DCs also have a copy of the dns zone.

my problem is, in my lab testing, i cannot reproduce this behavior, as

matter of fact, i get totally different behavior. in my lab, i have 2 DCs
of a parent zone, and they work completely normally. when i created this
lab parent domain, DNS was installed, but no zones were configured. dcpromo
configured the zone for me, and off i went. i have 2 more DCs for the lab
child domain, and they also had DNS preinstalled, but unconfigured. dcpromo
did not set up any DNS zones on the child DCs. i added an AD-integrated DNS
zone to the child DCs, but it is not replicating changes from the parent's
zones properly.

if someone could shed some light for me on the proper creation of child

domains with replicating DNS zone, i would really appreciate it.