DCDiag errors - How to fix?

[Fran]

I am having some backup issues with new clients and I'm trying to
resolve them. On another NG I got some great advice on cleaning up DNS
issues to fix this and it seems to be working. When I ran DCDiag I got
several errors about the DC not being configured. So I flushed the DNS
cache (Ipconfig /flushdns) and ran Netdiag /fix. I got several errors
when I ran NetDiag /Fix like:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server or
the name '[server].[domainname].com.'. [RCODE_SERVER_FAILURE]
The name '[server].[domainname].com.' may not be
registered in DNS.

There was a whole list of these errors. I tried a quick search on the
internet but didn't come up with much (in english, anyway

Both NetDiag and DCDiag fail with errors. This is an active directory
domain controller (Windows 2000 serverr) and the only DC on the LAN. I
have suspected DNS issues for a while but didn't realize how
integrated DNS was with AD so I'm fishing now to fix these problems
for them.

The controller points to itself as the primary DNS controller and all
the workstations use DHCP and point to this DNS as well.

Any thoughts on how I can diagnose and properly fix these issues?

Fran

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I am having some backup issues with new clients and I'm trying to
resolve them. On another NG I got some great advice on cleaning up DNS
issues to fix this and it seems to be working. When I ran DCDiag I got
several errors about the DC not being configured. So I flushed the DNS
cache (Ipconfig /flushdns) and ran Netdiag /fix. I got several errors
when I ran NetDiag /Fix like:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server or
the name '[server].[domainname].com.'. [RCODE_SERVER_FAILURE]
The name '[server].[domainname].com.' may not be
registered in DNS.

There was a whole list of these errors. I tried a quick search on the
internet but didn't come up with much (in english, anyway

Both NetDiag and DCDiag fail with errors. This is an active directory
domain controller (Windows 2000 serverr) and the only DC on the LAN. I
have suspected DNS issues for a while but didn't realize how
integrated DNS was with AD so I'm fishing now to fix these problems
for them.

The controller points to itself as the primary DNS controller and all
the workstations use DHCP and point to this DNS as well.

Any thoughts on how I can diagnose and properly fix these issues?

At this point without exact errors we can only guess.
Can you post for us this info:
1. ipconfig /all from your DC
2. AD domain name from AD Users & Computers.
3. List of zones in DNS Forward Lookup Zones.

Exact error messages in your event log.

 

[Fran]

Kevin: Per your request...

The errors from NetDiag /fix:
-------------------------------------------------------------------------------------------
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'lan001.LANConcepts.com.'. [RCODE_SERVER_FAILURE]
The name 'lan001.LANConcepts.com.' may not be registered
in DNS.
[FATAL] Failed to fix: DC DNS entry LANConcepts.com.
re-registeration on DNS
server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.LANConcepts.com.
re-registera
tion on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.LANConcepts.com. re-registeration on DNS server '192.168.10.5'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.pdc._msdcs.LANConcepts.com. r
e-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.gc._msdcs.LANConcepts.com. re
-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.10.5' failed
..
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.6b823874-4752-4aa4-97b6-23c9d
83b8821.domains._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.
8.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.LANConcepts.com.
re-registerat
ion on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
ce5b4d6d-b668-4d78-9c11-292a1a81636f._ms
dcs.LANConcepts.com. re-registeration on DNS server '192.168.10.5'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.LANConcepts.com
.. re-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.10.5' fa
iled.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.dc._msdcs.LANConcepts.com. re
-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.10.5' failed
..
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.LANConcepts.com. re-regis
teration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.LANConcepts.com. re-registeration on DNS server '192.168.10.5'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.LANConcepts.com.
re-registerati
on on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
LANConcepts.com. re-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._udp.LANConcepts.com. re-regis
teration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.LANConcepts.com.
re-regist
eration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.LANConcepts.com.
re-regist
eration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS
entries for th
is DC on DNS server '192.168.10.5'.
[FATAL] No DNS servers have the DNS records for this DC
registered.
-------------------------------------------------------------------------------------------
From c:\ipconfig /all:

C:\PROGRA~1\SUPPOR~1>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : LAN001
Primary DNS Suffix . . . . . . . : lanconcepts.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lanconcepts.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast
Ethernet
Controller (3C905C-TX Compatible)
Physical Address. . . . . . . . . : 00-E0-81-28-4B-63
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.15
DNS Servers . . . . . . . . . . . : 192.168.10.5
----------------------------------------------------------------------------------------------+
From AD Users & Computers: LANConcepts.com
Forward Lookup Zones: LAN-Concepts

(same as parent folder); Start of Authority; [7],
LAN001.lanconcepts.com, admin.lanconcepts.com

(same as parent folder) ; Name Server; LAN001.LANConepts.com

(same as parent folder) ; Host; 192.168.10.5

LAN001 ; Host; 192.168.10.5

------------------------------------------------------------------------------------------------

That's all I have in my Fwd Lookups.

Thanks for your interest, Kevin!

In

I am having some backup issues with new clients and I'm trying to
resolve them. On another NG I got some great advice on cleaning up DNS
issues to fix this and it seems to be working. When I ran DCDiag I got
several errors about the DC not being configured. So I flushed the DNS
cache (Ipconfig /flushdns) and ran Netdiag /fix. I got several errors
when I ran NetDiag /Fix like:

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server or
the name '[server].[domainname].com.'. [RCODE_SERVER_FAILURE]
The name '[server].[domainname].com.' may not be
registered in DNS.

There was a whole list of these errors. I tried a quick search on the
internet but didn't come up with much (in english, anyway

Both NetDiag and DCDiag fail with errors. This is an active directory
domain controller (Windows 2000 serverr) and the only DC on the LAN. I
have suspected DNS issues for a while but didn't realize how
integrated DNS was with AD so I'm fishing now to fix these problems
for them.

The controller points to itself as the primary DNS controller and all
the workstations use DHCP and point to this DNS as well.

Any thoughts on how I can diagnose and properly fix these issues?

At this point without exact errors we can only guess.
Can you post for us this info:
1. ipconfig /all from your DC
2. AD domain name from AD Users & Computers.
3. List of zones in DNS Forward Lookup Zones.

Exact error messages in your event log.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================

 

[Ace Fekay [MVP]]

In

Kevin: Per your request...

The errors from NetDiag /fix:
-------------------------------------------------------------------------- -----------------
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'lan001.LANConcepts.com.'. [RCODE_SERVER_FAILURE]
The name 'lan001.LANConcepts.com.' may not be registered
in DNS.
[FATAL] Failed to fix: DC DNS entry LANConcepts.com.
re-registeration on DNS
server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.LANConcepts.com.
re-registera
tion on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.LANConcepts.com. re-registeration on DNS server '192.168.10.5'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.pdc._msdcs.LANConcepts.com. r
e-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.gc._msdcs.LANConcepts.com. re
-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.gc._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.10.5' failed
.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.6b823874-4752-4aa4-97b6-23c9d
83b8821.domains._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.
8.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry gc._msdcs.LANConcepts.com.
re-registerat
ion on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
ce5b4d6d-b668-4d78-9c11-292a1a81636f._ms
dcs.LANConcepts.com. re-registeration on DNS server '192.168.10.5'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.LANConcepts.com
. re-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.10.5' fa
iled.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.dc._msdcs.LANConcepts.com. re
-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._site
s.dc._msdcs.LANConcepts.com. re-registeration on DNS server
'192.168.10.5' failed
.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.LANConcepts.com. re-regis
teration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.Default-First-Site-Name._
sites.LANConcepts.com. re-registeration on DNS server '192.168.10.5'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.LANConcepts.com.
re-registerati
on on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_gc._tcp.Default-First-Site-Name._sites.
LANConcepts.com. re-registeration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry
_kerberos._udp.LANConcepts.com. re-regis
teration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.LANConcepts.com.
re-regist
eration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._udp.LANConcepts.com.
re-regist
eration on DNS server '192.168.10.5' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Fix Failed: netdiag failed to re-register missing DNS
entries for th
is DC on DNS server '192.168.10.5'.
[FATAL] No DNS servers have the DNS records for this DC
registered.
-------------------------------------------------------------------------- -----------------
From c:\ipconfig /all:

C:\PROGRA~1\SUPPOR~1>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : LAN001
Primary DNS Suffix . . . . . . . : lanconcepts.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lanconcepts.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast
Ethernet
Controller (3C905C-TX Compatible)
Physical Address. . . . . . . . . : 00-E0-81-28-4B-63
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.10.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.10.15
DNS Servers . . . . . . . . . . . : 192.168.10.5
-------------------------------------------------------------------------- --------------------+
From AD Users & Computers: LANConcepts.com
Forward Lookup Zones: LAN-Concepts

(same as parent folder); Start of Authority; [7],
LAN001.lanconcepts.com, admin.lanconcepts.com

(same as parent folder) ; Name Server; LAN001.LANConepts.com

(same as parent folder) ; Host; 192.168.10.5

LAN001 ; Host; 192.168.10.5

-------------------------------------------------------------------------- ----------------------

That's all I have in my Fwd Lookups.

Thanks for your interest, Kevin!

On your DNS, the zone name called lanconcepts.com, does that exist,

If so:
1. Are dynamic updates set to at least Yes?
2. Does it contain those 4 service record folders? They look like these:
_sites
_tcp
_udp
_msdcs
3. Is the zone AD Integrated, Primary or a Secondary zone?

What errors are in your Event logs?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Fran]

On your DNS, the zone name called lanconcepts.com, does that exist,

If so:
1. Are dynamic updates set to at least Yes?
2. Does it contain those 4 service record folders? They look like these:
_sites
_tcp
_udp
_msdcs
3. Is the zone AD Integrated, Primary or a Secondary zone?

What errors are in your Event logs?

1) Dynamic updates are set to YES for both forward and reverse lookup
zones

2) No, those 4 service record folders are NOT in the DNS list for
Forward Lookup Zones

3) Yes, the zone was set up with AD integration

 

[Ace Fekay [MVP]]

In

1) Dynamic updates are set to YES for both forward and reverse lookup
zones

2) No, those 4 service record folders are NOT in the DNS list for
Forward Lookup Zones

3) Yes, the zone was set up with AD integration

Ok, that narrows it down a bit.

Here's a couple more:

1. What is the exact spelling of the AD DNS domain name (as it shows in
ADUC)?
2. What is the exact spelling of the zone name in DNS?

Going back to your original post, you said you previously posted in another
group. What other newsgroup(s) are you posting in? Did you multipost this
post as or was that a different issue. FYI : it's better for everyone,
incliding yourself if you were to crosspost, so when anyone responds, the
response will be seen in all groups you cross posted in.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

In Fran <Fran> posted a question
Then Kevin replied below:

If you typed the name of your forward lookup zone correctly your zone is
mis-named you typed:

Forward Lookup Zones: LAN-Concepts

This zone must be named lanconcepts.com, delete this zone and create a new
zone named lanconcepts.com allow dynamic updates and restart the Netlogon
Service, then run netdiag /fix

 

[Ace Fekay [MVP]]

In

In Fran <Fran> posted a question
Then Kevin replied below:

If you typed the name of your forward lookup zone correctly your zone
is mis-named you typed:

This zone must be named lanconcepts.com, delete this zone and create
a new zone named lanconcepts.com allow dynamic updates and restart
the Netlogon Service, then run netdiag /fix

Good eye Kevin. I didn't catch that in his post.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Fran]

Ok, that narrows it down a bit.

Here's a couple more:

1. What is the exact spelling of the AD DNS domain name (as it shows in
ADUC)?
2. What is the exact spelling of the zone name in DNS?

Going back to your original post, you said you previously posted in another
group. What other newsgroup(s) are you posting in? Did you multipost this
post as or was that a different issue. FYI : it's better for everyone,
incliding yourself if you were to crosspost, so when anyone responds, the
response will be seen in all groups you cross posted in.

I originated the post in .networking but I was told I would probably
be better off posting in here so I stopped it there and came here. I
usually don't crosspost (or hold the same conversation in two
different groups...I was told it was bad NG etiquette)

1) lanconcepts.com
2) lan-concepts

 

[Fran]

That did the trick, Kevin! Thanks! (And thanks to Ace, too!) I really
appreciate the guidance here.

In the future when I set up a NEW server (from scratch) as an AD
controller (most of my clients are smaller...25-100 ws) were can I get
info on correctly setting this up? (Or did you guys just teach me
that? These systems were already there (and ailing) I just want to
make sure I avoid the same mistakes that someone else made.

Fran

 

[Ace Fekay [MVP]]

In

I originated the post in .networking but I was told I would probably
be better off posting in here so I stopped it there and came here. I
usually don't crosspost (or hold the same conversation in two
different groups...I was told it was bad NG etiquette)

1) lanconcepts.com
2) lan-concepts

Well, most folks as well as I, would rather see a crosspost, but not
multipost.

Anway, glad the problem is taken care of!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Ace Fekay [MVP]]

In

That did the trick, Kevin! Thanks! (And thanks to Ace, too!) I really
appreciate the guidance here.

In the future when I set up a NEW server (from scratch) as an AD
controller (most of my clients are smaller...25-100 ws) were can I get
info on correctly setting this up? (Or did you guys just teach me
that? These systems were already there (and ailing) I just want to
make sure I avoid the same mistakes that someone else made.

Fran

You can read the Design guidelines and how to setup the infrastructure, but
tell you what, between AD and DNS, just post here and someone will guide you
right along. You can use the books as reference, but as for a quick and
strong guideline on how to, this is the place!

Just some FYI links below to keep on your shelf.

Active Directory Operations Guide:
http://www.microsoft.com/technet/pr...irectory/maintain/opsguide/part1/default.mspx

Best Practice Active Directory Design for Managing Windows Networks [and
DNS]:
http://www.microsoft.com/technet/pr...chnologies/activedirectory/plan/bpaddsgn.mspx

Chapter 4 - Active Directory Design:
http://www.microsoft.com/resources/documentation/exchange/2000/all/reskit/en-us/part2/c04names.mspx

Chapter 9 - Designing the Active Directory Structure:
http://www.microsoft.com/resources/...server/reskit/en-us/deploy/part3/chapt-9.mspx

Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth,
Branch Offices, Exchange, ADC,

Import-Export, etc]:
http://www.microsoft.com/technet/pr...hnologies/activedirectory/deploy/default.mspx

Deployment Planning Guide:
http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp

Chapter 22 - Group Policy:
http://www.microsoft.com/resources/...erver/reskit/en-us/distsys/part4/dsgch22.mspx


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

In

That did the trick, Kevin! Thanks! (And thanks to Ace, too!) I really
appreciate the guidance here.

In the future when I set up a NEW server (from scratch) as an AD
controller (most of my clients are smaller...25-100 ws) were can I get
info on correctly setting this up? (Or did you guys just teach me
that? These systems were already there (and ailing) I just want to
make sure I avoid the same mistakes that someone else made.

That's a good deal! I'm relieved you were able to get it working.

In addition to Ace's comments and articles posted, I'm not sure how this
happened. Unless you didn't let DCPROMO configure DNS for you, either that
or you deleted the zone DCPROMO created. There are three things that must
match exactly, they are:
1. Primary DNS suffix (on the ipconfig /all)
2. AD DNS domain name (in Active Directory Users & Computers)
3. Forward Lookup zone name (in the local DNS server listed in TCP/IP
properties)

In addition, you _must_ follow this rule: Use only the local DNS server that
hosts the AD Domain's Forward Lookup Zone. _Never_, use your ISP's or any
other external DNS server that does not have the AD DNS zone, IN ANY
POSITION, in TCP/IP properties of any member of an AD Domain. Use your ISP's
DNS _only_ as a forwarder listed on the Forwarders tab of the DNS Server
properties in the DNS management console.

 

[Fran]

You can use the books as reference, but as for a quick and

strong guideline on how to, this is the place!

Well, you've certainly proven that!

Thanks again, ALL! Things seem to be zipping along here.

Fran

 

[Ace Fekay [MVP]]

In

Well, you've certainly proven that!

Thanks again, ALL! Things seem to be zipping along here.

Fran

No problem Fran,

Cheers!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================