Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, November 15, 2015 4:33 PM
Hi All,
I have an urgent question and by far I have searched in here and out there but it seems there is nothing to come up with.
Recently, I have to deploy AD on one of our user windows server but actually the server has already had windows DNS service installed. I did that works with successfull results but there is something strange which I have never seen because I always installed the Active Directory and DNS in the same time when doing promote.
I found problem when clients cannot join domain and surprisingly I discovered that when we are deploy AD in the same server which has already DNS service installed, those DNS does not have the same folder as when we are deploying AD and DNS at the same time. It seems I do not have _msdcs folder and the SRV within it. When client did join domain it rejected because it cannot be found.
How can I create the usual DNS folders hierarchy as I had when deploying AD and DNS at the same time. It is really confusing :)
Thanks.
All replies (11)
Monday, November 16, 2015 2:12 AM ✅Answered | 1 vote
Hi Adityo,
According to your description, you promote the server to DC after installing DNS role. Then the DNS doesn't hold _msdcs zone and SRV records. I tested it in my lab, however, it works well that installing DNS role before promoting DC. Clients could join the domain successfully.
Then I manually deleted _msdcs zone, and use the following method to add them back:
1. New primary forward lookup zone _msdcs.dns***.com*** (the domain name of your own domain).
2. enter command net stop netlogon in cmd.
3. enter command net start netlogon in cmd.
4. refresh dns.
5. Check forward lookup zone dns***.com**,* if there's no _msdcs delegation(the grey folder _msdcs), we may new delegation to add it back.
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Monday, November 23, 2015 5:18 AM ✅Answered
Hi Adityo,
The missing folders in your DNS are _sites, _tcp, _udp, DomainDnsZones, ForestDnsZones. In these folders are SRV records too.
Generally, we may add them by command "net stop netlogon & net start netlogon", I manually deleted them in my lab and use the method to add back successfully too.
Try again, delete _msdcs in test.com and recreate the delegation _msdcs, then use "net stop netlogon & net start netlogon", check if it could work.
But glad that you could join clients to domain successfully.
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Monday, November 16, 2015 5:46 AM
Hi Anne,
Thanks for the method, I have never tried that actually. Anyway, should I expect more time when refreshing DNS and wait for those _msdcs folder to show up? And what delegation do I have to create? Is it just "_msdcs" pointing to DNS server ip address?.
Thanks.
Monday, November 16, 2015 5:56 AM | 1 vote
Hi Adityo,
> should I expect more time when refreshing DNS and wait for those _msdcs folder to show up?
After using command net stop&start netlogon, you may refresh DNS zone, the SRV records will exits in _msdcs.domian.com zone immediately, if everything work well.
>what delegation do I have to create? Is it just "_msdcs" pointing to DNS server ip address?.
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Tuesday, November 17, 2015 2:28 AM
Hi Anne,
Your method works and now finally the SRV within "_msdcs" show up. It takes time though and I do not need to create delegation as it is already show up too. I haven't done join domain but furthermore I want to check that this method has already makes everything OK.
I have tested using this command "DCDIAG /TEST:DNS" but it failed. If everything okay, I think the testing should result passed rather than failed. Any idea why it was going on like this?.
Thanks.
Tuesday, November 17, 2015 2:36 AM
Hi Adityo,
It may be some differences, because I manually delete those records. What are those failed entries in dcdiag?
Have you tested if clients could join the domain using the DNS server?
You may post the result of dcdiag for further troubleshooting.
UPDATE: Beside, you may also provide a screen shot of the DNS GUI.
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Friday, November 20, 2015 5:25 AM
Hi Anne,
I am sorry for long catching up. Here are the capture of DNS GUI and "DCDIAG /TEST:DNS" results.
Kindly need your help. Thanks
Friday, November 20, 2015 5:40 AM
Hi Adityo,
Notice that the zone test.com is a standard primary zone not AD integrated zone, change the zone type of test.com and use net stop netlogon & net start netlogon in cmd again, then fresh, check the result.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Saturday, November 21, 2015 10:35 AM
Hi Anne,
I have integrated test.com folder to AD but it seems not working. The "DCdiag /Test:DNS" is still failing. The test result still the same as before.
I realize too that your test2.com has populated different folder than mine as it only show "_msdcs" delegation folder. Any idea?
Thanks
Monday, November 23, 2015 1:04 AM
Hi Adityo,
After changing the zone type, have you run command net stop netlogon & net start netlogon, and refresh dns?
Best Regards,
Anne
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Monday, November 23, 2015 4:57 AM
Hi Anne,
I have done that and even done restart of the windows server but DNS test result still the same. What about the different populated folders on yours and mine? Any suggestion?.
Anyway, I have joined domain successfully and no problem happened. But furthermore, I just a bit afraid that above problem will affect our user windows server function.
Kindly help and thank you.