Post by Ace Fekay [MCT]A 'domain does not exist or cannot be contacted' is normally rooted with DNS
problems or DNS misconfigurations. How is your current DNS infrastructure
setup regarding the forest root domain and child domains, if any exist?
What zone replication scope are the _msdcs.yourdomain.local and the
yourdomain.local in?
All DNS servers in the forest. (See OP)
Post by Ace Fekay [MCT]Can you post an ipconfig /all of two of the DCs in your domain, please?> >
Uh.. no.. be glad to check the settings .. what are you looking for ?
Which DC's ? Root or the child domain ?
Post by Ace Fekay [MCT]Have you ever had a DC that failed that you pulled off the network
without
demoting it or performing a Metadata Cleanup? To make sure no DCs are still
in AD, please take a look at this following article that shows how to use
ntdsutil to see what's in the actual AD database, which you can use to
remove any data (DCs, domains, etc), that no longer belong.> >
Sure ... this was the first thing I checked. The DC's and Domain
are valid and the NDNC exists in AD.
Post by Ace Fekay [MCT]It could also be due to a duplicate zone scope in AD. Please read the
following to find out if this is the case, and how to fix it.
Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx> >
I'll have a look..
Thanks,
--Steve
--
WayCoolkennel
[...] I have determined
that DomainDNSZones partition exists for the child domain. The child
domain DNS is set to "Replicate to all DNS servers in the Forest"
But
there are no DomainDNSZones.childdomain.mydomain.domain.com DNS entries
I can see why there are (or is?) no entries for the child domain in the
DomainDnsZones partition . If you have the zone set to the ForestDnsZones
partition, why would it exist in the DomainDnsZones partition?
Post by Ace Fekay [MCT]The child domain is delegated in the root DNS.
That explains it further. In a parent-child delegation, you delegate the
child zone from the parent zone to the child domain's DNS servers. In order
to properly do that, you need to change the parent zone (if not already set)
to DomainDnsZones partition, then create a zone on one (yes, just ONE of the
DCs or you will create a duplicate & conflicting zone scenario) of the child
domain DNS servers and put it in the DomainDnsZones partition. Then you go
back to one of the parent domain DNS servers, and create the delegation.
If you have the child zone in the ForestDnsZones partition, then that means
it exists on ALL DCs. Hence it now creates a duplicate or a conflict in the
parent zone. It sees the delegation, meaning to go ask elsewhere, yet it
exists in it's own context. Therefore, it does not know what to do with it,
hence a conflict.
Post by Ace Fekay [MCT]So.. I need to get the child domain to recreate the DNS entries .. but
I cant seem to figure it out.
First, you make sure that each child zone (if you have more than one child)
are all set to DomainDnsZones partition, and make sure the parent zone is as
well, allow replication to occur, if it can, that is because tthe conflict
or dupe scenario in your case may cause a problem with replication. Also,
ALL machines in the child domain must ONLY use the child domain DNS servers,
not the parent.
Keep in mind, a delegation is just that, you are telling it that another DNS
server is handling the namespace. The forest wide replication with a
delegation is defeating that, as well as may be causing a dupe/conflict
issue.
Post by Ace Fekay [MCT]I saw that someone suggested creating the domain "DomainDNSZones" then
running Netdiag /v /fix
Sure, that will fix general issues, but not a configuration issue.
I hope that was understandable.
Oh, in a parent child delegation, configure a Forwarder from all child DNS
servers (yes all) to the parent DNS, then from the parent DNS servers to the
ISP.
Ace