Greetings All. Eric here again. Recently I was doing an ADRAP remediation and one of the High Risk findings that the tool found was "Multiple Copies of a Primary zone Stored in Different Locations". In this environment all of the DC's were Windows Server 2008 R2. I've seen this finding on the ADRAP report a number of other times where the same zone was in the ForestDNSZones, DomainDNSZones, and Domain partitions, among other file based zones across different DC's all at the same time in some pre... [More]

Hello all, this is Eric again. Recently I was at a customer site finishing up a 2008 R2 (pre-SP1 – and there is a difference as discussed in my update at the end) upgrade project, cutting over their last site, when the customer randomly mentioned something that he had seen when he built and promoted a new 2008 R2 DC a couple of days ago. He said that he'd built it from media, added anti-virus, and then promoted it, checking the DNS and GC boxes in the dcpromo wizard. He said that he didn't do an... [More]

How's it goin' team? Eric here again. It's been a while since I've blogged, so I figured I'd write one based on some scenarios during a recent customer visit. I was on-site with a customer that added probably a hundred new zones since I'd been there last. The only reason we even looked at that was because there appeared to be some stale entries impacting SCCM deployments, and that’s when I found that aging/scavenging wasn't enabled on the new zones (you can find very good info on scavenging here... [More]

While on the topic if DNS, one of the DC's that had the corrupt application partition (discussed in my last blog entry) also had another interesting issue that's not all that common, at least in my experience. One DC in one of the child domains, was missing a few AD integrated DNS zones that were stored in the ForestDNSZones application partition, however it had other zones loaded that were stored in the same partition. To clarify what I mean when I say missing, I mean missing from the DNS conso... [More]

Hello all, Eric here again. Just recently I was at a customer site in Japan for a few weeks and they had a number of interesting issues, so while I have some time here in the Naha airport, I thought I'd write about a couple of them. One issue that we encountered across a number of their domains was that we couldn't create zones in the DomainDNSZones partition ("All DNS servers in this domain" option). It wasn't due to permissions; unfortunately I didn't write down the exact error syntax that wa... [More]

!!! WARNING:  IT Systems Administrator blasphemy ahead !!!  Actually, here it is right here:  I know that NetDiag is a staple tool for systems administrators but I’ve never been a big consumer of the tool and that’s mostly because I just don’t care for it.  There is some great functionality in the tool but a lot of it can be found in other tools without all of the excess effort and output.  The other thing is that there are some limitations and known issues which often m... [More]

A Nifty Trick to Backing-up AD Integrated DNS Zones Purpose                 A few years ago I had a customer that lost their DNS databases that were stored in AD. They asked me if there was any way to recover this data without performing an authoritative restore. That got me thinking of what we could use native to DNS that could provide backups and restores that would be affected by Active Directory as little as pos... [More]