While on the topic if DNS, one of the DC’s that had the corrupt application partition (discussed in my last blog entry) also had another interesting issue that’s not all that common, at least in my experience. One DC in one of the child domains, was missing a few AD integrated DNS zones that were stored in the ForestDNSZones application partition, however it had other zones loaded that were stored in the same partition. To clarify what I mean when I say missing, I mean missing from the DNS console.

Normally if you aren’t able to “pull” the default application partitions, a lot of time’s its because it’s a newly promoted DC in a child domain that doesn’t have connectivity to the Domain Naming Master FSMO role holder; so the application partitions can’t be created. In this case however, not only did it already have other zones loaded that were in the ForestDNSZones partitions, it actually also had the zones that were missing from the DNS console already on the DC, they just weren’t loaded. I say “loaded” vs. “showing up in the DNS console” because I’ve seen it where zones are in fact loaded and resolving, they just don’t show up in the DNS console.

Anyhow, the next thing that I did was check the registry to see if the zones were there –

(HKLMSoftwareMicrosoftWindows NTCurrentVersionDNS ServerZones) is the path; they weren’t. Because they weren’t in the registry they wouldn’t be loaded from there either, so I checked the “Advanced” tab on the Server’s properties to see if they had modified the default settings for “Load zone data on startup” – “From Active Directory and registry”.

integrated_zones

They had.. For some reason, someone set the value on that one DC to only load “From Registry”. They had to have done this at some point after about 40 or so other zones were created/loaded from AD on the server and stored in the registry. I’m assuming after that, someone changed it to only load “From Registry” so all subsequent zones that, though replicated to that DC, couldn’t load because it wasn’t stored in the registry as of yet and wasn’t allowed to load from AD. I changed it back to the default, changing it to load “From Active Directory and Registry”, cycled DNS (which I really didn’t *need* to do) and then all was well – the missing zones loaded right up.