| Author | Messages | |
nocmonkey
Posts:0
 | | 05/16/2007 12:50 PM |
| I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful.
So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers.
I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D | | | |
| bdesmond
Posts:347
| | 05/16/2007 1:00 AM |
| Well, I think you would need to toast the AD integrated zone, create
a new secondary for corp.example.org and transfer it from your backup, then
convert to Ad integrated and it should replicate throughout again.
You could also auth restore the subtree that zone was in if you
have a backup.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From:
ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On
Behalf Of Danny
Sent: Wednesday, May 16, 2007 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD
doesn't like me anymore...
An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to
itself for DNS, but there were no forward lookup zones, and DNS lookups were
unsuccessful.
So I added the corp.example.org (root AD
DNS zone) as AD integrated thinking that it would get the latest information
from one of the other name servers, but it didn't; it cleared the zone file on
all the other DNS servers.
I have a member server with with a secondary copy of the latest root AD DNS
zone, is there anyway for me to import this back into one of the AD integrated
DNS servers?
Thanks!
...D | | | |
| nocmonkey
Posts:0
| | 05/16/2007 1:22 AM |
| Thanks how to I convert to AD integrated?On 5/16/07, Akomolafe, Deji wrote:
Delete the AD-intg zone that you have now. Open the zone file (the secondary zone you mentioned) in notepad and increase the serial number by a lot. Save it and make a backup copy of the file. Recreate the zone as Primary, making sure that you select the option to use the existing zone file.
After you are sure that the records are back the way you expected, you can then convert the zone to AD-intg again.
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Services
www.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 9:50 AMTo: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful.
So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers.
I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer | | | |
| nocmonkey
Posts:0
| | 05/16/2007 1:23 AM |
| Found it, nevermind! Thanks for all your help guys!On 5/16/07, Danny wrote:
Thanks how to I convert to AD integrated?
On 5/16/07, Akomolafe, Deji > wrote:
Delete the AD-intg zone that you have now. Open the zone file (the secondary zone you mentioned) in notepad and increase the serial number by a lot. Save it and make a backup copy of the file. Recreate the zone as Primary, making sure that you select the option to use the existing zone file.
After you are sure that the records are back the way you expected, you can then convert the zone to AD-intg again.
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Services
www.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 9:50 AMTo: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful.
So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers.
I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer | | | |
| nocmonkey
Posts:0
| | 05/16/2007 1:36 AM |
| Thanks, Brian. I went the route suggested by Deji, and we are back in business. Now I am curious why the server I added the zone to did not retrieve a complete zone from one of the other DNS servers on the network. What approach should I have taken, I guess is the better question.
Cheers,...DOn 5/16/07, Brian Desmond wrote:
Well, I think you would need to toast the AD integrated zone, create
a new secondary for corp.example.org and transfer it from your backup, then
convert to Ad integrated and it should replicate throughout again.
You could also auth restore the subtree that zone was in if you
have a backup.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From:
ActiveDir-owner@mail.activedir.org [mailto:
ActiveDir-owner@mail.activedir.org] On
Behalf Of Danny
Sent: Wednesday, May 16, 2007 12:50 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD
doesn't like me anymore...
An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to
itself for DNS, but there were no forward lookup zones, and DNS lookups were
unsuccessful.
So I added the corp.example.org (root AD
DNS zone) as AD integrated thinking that it would get the latest information
from one of the other name servers, but it didn't; it cleared the zone file on
all the other DNS servers.
I have a member server with with a secondary copy of the latest root AD DNS
zone, is there anyway for me to import this back into one of the AD integrated
DNS servers?
Thanks!
...D
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer | | | |
| deji
Posts:132
| | 05/16/2007 1:53 AM |
| The last writer wins. Or, to be somewhat didactic: other things being equal, the last writer wins.
When you created the AD-intg zone on the other server, it replicates that out to all the servers defined in the replication scope, and, because the new zone is "newer", the other partners had to accept it. It's the same logic that applies when you delete the AD-intg zone - it also gets deleted on the other partners because that was the "newest" instruction.
You were expecting the server to "receive" the zone info from the existing servers, uh? Well, now you know :)
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 10:36 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] How to import secondary DNS zone - urgent
Thanks, Brian. I went the route suggested by Deji, and we are back in business. Now I am curious why the server I added the zone to did not retrieve a complete zone from one of the other DNS servers on the network. What approach should I have taken, I guess is the better question. Cheers,...D
On 5/16/07, Brian Desmond wrote:
Well, I think you would need to toast the AD integrated zone, create a new secondary for corp.example.org and transfer it from your backup, then convert to Ad integrated and it should replicate throughout again.
You could also auth restore the subtree that zone was in if you have a backup.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org [mailto:mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of DannySent: Wednesday, May 16, 2007 12:50 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful. So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers. I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer | | | |
| nocmonkey
Posts:0
| | 05/16/2007 2:06 AM |
| Gotcha, that makes sense. So, in future, how do I properly add an existing AD integrated AD DNS zone?Thanks.On 5/16/07, Akomolafe, Deji <
deji@readymaids.com> wrote:
The last writer wins. Or, to be somewhat didactic: other things being equal, the last writer wins.
When you created the AD-intg zone on the other server, it replicates that out to all the servers defined in the replication scope, and, because the new zone is "newer", the other partners had to accept it. It's the same logic that applies when you delete the AD-intg zone - it also gets deleted on the other partners because that was the "newest" instruction.
You were expecting the server to "receive" the zone info from the existing servers, uh? Well, now you know :)
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Services
www.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 10:36 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] How to import secondary DNS zone - urgent
Thanks, Brian. I went the route suggested by Deji, and we are back in business. Now I am curious why the server I added the zone to did not retrieve a complete zone from one of the other DNS servers on the network. What approach should I have taken, I guess is the better question.
Cheers,...D
On 5/16/07, Brian Desmond <
brian@briandesmond.com> wrote:
Well, I think you would need to toast the AD integrated zone, create a new secondary for
corp.example.org and transfer it from your backup, then convert to Ad integrated and it should replicate throughout again.
You could also auth restore the subtree that zone was in if you have a backup.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: ActiveDir-owner@mail.activedir.org
[mailto:mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Danny
Sent: Wednesday, May 16, 2007 12:50 PMTo: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful.
So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers.
I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer | | | |
| deji
Posts:132
| | 05/16/2007 2:08 AM |
| Yuo will need to properly configure the replication scope of the zone (to all DNS serverin Forest/Domain, all DCs in Forest/Domain or whatever tickles your fancy). Then, after introducinga newDNS/DC into the environment, you just wait. Nothing to do.
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 11:06 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] How to import secondary DNS zone - urgent
Gotcha, that makes sense. So, in future, how do I properly add an existing AD integrated AD DNS zone?Thanks.
On 5/16/07, Akomolafe, Deji wrote:
The last writer wins. Or, to be somewhat didactic: other things being equal, the last writer wins.
When you created the AD-intg zone on the other server, it replicates that out to all the servers defined in the replication scope, and, because the new zone is "newer", the other partners had to accept it. It's the same logic that applies when you delete the AD-intg zone - it also gets deleted on the other partners because that was the "newest" instruction.
You were expecting the server to "receive" the zone info from the existing servers, uh? Well, now you know :)
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 10:36 AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] How to import secondary DNS zone - urgent
Thanks, Brian. I went the route suggested by Deji, and we are back in business. Now I am curious why the server I added the zone to did not retrieve a complete zone from one of the other DNS servers on the network. What approach should I have taken, I guess is the better question. Cheers,...D
On 5/16/07, Brian Desmond wrote:
Well, I think you would need to toast the AD integrated zone, create a new secondary for corp.example.org and transfer it from your backup, then convert to Ad integrated and it should replicate throughout again.
You could also auth restore the subtree that zone was in if you have a backup.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: mailto:ActiveDir-owner@mail.activedir.org[mailto:mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Danny Sent: Wednesday, May 16, 2007 12:50 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful. So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers. I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer -- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer | | | |
| deji
Posts:132
| | 05/16/2007 12:58 PM |
| Delete the AD-intg zone that you have now. Open the zone file (the secondary zone you mentioned) in notepad and increase the serial number by a lot. Save it and make a backup copy of the file. Recreate the zone as Primary, making sure that you select the option to use the existing zone file.
After you are sure that the records are back the way you expected, you can then convert the zone to AD-intg again.
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Serviceswww.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 9:50 AMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful. So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers. I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D | | | |
| amulnick
Posts:127
| | 05/17/2007 9:01 AM |
| Waiting for paint to dry or replication to complete is never any fun. You should also move the mouse around repeatedly until it completes. :)One thing to watch for is bugs. The kind that whack your dns records in an unexpected fashion. As Deji mentions, the last writer tends to get its way. There are some bugs out there (that should have been addressed in sp2 - I haven't verified personally) that can wipe out your dns zone when you introduce new dc's that are across slow/high-latency links.
Keep your DCs patched. Some have reported success with a method that involves turning off the dns service on the new dc until replication completes. Haven't checked that method yet either but can't think of a reason why that wouldn't work. Off the top of my head anyway.
-ajmOn 5/16/07, Akomolafe, Deji wrote:
Yuo will need to properly configure the replication scope of the zone (to all DNS serverin Forest/Domain, all DCs in Forest/Domain or whatever tickles your fancy). Then, after introducinga newDNS/DC into the environment, you just wait. Nothing to do.
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Services
www.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 11:06 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] How to import secondary DNS zone - urgent
Gotcha, that makes sense. So, in future, how do I properly add an existing AD integrated AD DNS zone?Thanks.
On 5/16/07, Akomolafe, Deji <
mailto:deji@readymaids.com> wrote:
The last writer wins. Or, to be somewhat didactic: other things being equal, the last writer wins.
When you created the AD-intg zone on the other server, it replicates that out to all the servers defined in the replication scope, and, because the new zone is "newer", the other partners had to accept it. It's the same logic that applies when you delete the AD-intg zone - it also gets deleted on the other partners because that was the "newest" instruction.
You were expecting the server to "receive" the zone info from the existing servers, uh? Well, now you know :)
Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_(_/ /) (/ Microsoft MVP - Directory Services
www.akomolafe.com- we know IT-5.75, -3.23Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: DannySent: Wed 5/16/2007 10:36 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] How to import secondary DNS zone - urgent
Thanks, Brian. I went the route suggested by Deji, and we are back in business. Now I am curious why the server I added the zone to did not retrieve a complete zone from one of the other DNS servers on the network. What approach should I have taken, I guess is the better question.
Cheers,...D
On 5/16/07, Brian Desmond <
mailto:brian@briandesmond.com> wrote:
Well, I think you would need to toast the AD integrated zone, create a new secondary for
corp.example.org and transfer it from your backup, then convert to Ad integrated and it should replicate throughout again.
You could also auth restore the subtree that zone was in if you have a backup.
Thanks,
Brian Desmond
brian@briandesmond.com
c - 312.731.3132
From: mailto:ActiveDir-owner@mail.activedir.org
[mailto:mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Danny
Sent: Wednesday, May 16, 2007 12:50 PMTo: ActiveDir@mail.activedir.org
Subject: [ActiveDir] How to import secondary DNS zone - urgent
I have what appears to be a big DNS issue; and obviously AD doesn't like me anymore...An older Win2000 SP4 DC, which has admittedly been neglected, was pointing to itself for DNS, but there were no forward lookup zones, and DNS lookups were unsuccessful.
So I added the corp.example.org (root AD DNS zone) as AD integrated thinking that it would get the latest information from one of the other name servers, but it didn't; it cleared the zone file on all the other DNS servers.
I have a member server with with a secondary copy of the latest root AD DNS zone, is there anyway for me to import this back into one of the AD integrated DNS servers?Thanks!...D
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer
-- CPDE - Certified Petroleum Distribution EngineerCCBC - Certified Canadian Beer Consumer | | | |
| adwulf
Posts:34
| | 05/17/2007 10:08 AM |
| On 17/05/07, Al Mulnick wrote:
> Waiting for paint to dry or replication to complete is never any fun. You
> should also move the mouse around repeatedly until it completes. :)
>
Would you mind if I pinched that for a .sig quote?
It should really be in RFC1925.
--
AdamT
"Isn't that cute?
BUT IT'S WRONG!!!!"
-- Hollywood
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
| amulnick
Posts:127
| | 05/17/2007 10:44 AM |
| LOL. I checked with the copyright team and they seem to think that'll be fine. ;)On 5/17/07, AdamT > wrote:On 17/05/07, Al Mulnick > wrote:> Waiting for paint to dry or replication to complete is never any fun. You> should also move the mouse around repeatedly until it completes. :)>Would you mind if I pinched that for a .sig quote?
It should really be in RFC1925.--AdamT"Isn't that cute?BUT IT'S WRONG!!!!" -- HollywoodList info : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ma/default.aspx | | | |
| adwulf
Posts:34
| | 05/17/2007 10:53 AM |
| Marvellous! I'm going to get hammered next time I post to a certain
UNIX-biased list, but hey - nevermind.
Please give my regards to your copyright team :-)
On 17/05/07, Al Mulnick wrote:
> LOL. I checked with the copyright team and they seem to think that'll be
> fine. ;)
>
>
> On 5/17/07, AdamT wrote:
> >
> > On 17/05/07, Al Mulnick wrote:
> > > Waiting for paint to dry or replication to complete is never any fun.
> You
> > > should also move the mouse around repeatedly until it completes. :)
> > >
> >
> > Would you mind if I pinched that for a .sig quote?
> >
> > It should really be in RFC1925.
> >
--
AdamT
"Waiting for paint to dry or replication to complete is never any fun.
You should also move the mouse around repeatedly until it completes."
--- Al Mulnick
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx | | | |
|
|