Deleted _msdsc forward lookup zone

Discussion in 'Active Directory' started by Harry, Apr 5, 2005.

  1. Harry

    Harry Guest


    I deleted the _msdsc forward lookup zone a long time ago, now I can not
    undelete it but I do need to get the active directory parts back. I have
    repaired various other problems with esentutil and ntdsutil and all services
    work with exception of the security accounts manager that does not start on
    the now only DC. I have (Event 16651 The directory service is missing
    mandatory configuration..." like I did not know that... The RID server does
    is unavailable (deleted kind of) so adding new DCs is not possible.

    All entries obviously exist in the original DNS domain, although I do not
    know how to create the _tcp folders and whether replication will work if I do

    Can I get some assistance from you good citizens out there?
    Is there some magic ntdsutil-style command I can run in AD recovery mode
    that would rebuild the _msdsc DNS hierarchy?
    Can I change the DNS server for replication of directory services data and
    thereby have this data regenerated?
    Any other magic tricks to get on the good side of directory services?

    Harry, Apr 5, 2005
  2. Harry

    ptwilliams Guest

    Configure the DNS zone to accept dynamic updates. Point the DC at the DNS
    server (could well be itself). Ensure that the DHCP Client Service is
    running on the DC (and set to automatically start) and restart the NETLOGON
    service. This will recreate and repopulate the _msdcs sub-domain.

    If you are talking about the Windows 2003 default delegation, you will have
    to recreate the delegation yourself once the sub-domain has been created.

    In scenarios such as this, it is beneficial to point a number of DCs at the
    same DNS server and do the restarts. Once they've successfully registered
    in DNS, you can replicate and then point them back to where they were
    pointing, i.e. themselves.
    ptwilliams, Apr 5, 2005
