Recipe 13.12 Verifying That a Domain Controller Can Register Its Resource Records

13.12.1 Problem

You want to verify DNS is configured correctly so that a domain controller can register its resource records, which are needed for clients to be able to locate various AD services.

13.12.2 Solution

13.12.2.1 Using a command-line interface

This test is available only with the Windows Server 2003 version of dcdiag.

With the following dcdiag command, replace dc1 with the DNS name of the domain the domain controller is in. This command has to be run directly on the domain controller you want to test.

> dcdiag /test:RegisterInDNS /DnsDomain:dc1    Starting test: RegisterInDNS       DNS configuration is sufficient to allow this domain controller to       dynamically register the domain controller Locator records in DNS.       The DNS configuration is sufficient to allow this computer to dynamically       register the A record corresponding to its DNS name.       ......................... dc1 passed test RegisterInDNS

13.12.3 Discussion

With the default setup, domain controllers attempt to dynamically register the resource records necessary for them to be located by Active Directory clients and other domain controllers. The domain controllers must have their resource records populated in DNS in order to function. It can be very tedious and error-prone to register all of the records manually, which is why allowing the domain controllers to use dynamic DNS (DDNS) to automatically register and update their records can be much easier from a support standpoint.

The Windows Server 2003 version of the dcdiag command provides a new RegisterInDNS switch that allows you to test whether or not the DC can register its records. In the solution above, I showed the output if the domain controller passes the test.

Here is the output if an error occurs:

Starting test: RegisterInDNS    This domain controller cannot register domain controller Locator DNS    records. This is because either the DNS server with IP address    6.10.45.14 does not support dynamic updates or the zone rallencorp.com is    configured to prevent dynamic updates.    In order for this domain controller to be located by other domain members    and domain controllers, the domain controller Locator DNS records must be    added to DNS. You have the following options:    1. Configure the rallencorp.com zone and the DNS server with IP address    6.10.45.14 to allow dynamic updates. If the DNS server does not    support dynamic updates, you might need to upgrade it.    2. Migrate the rallencorp.com zone to a DNS server that supports dynamic    updates (for example, a Windows 2000 DNS server).    3. Delegate the zones _msdcs.rallencorp.com, _sites.rallencorp.com,    _tcp.rallencorp.com, and _udp.rallencorp.com to a DNS server that supports    dynamic updates (for example, a Windows 2000 DNS server); or    4. Manually add to the DNS records specified in the    systemroot\system32\config\netlogon.dns file.    DcDiag cannot reach a conclusive result because it cannot interpret the    following message that was returned: 9501.    ......................... dc1 failed test RegisterInDNS

As you can see, it offers several options for resolving the problem. The information provided will also vary depending on the error encountered.

13.12.4 See Also

Recipe 13.13 for registering a domain controller's resource records



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net