Active Directory Cookbook for Windows Server 2003 and Windows 2000-Active Directory Cookbook for Windows Server 2003 and Windows 2000

Recipe 13.12 Verifying That a Domain Controller Can Register Its Resource Records

13.12.1 Problem

You want to verify DNS is configured correctly so that a domain controller can register its resource records, which are needed for clients to be able to locate various AD services.

13.12.2 Solution

13.12.2.1 Using a command-line interface

This test is available only with the Windows Server 2003 version of dcdiag.

With the following dcdiag command, replace dc1 with the DNS name of the domain the domain controller is in. This command has to be run directly on the domain controller you want to test.

> dcdiag /test:RegisterInDNS /DnsDomain:dc1

   Starting test: RegisterInDNS
      DNS configuration is sufficient to allow this domain controller to
      dynamically register the domain controller Locator records in DNS.

      The DNS configuration is sufficient to allow this computer to dynamically
      register the A record corresponding to its DNS name.

      ......................... dc1 passed test RegisterInDNS

13.12.3 Discussion

With the default setup, domain controllers attempt to dynamically register the resource records necessary for them to be located by Active Directory clients and other domain controllers. The domain controllers must have their resource records populated in DNS in order to function. It can be very tedious and error-prone to register all of the records manually, which is why allowing the domain controllers to use dynamic DNS (DDNS) to automatically register and update their records can be much easier from a support standpoint.

The Windows Server 2003 version of the dcdiag command provides a new RegisterInDNS switch that allows you to test whether or not the DC can register its records. In the solution above, I showed the output if the domain controller passes the test.

Here is the output if an error occurs:

Starting test: RegisterInDNS
   This domain controller cannot register domain controller Locator DNS
   records. This is because either the DNS server with IP address
   6.10.45.14 does not support dynamic updates or the zone rallencorp.com is
   configured to prevent dynamic updates.

   In order for this domain controller to be located by other domain members
   and domain controllers, the domain controller Locator DNS records must be
   added to DNS. You have the following options:

   1. Configure the rallencorp.com zone and the DNS server with IP address
   6.10.45.14 to allow dynamic updates. If the DNS server does not
   support dynamic updates, you might need to upgrade it.

   2. Migrate the rallencorp.com zone to a DNS server that supports dynamic
   updates (for example, a Windows 2000 DNS server).

   3. Delegate the zones _msdcs.rallencorp.com, _sites.rallencorp.com,
   _tcp.rallencorp.com, and _udp.rallencorp.com to a DNS server that supports
   dynamic updates (for example, a Windows 2000 DNS server); or

   4. Manually add to the DNS records specified in the
   systemroot\system32\config\netlogon.dns file.

   DcDiag cannot reach a conclusive result because it cannot interpret the
   following message that was returned: 9501.

   ......................... dc1 failed test RegisterInDNS

As you can see, it offers several options for resolving the problem. The information provided will also vary depending on the error encountered.

13.12.4 See Also

Recipe 13.13 for registering a domain controller's resource records

[ Team LiB ]