Hi Justin, It sounds like you did the right thing as near as I can tell. Some thoughts:
1) Did you enable dynamic updates to the delegated zone? 2) I assume you delegated to an AD-integrated zone? If so, I'm not sure what the default permissions would be, but you need to make sure that the DCs have rights to update the zone with their RRs. 3) AFAIK you only need to stop and restart NETLOGON to get it to republish all the RRs, even the Kerb RRs. Or you can wait... W2K DCs republish every 60 minutes, W2K3 DCs republish every 15 minutes, by default. 4) Do the DCs' IPCONFIGs all point to DNS servers with updatable zones? Based on some of the CNAME records not showing up, it sounds like some may not. -gil Gil Kirkpatrick CTO, NetPro -----Original Message----- From: Salandra, Justin A. [mailto:[EMAIL PROTECTED] Sent: Saturday, August 30, 2003 7:30 AM To: ActiveDir (E-mail) Subject: [ActiveDir] _MSDCS Question I tried to split out the _MSDCS.forestname.org as a separate zone so that I could replicate that zone forest wide to ensure high availibitly of the zone. It is a best practice I learned in the Microsoft 2210 Workshop. When I did this the _MSDCS sub domain under the forestname zone became a delegation, like it is suppose to be. The new zone was created but it was missing all the information you would find in the _MSDCS sub domain. Now in WIndows Server 2003, if you did this, the information followed and populated the new zone automatically. Since I was missing all the info, I deleted the new zone and the _msdcs sub domain and then recreated the sub domain _msdcs under the forestname zone. I then had to do a ipconfig/ flushdns on each and every domain controller, net stop and net start the Netlogon service, the KDC, and the FRS and hope and pray that it populated the zone automatically again. For some of the servers I had to manually put back the, I think it is called, the DSA record. The CNAME records you find in the root of the _msdcs subdomain. It looks like thier GUID. Has anyone tried to do this and if so have you been successful? What steps did you follow? I used replmon and verified that there were no replication errors, so I think I am back to where I was before. Justin A. Salandra, MCSE Senior Network Engineer List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
