Hi,
on our DCs the BPA comes up the the error in the subject.
From what I understand this is because this is an old domain and meanwhile you store the _msdcs.domain.com zone directly under "Forward Lookup Zones" and not only at the "zone name" as we old folks learned. I get why and now want to fix this.
It would be great if someone could double check the way I consider to do this:
- I delete the _msdcs.domain.com folder folder under domain.com
- I add a new primary zone "_msdcs.domain.com" directly under at the Forward Lookup Zones
- This Zone will be available for all DCs in the forrest and I will allow only secure updates
- Now I would restart Netlogon & DNSServer service
- Delete local cache: ipconfig /flushdns
- Log into all other DCs, restart DNS & Netlogon Service and delete Cache.
Is this how it is done? Do I have to prepare anything else? Do I have to delete the DNS entries of the DCs?
Edit: And another question: What happens when I restart DNS & Netlogon Service. How much impact is this for the user?
Additional question: my _msdcs folder contains some entries of the same DC in upper AND in lower case.. is there an explanation why this happens? the timestamps are different for this entries.
Thanks.
s.