Active Directory is dead!

[ZENYO]

Can't access AD! I'm not sure what happened. When I try to open AD either through admin tools or one of my custom mmc's I get the hour glass for a couple of seconds then nothing.

The only thing my event viewer is showing is a DNS error because it can't open my domains zone in the AD! Event ID: 4001.

I'm running W2K server w/sp3

Any thoughts?

Thanks
Al

[DVNT1]

Is the DNS server IP setting the same as the IP address of your AD integrated DNS server?

[ZENYO]

Yes it is. My AD server is is my DNS server as well. When I was setting up DNS, I set it up as Standard Primary and not AD Integrated.

[Siliconjunkie]

Does the DNS still work? Can you do an nslookup using it? Have you tried restarting the DNS Server service or bouncing the box?

AD Integrated or not as long as the correct resource records are there it will work, just changes where the records are stored and security I believe. I have used Bind 9 with AD so I know it doesnt have to be integrated.

Oh yeah, and can you reach the DNS server?

[DVNT1]

The two additional requirements for AD DNS is...

1) Support for Service Location (SRV) records, as per RFC 2782
2) Support for dynamic updates

...this is often called AD integrated (even BIND DNS 4.9.7 versions and alter). Hence, you need an AD integrated DNS server.

If this W2K box your only AD compatible DNS server, you need to choose AD integrated when setting it up. Else you can not reach your AD.

[ZENYO]

Thanks

I'm at the office right now, I'll try out your suggestions tonight when I get home.

Al

[meese]

You can use a Standard Primary DNS zone with AD. Actually when you want to setup an Active Directory Domain Controller, before you run dcpromo, you should get DNS setup first with a Standard Primary Zone. Once you create your forward and reverse lookup zones, you NEED to go to the properties of the zone and set "Allow dynamic updates" to "Yes". This is critical, because if you forget and you run dcpromo, you will have to run dcpromo again to bump it back down to a member to fix the problem. Once you have successfully setup AD, you can change your DNS zone to AD Integrated if you want.

[ZENYO]

After checking the properties I found that It is AD integrated (although I don't remember setting it up that way). Allow Dynamic updates is set to "yes". The status is "Running". I forgot to mention (and this is probably important) that this was sudden. AD and DNS were working fine up to a couple of months. I was playing around with some Group Policies (studying for 215). I'm sure the only thing I did was delete the policies that I had put in place.

NSlookup is not working. This is what I get.
*** Can't find server name for address 192.168.*.*: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.*.*

Al

[Siliconjunkie]

Your DNS is broken. Look in event viewer, there is a log there just for the DNS server. Have you bounced it yet?

[ZENYO]

I don't think I understand what you mean by bouning. I posted the error in event viewer in the opening thread,

it is
Event ID: 4001
The DNS server was unable to open zone piperni.com in the Active Directory. This DNS Server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

and it was logged on 29/05.

DNS is starting, and name resolution on the network is still working. Am I barking up the wrong tree here?

Thanks for your help
Al