DNS: Zone <zone name> is an Active Directory integrated DNS Zone and must be available

  • Article

Updated: October 15, 2010

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Product/Feature

DNS

Severity

Critical

Category

Configuration

Issue

The Active Directory integrated DNS zone was not found.

An Active Directory (AD)-integrated DNS zone is present in the application directory partition, but was not found in DNS.

Impact

DNS queries for the Active Directory integrated zone might fail.

This DNS server will fail to respond to DNS client queries for the zone.

Resolution

Restore the Active Directory integrated DNS zone.

If the problem is caused by an error in Active Directory, you can attempt to restore the application directory partition from backup. For more information, see Performing Authoritative Restore of an Application Directory Partition. Alternatively, you can export the zone contents to a file, and then restore it to an AD-integrated zone using the following procedure.

Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To restore an AD-integrated zone

  1. Locate a DNS server that hosts the best copy of the zone. If no DNS servers appear to host the zone, then use a master domain controller.

  2. Temporarily use this DNS server as the primary DNS server for client computers.

  3. Open an elevated command prompt on this DNS server.

  4. Perform the procedure below to back up the AD-integrated zone.

  5. Perform the procedure below to reload the AD-integrated zone.

  6. Verify that the zone data has been added to DNS on this server.

  7. Wait for AD replication to create a copy of the zone on other domain controllers. When this is complete, restore client DNS settings to the previous configuration.

To back up the AD-integrated zone

  1. Type the following command, and then press ENTER:

    dnscmd /ZoneExport <zone name> <zone file name>

    This command exports the zone data to a file in the %windir%\System32\DNS directory. If desired, you can copy this file to a secure location.

    Value Description

    dnscmd

    The command-line tool for managing DNS servers.

    /ZoneExport

    Required. Used with <zone name> and <zone file name> to specify the zone and file name to use when storing zone data in a file.

    <zone name>

    Required. The FQDN of the zone.

    <zone file name>

    Required. The name of the file used to store zone data.

  2. To view the contents of the file, type the following command and then press ENTER:

    type <zone file name>

  3. Verify that the file exists and that it contains the correct zone data. If the file does not contain the correct zone data, attempt this procedure on a different DNS server, or restore the Active Directory partition.

To reload the AD-integrated zone

  1. Using the elevated command prompt, browse to the %windir%\System32\DNS directory.

  2. Type the following command, and then press ENTER:

    dnscmd /ZoneDelete <zone name> /dsdel /f

    This command will remove the zone from DNS and Active Directory.

  3. Type the following command, and then press ENTER:

    dnscmd /ZoneAdd <zone name> /Primary /file <zone file name> /load

    This command will add the zone to DNS as a standard file backed primary zone. After adding the zone to DNS you can convert it to AD-integrated.

  4. Type the following command, and then press ENTER:

    dnscmd /ZoneResetType <zone name> /dsprimary

    This command converts the zone from standard primary to AD-integrated primary.

    Value Description

    dnscmd

    The command-line tool for managing DNS servers.

    /ZoneDelete

    Required. Deletes a specified zone from the DNS server.

    /ZoneAdd

    Required. Adds a specified zone to the DNS server.

    /ZoneResetType

    Required. Changes the type of a specified zone.

    <zone name>

    Required. The FQDN of the zone.

    <zone file name>

    Required. The name of the file used to store zone data.

    /Primary

    Required. Specifies the zone type is standard file backed primary.

See Also

Concepts

Performing Authoritative Restore of an Application Directory Partition