DNS Server Active Directory Integration
Applies To: Windows Server 2008
You can configure the DNS Server service to use Active Directory Domain Services (AD DS) to store zone data. This makes it possible for the DNS server to rely on directory replication, which enhances security, reliability, and ease of administration.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to open zone %1 in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to add zone %1 to the Active Directory. Check that the Active Directory is available. Note that the zone will not be be added to and written to the directory unless you re-attempt adding the zone using the DNS console. The event data contains the error. For more information see "Add and Remove Zones" in the online Help. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to delete zone %1 in the Active Directory. Check that the Active Directory is functioning properly. Note that this zone will not be removed from the directory unless you retry deleting of the zone using the DNS console. The event data contains the error. For more information see "Add and Remove Zones" in the online Help. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to complete directory service enumeration of zone %1. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "%2". The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server could not load the records for the DNS name %1 found in the Active Directory integrated zone %2. A possible cause is that this DNS name contains character(s) not permitted by the name-checking setting on this DNS server. To allow these records to be loaded choose the appropriate name-checking setting on the DNS server. To delete these records from the Active Directory, first allow the DNS server to load them by changing the name-checking setting on this DNS server to allow all names. Then restart the DNS server service to cause the records to be loaded. The records will now appear in the DNS Manager and may be deleted. When the records have been deleted, restore the DNS server name-checking setting to the preferred value. |
|
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to open zone %1 in the Active Directory from the application directory partition %2. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to create a resource record for %1 in zone %2. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to add or write an update of domain name %1 in zone %2 to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "%3". The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server timed out attempting to write resource records to the Active Directory at %1. Check that the directory is functioning properly and add or update the records using the DNS console. The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "%1". The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server timed out attempting an Active Directory service operation on %1. Check Active Directory to see that it is functioning properly. The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to load or create the DnsAdmins group. The most likely cause is that the Group Name has been changed. The DNS server will continue but for full functionality the DnsAdmins group should be repaired. The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to begin background loading of Active Directory-integrated zones. There may be a system resource problem. The DNS server service will now terminate. The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server attempted to load the Active Directory-integrated zone %1 in the background but there was an error during load. This zone will now be shut down. Correct the error and restart the DNS server service. The event data contains the error. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server is experiencing high SOA query load. This may be caused by a large number of local client machines performing updates. Single object replication of DNS records corresponding to SOA queries is being throttled. This may delay replication of updates to this RODC DNS server, however scheduled replication will not be affected. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to connect to the domain naming FSMO %1. No modifications to Directory Partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code. | |
Microsoft-Windows-DNS-Server-Service |
The zone %1 was successfully saved to the new directory partition as %2, but the old copy of the zone was not fully deleted from the old directory partition as %3. Manual cleanup of the old zone may be required. The event data contains the error code. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server was unable to create the built-in directory partition %1. The error was %2. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server detected that it is not enlisted in the replication scope of the directory partition %1. This prevents the zones that should be replicated to all DNS servers in the %2 forest from replicating to this DNS server. To create or repair the forest-wide DNS directory partition, open the the DNS console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. The error was %3. |
|
Microsoft-Windows-DNS-Server-Service |
The DNS server detected that it is not enlisted in the replication scope of the directory partition %1. This prevents the zones that should be replicated to all DNS servers in the %2 domain from replicating to this DNS server. For information on how to add a DNS server to the replication scope of an application directory partition, please see Help and Support. To create or repair the domain-wide DNS directory partition, open the the DNS console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support. The error was %3. |
|
Microsoft-Windows-DNS-Server-Service |
The zone %1 was previously loaded from the directory partition %2 but another copy of the zone has been found in directory partition %3. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible. If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server. If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict. To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support. |
|
Microsoft-Windows-DNS-Server-Service |
The DNS server encountered error %1 building the zone list from Active Directory. The DNS server will sleep for %2 seconds and try again. This can be caused by high Active Directory load and may be a transient condition. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server encountered error %1 attempting to load zone %2 from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server has deleted all records for a corrupt DNS node from Active Directory. The DNS node's distinguished name was %1. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server has detected that the application directory partition %1 is replicating onto this domain controller. DNS data will not be loaded from this new directory partition until initial replication has completed. | |
Microsoft-Windows-DNS-Server-Service |
The DNS server has detected that the application directory partition %1 has finished replicating onto this domain controller. DNS data will now be loaded from this directory partition. |