Very Computer

Im just reading the Whitepaper "Designing and deploying
directory services" from the Windows 2003 deployment kit.

On page 360 the whitepaper refereces to the articel
kb817470 about creating separate
_msdcs.forest_root_domain DNS zones.

Unfortunately I cant find this article.
Can you help me ?

thank you.

Danijel Klaric

This article is not published, so we are unable to find it on the Web. I am
providing the draft copy here.

SUMMARY
=======

The goal of this article is to provide steps to ensure that
                  the forest-wide locator records under _msdcs.forestname are available
on every
                  DNS server in the forest. This scenario is applicable when Windows 2000
domain
                  controllers running the DNS Server service are upgraded to Windows
Server 2003.

MORE INFORMATION
================

 When a server running Windows 2000 Server is promoted as
                  the first domain controller in a new Active Directory forest, the Active
                  Directory Installation Wizard creates a DNS forward lookup zone named
after the
                  forest root domain, and a subdomain named _msdcs.forestname. For
example, if
                  your Active Directory forest name were reskit.com, then the wizard
would create
                  the DNS zone ?reskit.com? and the subdomain ?_msdcs.reskit.com? and
store the
                  subdomain with the zone for the domain. The domain zone hosts DC
locator DNS
                  resource records for each Active Directory domain controller in the
domain. The
                  _msdcs.forestname subdomain hosts DC locator DNS resource records for
all
                  domain controllers in an Active Directory forest. It is also used to
locate
                  domain controllers that have specific roles in the Active Directory
domain or
                  forest, as well as to locate a domain controller by GUID when a domain
has been
                  renamed.

When the DNS root domain of a new Active Directory forest is
                  created on a Windows Server 2003 domain controller, a DNS zone is
automatically
                  created for the _msdcs.forestname and stored in the forest-wide DNS
application
                  directory partition, which replicates to all Windows Server 2003 domain
                  controllers in the forest running the Windows Server 2003 DNS Server
service.

However, if you upgrade from Windows 2000 Server to Windows Server
                  2003, the _msdcs.forestname zone will be stored on your Windows Server
2003
                  domain controller in one of the following ways:

- Case 1: An Active Directory-integrated _msdcs.forestname zone is
  stored in your root domain and secondary _msdcs.forestname zones are
  stored in your child domains (if present).
- Case 2: If your existing (Windows 2000 Server) _msdcs.forestname was
  a subdomain of the root domain DNS zone, then the _msdcs.forestname
  domain will remain a subdomain of the forest root DNS zone.

Microsoft recommends that the DNS records for the
                  _msdcs.forestname domain name always be placed in a zone for the
                  _msdcs.forestname domain name and stored in the forest wide DNS
application
                  directory partition to ensure forest-wide availability.

Case 1: Transitioning the domain wide _msdcs.forestname zone to the
forest-wide DNS application directory partition

1. In the DNS console, right-click the _msdcs.forestname zone, and then
   click Properties.
2. On the General tab, note the current zone replication type, and then
   click Change.
3. Select the forest-wide replication scope for the zone.
4. Delete any secondary _msdcs.forestname zones that are stored in your
   child domains.

Notes:

- To perform this procedure, you must be a member of the DnsAdmins or
  the Domain Admins group in Active Directory, or you must have been
  delegated the appropriate authority. As a security best practice,
  consider using the "Run As" command to perform this procedure.
- When the new forest?wide zone is propagated to the application
  partition of all DNS servers in the forest, then you should delete the
  previous secondary zone. To delete the zone, in the DNS console,
  right-click the zone, and then choose Delete.
- While the zone replication type change is made once per forest, the
  secondary zones must be deleted from each DNS server individually.

Case 2: Transitioning Windows 2000 _msdcs subdomain to a Windows Server
2003 zone stored in the forest-wide DNS application directory partition

The following procedure assumes that the DNS zones for
                  the Active Directory forest root domain were created during the
promotion of a
                  Windows 2000 domain controller, and that all domain controllers in the
forest
                  root domain hosting the DNS server have been upgraded to Windows Server
                  2003.

The procedure includes the following high-level steps:

1. Configuring the primary DNS server setting in the network
   connections of all domain controllers in your forest with the IP
   address of a single root domain controller.
2. Creating the _msdcs zone for the Active Directory forest name, and
   storing the _msdcs.forestname zone in the DNS forest wide application
   directory partition.
3. Forcing replication.
4. Deleting the old _msdcs subdomain.
5. Returning the primary DNS server setting in the network connections
   of all domain controllers in your forest to their previous
   configuration.

To transition the _msdcs subdomain to a zone stored in the
                  forest wide DNS application partition:

- By default, only members of the Enterprise Admins group can create a
  DNS application directory partition
- When changing the storage of a zone from the domain partition to an
  application directory partition, such as following the promotion of a
  new Windows Server 2003 domain controller in an existing Windows 2000
  domain, the domain controller holding the domain naming master role
  must be running Windows Server 2003 for the DNS application directory
  partitions to exist. If you receive an error when changing the storage
  of a zone from the domain partition to an application directory
  partition, transfer the domain naming master role to a domain
  controller running Windows Server 2003, create the default DNS
  application directory partitions, and try again.

1.  On all domain controllers in the forest, perform the
                                following network connection configuration:

        a.       Click Start, click Control Panel, click Network and Internet
Connections, and then click Network Connections.
        b.       Right-click the network connection you want to
                                                         configure, and then click Properties.
        c.       On the General tab (for a local area connection), click Internet
Protocol (TCP/IP), and then click Properties.
        d.       Confirm that Use the following DNS server addresses is enabled.
        e.       In Preferred DNS server, record the existing IP address.
        f.       In Preferred DNS server, type the IP address of a single root domain
controller
                                                         running the DNS Server service.
        g.      Click OK.

                Note: For large deployments, you may want to create a script to configure
the IP address of a single root domain controller as the preferred DNS
server setting on all domain controllers.

                Important: You must use the same IP address of a single root domain
controller for all domain controllers in the forest. The purpose of this
configuration is to ensure that all domain controllers in the forest
register their DNS resource records in copies of the same _msdcs.forestname
zone.

2. Log onto the Windows Server 2003 root domain controller using an
   account that is a member of the Enterprise Admins group.
3. Verify that a Windows Server 2003 domain controller holds the domain
   naming master role.
4. Verify that all DNS servers that currently host the
   _msdcs.forestname subdomain in primary zones are running Windows Server
   2003.
5. Start the DNS console (start ->run -> DNSMGMT.MSC).
6. In the DNS console, right-click Forward Lookup Zones, and then click
   New Zone.
7. In the New Zone Wizard, on the Zone Type page, click Primary zone,
   and enable the Store the zone in Active Directory checkbox.
8. On the Active Directory Zone Replication Scope page, click To all
   DNS servers in the Active Directory forest forestname.
9. On the Zone Name page, in Zone Name, enter _msdcs.forestname.
10. Complete the wizard by accepting all default options. The zone is
    created and the Net Logon service populates the zone with the
    _msdcs.forestname resource records for the local domain controller.
11.  The zone will now replicate to all other DNS servers in
                                the replication scope using the default replication schedule, or you
can force
                                replication. To force replication, you can use Active Directory Sites
and
                                Services, or the Support Tool repadmin:

        -       To use Active Directory Sites and Services:

                a.       Open Active Directory Sites and Services.
                b.       In the console tree, click NTDS Settings for the server from which
you want to force
                                                                  replication.
                c.       In the details pane, right-click the connection
                                                                  over which you want to replicate directory information, and then
click Replicate Now.
        -       To use the Support Tool repadmin.exe:

                a.       With the Support Tools installed, open a Command Prompt.
                b.       Type " Repadmin /syncall" . This will synchronize
                                                                  all directory partitions.
12. The old _msdcs subdomain does not have to be deleted from the zone
    where is was created before you upgraded because the DNS Server service
    will use the new _msdcs zone to answer any queries for names beginning
    with _msdcs. Microsoft recommends that you delete the old _msdcs
    subdomain to maintain a more orderly DNS database.
13. To delete the old _msdcs subdomain, open the DNS console.
14. In the console tree, expand the zone containing the _msdcs
    subdomain.
15. Right-click the _msdcs subdomain folder, and then click Delete.
16.  Once replication is confirmed for all domain controllers
                                in the forest, perform the following network connection configuration
on all
                                domain controllers in the forest:

        a.       Click Start, click Control Panel, click Network and Internet
Connections, and then click Network Connections.
        b.       Right-click the network connection you want to
                                                         configure, and then click Properties.
        c.       On the General tab (for a local area connection), click Internet
...

read more »