Microsoft KB Archive/884116

= How to create and apply a custom application directory partition on an Active Directory integrated DNS zone in Windows Server 2003 =

Article ID: 884116

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-





IN THIS TASK

 * INTRODUCTION
 * Create an application directory partition by using the DnsCmd command
 * Configure an additional domain controller DNS server to host the application directory partition
 * Verify that the application directory partition was created successfully
 * Trigger the Knowledge Consistency Checker to create a connection object
 * Verify Active Directory replication over the new replica link that you created
 * Configure the replication scope of your DNS zones to that of the new application directory partition



INTRODUCTION
This article describes how to create and apply a custom application directory partition on an Active Directory directory service integrated Domain Name System (DNS) zone.

You can create a custom Active Directory partition by using the DnsCmd command. The steps in this article create an example custom application directory partition that is named CustomDNSPartition. This application directory partition is located in the example domain Contoso.com. These steps configure the example application directory partition to be hosted on the following two example domain controllers:
 * DC-1.contoso.com
 * DC-2.contoso.com

Note DnsCmd.exe is included in the Microsoft Windows Server 2003 Support Tools. To install the Windows Server 2003 Support Tools, double-click Suptools.msi in the Support\Tools folder on the Microsoft Windows Server 2003 CD.

back to the top

Create an application directory partition by using the DnsCmd command
Use the DnsCmd command to create an application directory partition. To do this, use the following syntax:

DnsCmd  /CreateDirectoryPartition  

To create an application directory partition that is named CustomDNSPartition on a domain controller that is named DC-1, follow these steps:  Click Start, click Run, type cmd, and then click OK. Type the following command, and then press ENTER:

dnscmd DC-1 /createdirectorypartition CustomDNSPartition.contoso.com



When the application directory partition has been successfully created, the following information appears:

DNS Server DC-1 created directory partition: CustomDNSPartition.contoso.com Command completed successfully.

back to the top

Configure an additional domain controller DNS server to host the application directory partition
Configure an additional domain controller that is acting as a DNS server to host the new application directory partition that you created. To do this, use the following syntax with the DnsCmd command:

DnsCmd  /EnlistDirectoryPartition  

To configure the example domain controller that is named DC-2 to host this custom application directory partition, follow these steps:  Click Start, click Run, type cmd, and then click OK. Type the following command, and then press ENTER:

dnscmd DC-2 /enlistdirectorypartition CustomDNSPartition.contoso.com



The following information appears:

DNS Server DC-2 enlisted directory partition: CustomDNSPartition.contoso.com Command completed successfully.

back to the top

Verify that the application directory partition was created successfully
Enumerate the directory partitions to verify that your application directory partition was created successfully. To do this, use the following syntax with the DnsCmd command:

DnsCmd /EnumDirectoryPartitions

To enumerate your directory partitions, follow these steps:  Click Start, click Run, type cmd, and then click OK.</li> Type the following command, and then press ENTER:

dnscmd /enumdirectorypartitions

The following information appears:

<pre class="fixed_text">Enumerated directory partition list:

Directory partition count = 3

CustomDNSPartition.contoso.com    Enlisted DomainDnsZones.contoso.com    Enlisted Auto Domain ForestDnsZones.contoso.com    Enlisted Auto Forest

Command completed successfully.

</li> Type the following command, and then press ENTER:

dnscmd DC-1 /directorypartitioninfo CustomDNSPartition.contoso.com /detail

</li></ol>

The following information is displayed to indicate that this application directory partition has a replica on DC-1 and on DC-2:

<pre class="fixed_text">Directory partition info: DNS root:  CustomDNSPartition.contoso.com Flags:     0x10 Enlisted State:     0 Zone count: 0 DP head:   DC=CustomDNSPartition,DC=contoso,DC=com Crossref:  CN=<44788e4b-4da1-494e-a6ed-24931c1c6268>,CN=Partitions,CN=Configuration,DC=contoso,DC=com Replicas:  2 CN=NTDS Settings,CN=DC-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=com CN=NTDS Settings,CN=DC-1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=com Command completed successfully.

back to the top

Trigger the Knowledge Consistency Checker to create a connection object
Trigger the Knowledge Consistency Checker (KCC) two times to create a connection object between the domain controllers. This action creates the required replication link for the new application directory partition that you created. To do this use the Repadmin command together with the /kcc option.

Note You must have network connectivity between the domain controllers for this command to succeed. To trigger the KCC for DC-1, follow these steps:  Click Start, click Run, type cmd, and then click OK.</li> Type the following command, and then press ENTER:

repadmin /kcc DC-1

</li></ol>

The following information appears:

Consistency check on DC-1 successful.

back to the top

Verify Active Directory replication over the new replica link that you created
Verify Active Directory replication over the new replica link for the following naming context:

DC=CustomDNSPartition,DC=contoso,DC=com

To do this, use the Repadmin command together with the /showrepl option. To do this, follow these steps:  Click Start, click Run, type cmd, and then click OK.</li> Type the following command, and then press ENTER:

repadmin /showrepl DC-1

</li></ol>

Information that is similar to the following appears:

<pre class="fixed_text">Default-First-Site-Name\DC-1

INBOUND NEIGHBORS
================================ ... DC=CustomDNSPartition,DC=contoso,DC=com Default-First-Site-Name\DC-2 via RPC DC object GUID: c2c38539-a5d0-4666-a133-8b1b58bc4b0c Last attempt @ was successful.

If the new naming context that you created does not appear in the Repadmin output, you can verify the state of this naming context by using the Ntdsutil command. To do this, follow these steps:  Click Start, click Run, type cmd, and then click OK.</li> Type ntdsutil, and then press ENTER.</li> Type do ma, and then press ENTER.</li> Type co, and then press ENTER.</li> Type connect to server DC-1, and then press ENTER. The following information appears:

Binding to DC-1 ...

Connected to DC-1 using credentials of locally logged on user.

server connections:

</li> Type q, and then press ENTER to return to the domain management prompt.</li> <li>Type li nc rep dc=customdnspartition,dc-contoso,dc=com, and then press ENTER.</li></ol>

Information that is similar to the following may appear:

The application directory partition dc=customdnspartition,dc=contoso,dc=com's Replicas are:

CN=NTDS Settings,CN=DC-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=com *

CN=NTDS Settings,CN=DC-1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=com

The *'ed items are currently uninstantiated replicas.

This scenario may occur if the following conditions are true:
 * The KCC configures a temporary naming context head until the next Active Directory directory service replication cycle occurs.

Note When this replication cycle occurs, the actual data is replicated.
 * Active Directory directory service replication has not yet occurred.

This behavior occurs because of replication latency, especially if replication occurs between sites.

back to the top

Configure the replication scope of your DNS zones to that of the new application directory partition
Use the DNS management tool, Dnsmgmt.msc, to configure the replication scope of your Active Directory integrated DNS zones to that of the new application directory partition CustomDNSPartition. To do this, follow these steps:
 * 1) On one of the domain controllers that hosts the new application directory partition that you created, start the DNS management tool. For example, on DC-1, click Start, click Run, type dnsmgmt.msc, and then click OK.
 * 2) Under DNS, expand DC-1, expand Forward Lookup Zones, and then click your Active Directory integrated DNS zone.
 * 3) On the Action menu, click Properties.
 * 4) Click the Change button that corresponds to Replication.
 * 5) Click To all domain controllers specified in the scope of the following application directory partition, click CustomDNSPartition.contoso.com in the Application directory partition name list, and then click OK.

Note This new application directory partition is also available when you create a new Active Directory integrated DNS zone.
 * 1) Click Apply, and then click OK.

After you configure the DNS zone replication scope to use this new custom application directory partition, other domain controllers that host this custom application directory partition automatically receive the new replication scope that you configured in step 5. To manually force this change, you can reload the DNS zone. To do this, right-click the DNS zone that you want to reload, and then click Reload.

back to the top

Keywords: kbactivedirectory kbinfo kbhowto KB884116

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.