Microsoft KB Archive/286753

= Windows 2000 Active Directory DNS Zones Do Not Replicate Across Domains =

Article ID: 286753

Article Last Modified on 3/2/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q286753



SUMMARY
This article describes why Active Directory integrated zones do not replicate between different domains. The functionality described here applies only to Windows 2000 and is subject to change in future versions of the operating system.



MORE INFORMATION
The Windows 2000 DNS Service can create multimaster DNS zones that replicate DNS zone data to other Windows 2000 DNS servers by using the Active Directory replication infrastructure. Although the Active Directory replication infrastructure is used to replicate some types of data among all domain controllers in a forest, DNS zone data is only replicated in each domain.

When you use the DNS Microsoft Management Console (MMC) to configure zones on a Windows 2000 DNS server, you can configure an Active Directory integrated zone with the same name on DNS servers that are located in different Windows 2000 domains. If the zones are configured to accept dynamic updates, the DNS server permits clients to register in the zone, as expected. This registration data is replicated to other domain controllers and DNS servers that are members of the same Windows 2000 domain. However, the registration data is not replicated to domain controllers and DNS servers that are members of other Windows 2000 domains, although a zone with the same name exists on those DNS servers.

For example, if you create a Windows 2000 domain called reskit.com, and you make the Windows 2000 domain controller and DNS server the authority for the domain, a child domain is created called &quot;dev.reskit.com&quot;. The following diagram illustrates this configuration:

reskit.com

\

\

\


 * dev.reskit.com

Additionally, the DNS server in the reskit.com domain is also authoritative for the dev.reskit.com domain. This way, the dev.reskit.com domain does not require its own DNS server. Both DNS zones can be Active Directory integrated and replicate zone data for both zones with other Windows 2000 DNS servers in the reskit.com Windows 2000 domain.

If you add a Windows 2000 DNS server to the dev.reskit.com domain, an Active Directory integrated zone is configured on the server for dev.reskit.com. This zone can also be configured to accept dynamic updates. The DNS server can then take clients' registration requests for the zone.

The dev.reskit.com zone on the new DNS server in the dev.reskit.com domain does not replicate DNS zone data with the DNS server in the reskit.com domain. Updates to the dev.reskit.com zone remain in the Windows 2000 domain in which they were accepted. If a client registers its name (host1.dev.reskit.com) with the DNS server in the reskit.com domain, its resource record data is not replicated to the DNS server in the dev.reskit.com Windows 2000 domain, although the DNS server in that domain has an Active Directory integrated zone with the same name (dev.reskit.com).

To scale tens of millions of objects, a forest is partitioned into domains. Each Active Directory domain controller can be a member of one domain, and domain controllers in the same domain contain the same information. Domain controllers from different domains share the same configuration and schema data, but they do not share the same domain data. The directory partition (also known as the naming context) is used to distribute storage.

In Active Directory, a directory partition is a portion of the directory namespace. Each directory partition contains a hierarchy (subtree) of directory objects in the directory tree. The same directory partition can be stored as copies (replicas) on many domain controllers, and the copies are updated through directory replication.

Every domain controller in a Windows 2000 Domain contains the configuration, schema, and domain directory partitions. Updates to the configuration and schema partitions are replicated to all domain controllers in the forest. Updates to objects in the domain partition are replicated to only domain controllers in the domain. Updates are also replicated to global catalog servers if the update is made to an object attribute that is marked for replication to the global catalog.

The domain partition contains a domain container that stores users, computers, groups, and other objects for a specific Windows 2000 domain. Active Directory integrated DNS zone data is also stored in the domain container. Therefore, this data is replicated only to other domain controllers in the same domain.

To view the Active Directory integrated DNS zone data that is replicated in a domain:
 * 1) On a domain controller, start the Active Directory Users and Computers snap-in.
 * 2) On the View menu, click Advanced Features.
 * 3) Expand the folders under a server object.
 * 4) Expand the System folder.
 * 5) Expand the MicrosoftDNS folder to view the Active Directory integrated DNS zones that get replicated between domain controllers in the domain.
 * 6) Click each zone in the MicrosoftDNS folder to view the zone's DNS resource records that are replicated.

These records are displayed in the right pane of the snap-in.

Additional query words: dc gc

Keywords: kbdns kbinfo KB286753

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.