Microsoft KB Archive/265706

From BetaArchive Wiki

Article ID: 265706

Article Last Modified on 10/26/2007



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Datacenter Server



This article was previously published under Q265706


SUMMARY

This article describes the functionality that has been added to the versions of the Domain Controller Diagnostics (Dcdiag.exe) and Network Diagnostics (Netdiag.exe) tools that are included in Windows 2000. For additional information about the latest service pack for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack


MORE INFORMATION

The functionality that has been added to Dcdiag.exe and Netdiag.exe verifies that the Domain Name Service (DNS) infrastructure is sufficient for deploying the Windows 2000 Active Directory service. The updated Dcdiag.exe and Netdiag.exe tools in Windows 2000 provide the ability to test the Domain Name Service (DNS)infrastructure to:

  1. Verify that it can support the Active Directory.
  2. Determine if an Active Directory forest can be created.
  3. Verify that additional domain controllers can be added.
  4. Determine if a Windows 2000 computer can be joined to a domain.

To display the functionality for these tools, type the following at a command prompt:

file name /h


or


file name /?


where file name is either dcdiag.exe or netdiag.exe

Dcdiag.exe Updates

Active Directory Installation Wizard

The Active Directory Installation Wizard tests the existing DNS infrastructure for promotion to domain controller. If the infrastructure is sufficient, you can promote the computer to domain controller in a domain specified in Active Directory Domain DNS Name. It also reports whether any modifications to the existing DNS infrastructure are required.

        Required argument:
        /DnsDomain:<Active_Directory_Domain_DNS_Name>

        One of the following arguments is required:
    /NewForest
    /NewTree
    /ChildDomain
    /ReplicaDC

    If NewTree is specified, then the ForestRoot argument is
    required:
    /ForestRoot:<Forest_Root_Domain_DNS_Name>
                



RegisterInDNS

RegisterInDNS tests whether this domain controller can register the Domain Controller Locator DNS records. These records must be present in DNS for other computers to locate this domain controller for the Active Directory Domain DNS Name domain. It also reports whether you require any modifications to the existing DNS infrastructure.

Required argument: DnsDomain: <Active_Directory_Domain_DNS_Name>


Dcdiag.exe Updates

DsGetDc


DsGetDc is the domain controller discovery test. This command existed in the earlier version, but new functionality has been added to the display text to help resolve DNS configuration problems.

The following examples provide the command-line arguments to for each of the new tests and sample output.

Creating the First Domain Controller in a New Active Directory Forest

The example below is a DNS query issued to locate the DNS servers and zones that are authoritative for the DNS records that this domain controller should register followed by a "prerequisite-only " request to perform a dynamic update that probes an ability of the authoritative DNS servers and zones to process the dynamic updates.

dcdiag /test:dcpromo /dnsdomain:example.microsoft.com /newforest

Starting test: DcPromo

   Messages logged below this line indicate whether this domain 
controller will be able to dynamically register DNS records required 
for the location of this DC by other devices on the network. If any
misconfiguration is detected, it might prevent dynamic DNS registration 
of some records, but does not prevent successful completion of the 
Active Directory Installation Wizard. However, we recommend fixing 
the reported problems now, unless you plan to manually update the 
DNS database.

   DNS configuration is sufficient to allow this domain controller 
to dynamically register the domain controller Locator records in DNS.

   ......................... RANDYMC1 passed test DcPromo
                
Adding a New Domain Tree to an Existing Active Directory Forest

In the following example, a DNS query is issued for the SRV records for the domain controllers in the forest root domain. A query is then issued for the Host records for each domain controller. A DNS query is issued to locate the DNS servers and zones that are authoritative for the DNS records that this domain controller should register followed by a "prerequisite-only " request to perform a dynamic update that probes the ability of the authoritative DNS servers and zones to process the dynamic updates.

dcdiag /test:dcpromo /dnsdomain:test.example.microsoft.com /newtree
/forestroot:example.microsoft.com

Starting test: DcPromo
   The DNS configuration is sufficient to allow this computer to 
be promoted as the first DC in the test.example.microsoft.com 
Active Directory domain.

   Messages logged below this line indicate whether this domain 
controller will be able to dynamically register DNS records required 
for the location of this DC by other devices on the network. If 
any misconfiguration is detected, it might prevent dynamic DNS 
registration of some records, but does not prevent successful completion 
of the Active Directory Installation Wizard. However, we recommend 
fixing the reported problems now, unless you plan to manually update 
the DNS database.

   DNS configuration is sufficient to allow this domain controller 
to dynamically register the domain controller Locator records in 
DNS.
   ......................... RANDYMC1 passed test DcPromo
                

Adding a Child Domain to a Tree Within an Existing Active Directory Forest

In the following example, a DNS query is issued for the SRV records of the domain controllers hosting parent Active Directory domain of the DNS domain name that is provided. A query is then issued for the Host records for each parent domain controller returned. A DNS query is issued to locate the DNS servers and zones that are authoritative for the DNS records that this domain controller should register followed by a prerequisite-only " request to perform a dynamic update that probes the ability of the authoritative DNS servers and zones to process the dynamic updates.

dcdiag /test:dcpromo /dnsdomain:test.example.microsoft.com /childdomain

Starting test: DcPromo
   The DNS configuration is sufficient to allow this computer to 
be promoted as the first DC in the example.microsoft.com Active 
Directory domain.

   Messages logged below this line indicate whether this domain 
controller will be able to dynamically register DNS records required 
for the location of this DC by other devices on the network. If 
any misconfiguration is   detected, it might prevent dynamic 
DNS registration of some records, but does not prevent 
successful completion of the Active Directory Installation Wizard. 
However, we recommend fixing the reported problems now, unless you plan 
to manually update the DNS database.

   DNS configuration is sufficient to allow this domain controller 
to dynamically register the domain controller Locator records in 
DNS.

   ......................... RANDYMC1 passed test DcPromo
                
Adding an Additional Domain Controller to an Existing Domain

In the following example, a DNS query is issued for the SRV records for the DCs in the dnsdomain. A query is then issued for the Host records for each domain controller. A DNS query is issued to locate the DNS servers and zones that are authoritative for the DNS records that this domain controller should register followed by a "prerequisite-only " request to perform a dynamic update that probes the ability of the authoritative DNS servers and zones to process the dynamic updates.

dcdiag /test:dcpromo /dnsdomain:example.microsoft.com /replicadc

Starting test: DcPromo
   The DNS configuration is sufficient to allow this computer to 
be promoted as a replica domain controller in the 
example.microsoft.com domain.

   Messages logged below this line indicate whether this domain 
controller will be able to dynamically register DNS records required 
for the location of this DC by other devices on the network. If 
any misconfiguration is   detected, it might prevent dynamic 
DNS registration of some records, but does not prevent 
successful completion of the Active Directory Installation Wizard. 
However, we recommend fixing the reported problems now, unless you plan 
to manually update the DNS database.

   DNS configuration is sufficient to allow this domain controller 
to dynamically register the domain controller Locator records in 
DNS.

   ......................... RANDYMC1 passed test DcPromo
                
Testing Dynamic DNS Registration (DDNS)

NOTE: The following procedure is useful to resolve the following event in the System Event log: Netlogon 5774 - Registration of the DNS record record name and DNS information failed.

In the example below, a DNS query is issued to locate the DNS servers and zones authoritative for the DNS records that this domain controller should register followed by a "prerequisite-only " request to perform a dynamic update that probes an ability of the authoritative DNS servers and zones to process the dynamic updates.

dcdiag /test:registerindns /dnsdomain:example.microsoft.com

Starting test: RegisterInDNS DNS configuration is sufficient to allow 
this domain controller to dynamically register the domain 
controller Locator records in DNS.

   ......................... RANDYMC1 passed test RegisterInDNS
                

Netdiag.exe Enhanced Error Messages when using the DSGetDC Test for Connectivity to Domain Controllers

An additional error message has been added to Netdiag.exe. Netdiag always tests the domain of which the computer is a member and the domain that you specify by using the /d switch when you perform the DSGetDC test. If the test passes for one of the domains, you do not receive the error message. To make sure that you receive the new error message, use the /v (verbose) or debug switch.

If the DSGetDC test does not contact a DNS server, you receive the following error message:

netdiag /test:dsgetdc /d:c.b.a.com /v or netdiag /test:dsgetdc /d:c.b.a.com /debug Find DC in domain 'c.b.a.com': Verify that the network connections on this computer are configured with the correct IP addresses of the DNS servers to be used for name resolution, and then run this tool again. [FATAL]Cannot find DC in domain 'c.b.a.com'. [ERROR_NO_SUCH_DOMAIN]

If a domain controller, Windows 2000 DC, or PDC Emulator cannot be located when the /dsgetdc test is performed, you receive the following error message:

netdiag /test:dsgetdc /d:c.b.a.com /v
or
netdiag /test:dsgetdc /d:c.b.a.com /debug

Find DC in domain 'c.b.a.com':

This computer cannot be joined to the [c.b.a.com] domain because of one of the following reasons:

1. The DNS SRV record for [c.b.a.com] is not registered in DNS; or

2. A zone from the following list of DNS zones does not include delegation to its child zone.

Such zones can include [c.b.a.com, b.a.com, a.com, com], and root zone.

Ask your network/DNS administrator to perform the following actions: To find out why the SRV record for [_ldap._tcp.dc._msdcs.c.b.a.com] is not registered in the DNS, run the dcdiag command prompt tool with the command RegisterInDNS on the domain controller that did not perform the registration.

[FATAL]Cannot find DC in domain 'c.b.a.com'. [ERROR_NO_SUCH_DOMAIN]


Steps to Resolve Common Configuration Problems

To configure the DNS client with a preferred and alternate DNS server:

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Network and Dial-up Connections.
  3. Right-click Local Area Connection, and then click Properties.
  4. Click Internet Protocol (TCP/IP), click Properties, and then click to select the Use the following DNS server addresses check box.
  5. In the Preferred DNS server box, specify the IP address of the DNS server to which you want this computer to send DNS queries. Usually this is an existing DNS server in the same site. If this computer sends queries to the DNS server that is running on this computer, specify the IP address of this computer. Alternatively, in the Alternate DNS server box, specify an IP address of another DNS server to which you want this computer to send the queries if the Preferred DNS server does not respond.
  6. If a DNS server is running (or will run) on this computer, Microsoft recommends that you configure a computer with static IP address. To do so, select the Use following IP address option, and then specify the static IP address, subnet mask, and default gateway IP address in the appropriate boxes.
  7. Click OK to close the Advanced TCP/IP Settings properties.
  8. Click OK to accept the changes to your TCP/IP configuration.
  9. Click OK to close the Local Area Connections properties.

To configure a DNS zone to allow dynamic updates:

  1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. In DNS Console, expand the DNS Server that contains the authoritative zone, and then expand the Forward Lookup Zones folder.
  3. Right-click the zone you want, and then click Properties.
  4. On the General tab, click to select the Secure only (recommended) or the Yes Allow Dynamic Update? menu, and then click OK to accept the change.

To use DNS console to enumerate the records in a zone:

  1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. In DNS Console, expand the DNS Server that contains the zone that you want to view, and then expand the Forward Lookup Zones folder.
  3. Expand the zone you want. The right pane contains those records of the zone that have the name that is the immediate subdomain of the DNS zone name. For example, "child.reskit.com" is the immediate subdomain of the reskit.com zone, while "grandchild.child.reskit.com" is not an immediate subdomain of the reskit.com zone.
  4. If the record that you are looking for is not an immediate subdomain of the zone, expand the folder that has the name that matches the label of the record name that follows the name of the zone. In the previous example, the name of the folder is "child". Continue to expand the folders that correspond to the following labels of the name of the record until you find the record or determine that the records do not exist.

The following files are available for download from the Microsoft Download Center:

Netdiag.exe

Dcdiag.exe

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services


Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The DCDiag and NetDiag tests can be performed manually.


Additional query words: DRDNS Dr. DNS

Keywords: kbproductlink kbdownload kbgraphxlinkcritical kbhowto KB265706