DNS Support for Active Directory Tools and Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
DNS Support for Active Directory Tools and Settings
In this section
DNS Support for Active Directory Tools
DNS Support for Active Directory Registry Entries
DNS Support for Active Directory Group Policy Settings
DNS Support for Active Directory WMI Classes
Related Information
DNS Support for Active Directory Tools
The following tools are associated with the Domain Name System (DNS) support for Active Directory. For more information about DNS tools and settings in a Windows Server 2003 network, see “DNS Tools and Settings” in DNS Technical Reference.
Note
In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory Domain Services (AD DS). The rest of this topic refers to Active Directory, but the information is also applicable to Active Directory Domain Services.
Dcdiag.exe: Domain Controller Diagnostic Tool
Category
This tool is included in the Windows 2000 Server and later Support Tools.
Version compatibility
This tool runs on Windows XP, and the Windows 2000 Server and later operating systems.
You can use Domain Controller Diagnostic Tool to verify that there are sufficient resources for the DNS infrastructure when deploying the Windows 2000 Server or later Active Directory directory service. This tool analyzes the state of domain controllers in a forest or enterprise and reports any problems, to assist in troubleshooting. As an end-user reporting program, Domain Controller Diagnostic Tool queries the directory service infrastructure and uses the results to identify abnormal behavior in the system. Domain Controller Diagnostic Tool provides a framework for executing tests and a series of tests to verify different functional areas of the system. This framework selects which domain controllers are tested according to scope directives from the user, such as enterprise, site, or single server.
Dnscmd.exe: Dnscmd
Category
This tool is included in the Windows Server 2003 and later Support Tools.
Version compatibility
This tool runs on the Windows 2000 Server and later operating systems.
Dnscmd is used to view the properties of DNS servers, zones, and resource records. In addition, Dnscmd is used to modify all aspects of the DNS Server service, including creating and deleting zones and resource records, and forcing replication events between DNS server physical memory and DNS databases. Dnscmd can also be useful for developing scripts for configuring a DNS server.
Dnslint.exe: DNSLint
Category
This tool is available for download on the Microsoft Web site.
Version compatibility
This tool runs on Windows XP, and the Windows 2000 Server and later operating systems.
DNSLint is a Microsoft Windows utility that can be used to help diagnose common DNS name resolution issues. It can be targeted to look for specific DNS record sets and ensure that they are consistent across multiple DNS servers. It can also be used to verify that DNS records used specifically for Active Directory replication are correct.
Dnsmgmt.msc: DNS console
Category
This tool is included in the Windows 2000 Server and later operating systems, and is installed when the DNS Server service is installed. This tool is also installed with the Windows 2000 Server or later Administration Tools Pack (Adminpak.msi).
Version compatibility
This tool runs on the Windows 2000 Server and later operating systems. When installed from one of the administration tools packs, this tool can also run on Microsoft Windows 2000 Professional and Windows XP.
The DNS console is used to administer the DNS Server service. It can be used to modify all aspects of the DNS Server service, including creating and deleting zones and resource records, and forcing replication events between DNS server physical memory and DNS databases. The DNS console can also be used to perform diagnostics on the DNS infrastructure of a network.
Eventvwr.exe: Event Viewer
Category
This tool is included in all Windows server and client operating systems.
Version compatibility
This tool runs on Windows XP, and the Windows 2000 Server and later operating systems.
You can use Event Viewer to monitor events recorded in event logs. Typically, a computer stores the Application, Security, and System logs. It could also contain other logs, depending on the role of the computer and the applications that are installed on it. For example, DNS servers write DNS-related events (such as errors that occur when the DNS Server service is invoked) to log files which can be read by using Event Viewer.
Ipconfig.exe: Ipconfig
Category
This tool is included in all Windows server and client operating systems.
Version compatibility
This tool runs on all Windows server and client operating systems.
Ipconfig displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and DNS settings. Used without parameters, Ipconfig displays IPv6 addresses or the IPv4 address, subnet mask, and default gateway for all adapters.
Netdiag.exe: Network Connectivity Tester
Category
This tool is included in the Windows 2000 and later Support Tools.
Version compatibility
This tool runs on Windows XP, and the Windows 2000 Server and later operating systems.
You can use Network Connectivity Tester to help isolate networking and connectivity problems, by performing a series of tests to determine the state of your network client, and whether it is functional. These tests, and the key network status information they expose, give network administrators and support personnel a more direct means of identifying and isolating network problems. Moreover, because this tool does not require that parameters or switches be specified, support personnel and network administrators can focus on analyzing the output rather than on training users how to use the tool.
Netmon.exe: Network Monitor
Category
This tool is installed with the Windows Server 2003 and later Administration Tools Pack.
Version compatibility
This tool runs on all Windows operating systems.
Network Monitor captures data about the packets on a network and logs them for subsequent analysis. The monitored data can be filtered using many criteria, including protocol, ports, physical addresses, and logical addresses. Network Monitor can be useful in many situations, such as when you are troubleshooting an environment that has a firewall between a DNS server and a client, or between two DNS servers.
There are two versions of Network Monitor: the Network Monitor that is provided as part of the Windows Server 2003 operating system, and the Network Monitor that is part of Microsoft Systems Management Server (SMS). The version of Network Monitor that is included with the Windows Server 2003 operating system captures only data about network packets that are sent to or from the server on which you run Network Monitor; it also captures data about network broadcasts that are received. The Network Monitor that is included with SMS can monitor all network packets on a network segment regardless of their source or destination.
Nslookup.exe: Nslookup
Category
This tool is included in all Windows server and client operating systems.
Version compatibility
This tool runs on all Windows server and client operating systems.
Nslookup is used to query DNS servers and to obtain detailed responses. The information obtained using Nslookup can be used to diagnose and solve name resolution problems, verify that resource records are added or updated correctly in a zone, and debug other server-related problems.
DNS Support for Active Directory Registry Entries
Active Directory uses DNS to enable client computers to locate domain controllers and to enable domain controllers to locate each other. Domain controllers register SRV records in DNS, and clients and other domain controllers query for these records. Which records are registered in DNS and how they are registered depends on settings in the Windows registry. The following registry entries are associated with DNS support for Active Directory.
The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, modify settings though the use of policy settings or through dedicated management tools, such as the DNS snap-in for the Microsoft Management Console (MMC), to accomplish tasks, rather than editing the registry directly. If you must edit the registry, use extreme caution.
DNS\Parameters
The following registry entries are used to configure various DNS options that control how DNS interacts with the Active Directory environment.
EnableDirectoryPartitions
Registry path
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
Version
Windows Server 2003 and later
If you do not want the default DNS application directory partitions to be created automatically, you must disable the EnableDirectoryPartitions registry key. The values for this key are 0x0 (disable) and 0x1 (enable).
For more information about this registry entry, see the “Registry Reference” in the Tools and Settings Collection.
DnsAvoidRegisterRecords
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Version
Windows Server 2003 and later
Specifies the list of data corresponding to the DNS resource records that should not be registered for a domain controller by the Net Logon service. Restarting the Net Logon service is not required to make the changes to this value effective. If the DnsAvoidRegisterRecords registry key is created or modified within the first 15 minutes after the Net Logon service is started, there might be a short delay before the appropriate DNS updates appear and are replicated to the other DNS servers. If the modifications are made while the Net Logon service is stopped there is a short delay before the DNS updates appear after the Net Logon service is restarted.
In this value, list the data corresponding to the DNS resource records that should not be registered for this domain controller by the Net Logon service. The list of data includes:
| Data Value | Resource Record Type | DNS Resource Record |
|---|---|---|
LdapIpAddress |
A |
<DnsDomainName> |
Ldap |
SRV |
_ldap._tcp.<DnsDomainName> |
LdapAtSite |
SRV |
_ldap._tcp.<SiteName>._sites.<DnsDomainName> |
Pdc |
SRV |
_ldap._tcp.pdc._msdcs.<DnsDomainName> |
Gc |
SRV |
_ldap._tcp.gc._msdcs.<DnsForestName> |
GcAtSite |
SRV |
_ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestName> |
DcByGuid |
SRV |
_ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName> |
GcIpAddress |
A |
_gc._msdcs.<DnsForestName> |
DsaCname |
CNAME |
<DsaGuid>._msdcs.<DnsForestName> |
Kdc |
SRV |
_kerberos._tcp.dc._msdcs.<DnsDomainName> |
KdcAtSite |
SRV |
_kerberos._tcp.dc._msdcs.<SiteName>._sites.<DnsDomainName> |
Dc |
SRV |
_ldap._tcp.dc._msdcs.<DnsDomainName> |
DcAtSite |
SRV |
_ldap._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName> |
Rfc1510Kdc |
SRV |
_kerberos._tcp.<DnsDomainName> |
Rfc1510KdcAtSite |
SRV |
_kerberos._tcp.<SiteName>._sites.<DnsDomainName> |
GenericGc |
SRV |
_gc._tcp.<DnsForestName> |
GenericGcAtSite |
SRV |
_gc._tcp.<SiteName>._sites.<DnsForestName> |
Rfc1510UdpKdc |
SRV |
_kerberos._udp.<DnsDomainName> |
Rfc1510Kpwd |
SRV |
_kpasswd._tcp.<DnsDomainName> |
Rfc1510UdpKpwd |
SRV |
_kpasswd._udp.<DnsDomainName> |
DNS Support for Active Directory Group Policy Settings
Active Directory uses DNS to enable client computers to locate domain controllers and to enable domain controllers to locate each other. Domain controllers register SRV records in DNS, and clients and other domain controllers query for these records. Which records are registered in DNS and how they are registered depends on specific Group Policy settings The following tables list and describe the Group Policy settings that are associated with DNS support for Active Directory.
Net Logon Group Policy Settings Associated with DNS Support for Active Directory
| Group Policy Setting | Description |
|---|---|
Site Name |
Specifies the Active Directory site to which computers belong. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. |
Negative DC Discovery Cache Setting |
Specifies the amount of time (in seconds) the DC locator retains that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting, DC Discovery immediately fails, without attempting to find the DC. |
Domain Controller Locator Group Policy Settings Associated with DNS Support for Active Directory
| Group Policy Setting | Description |
|---|---|
Dynamic Registration of the DC Locator DNS Records |
Determines if Dynamic Registration of the DC locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC. |
DC Locator DNS records not registered by the DCs |
Determines which DC Locator DNS records are not registered by the Netlogon service. |
Refresh Interval of the DC Locator DNS Records |
Specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC. This setting can be applied only to DCs by using dynamic update. |
Weight Set in the DC Locator DNS SRV Records |
Specifies the Weight field in the SRV resource records registered by the DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC. |
Priority Set in the DC Locator DNS SRV Records |
Specifies the Priority field in the SRV resource records registered by DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC. |
TTL Set in the DC Locator DNS SRV Records |
Specifies the value for the Time-To-Live (TTL) field in Net Logon registered SRV resource records. These DNS records are dynamically registered by the Net Logon service and are used to locate the domain controller (DC). |
Automated Site Coverage by the DC Locator DNS SRV Records |
Determines whether DCs dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog (GC) for the same forest exists). These DNS records are dynamically registered by the Net Logon service and are used to locate the DC. |
Sites Covered by the DC Locator DNS SRV Records |
Specifies the sites for which the DCs register the following:
|
Sites Covered by the GC Locator DNS SRV Records |
Specifies the sites for which the GCs should register the following:
|
Sites Covered by the Application Directory Partition Locator DNS SRV Records |
Specifies the sites for which the DCs hosting the application directory partition should register the following:
|
Location of the DCs hosting a domain with a single label DNS name |
Specifies whether the computers to which this setting is applied attempt DNS name resolution of single-label domain names. |
For more information about Group Policy settings, see the “Group Policy Settings Reference” in the Tools and Settings Collection.
DNS Support for Active Directory WMI Classes
The WMI classes that are associated with the DNS support for Active Directory are the DNS WMI classes. The following table lists and describes the WMI classes that are associated with the DNS Server service.
WMI Classes Associated With DNS Server Service
| Microsoft DNS WMI Class | Description |
|---|---|
MicrosoftDNS_Server |
Describes a DNS server. Every instance of this class might be associated with one instance of class MicrosoftDNS_Cache, one instance of class MicrosoftDNS_RootHints, and multiple instances of class MicrosoftDNS_Zone. |
MicrosoftDNS_Domain |
Represents a domain in a DNS hierarchy tree. |
MicrosoftDNS_Zone |
Describes a DNS zone. Every instance of the class MicrosoftDNS_Zone must be assigned to exactly one DNS Server. Zones might be associated with multiple instances of the classes MicrosoftDNS_Domain and MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_Cache |
Describes a cache existing on a DNS server (do not confuse this with a cache file that contains root hints). This class simplifies visualizing the containment of DNS objects, rather than representing a real object. The class, MicrosoftDNS_Cache, is a container for the resource records cached by the DNS server. Every instance of the class MicrosoftDNS_Cache must be assigned to exactly one DNS server. It might be associated with multiple instances of MicrosoftDNS_Domain and MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_RootHints |
Describes the RootHints stored in a cache file on a DNS server. This class simplifies visualizing the containment of DNS objects, rather than representing a real object. Class MicrosoftDNS_RootHints is a container for the resource records stored by the DNS server in a cache file. Every instance of the class MicrosoftDNS_RootHints must be assigned to exactly one DNS server. It might be associated with multiple instances of the MicrosoftDNS_ResourceRecord class. |
MicrosoftDNS_Statistic |
Represents a single DNS server statistic. |
MicrosoftDNS_ServerDomainContainment |
Every instance of the class MicrosoftDNS_ServerDomainContainment might contain multiple instances of the class MicrosoftDNS_Domain. |
MicrosoftDNS_DomainDomainContainment |
Every instance of the MicrosoftDNS_DomainDomainContainment class might contain multiple other instances of MicrosoftDNS_Domain. |
MicrosoftDNS_DomainResourceRecordContainment |
Every instance of the class MicrosoftDNS_DomainResourceRecordComtainment might contain multiple instances of the MicrosoftDNS_ResourceRecord class. |
MicrosoftDNS_ResourceRecord |
Represents the general properties of a DNS RR. |
MicrosoftDNS_AAAAType |
Represents an IPv6 Address (AAAA), often pronounced quad-A, RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_AFSDBType |
Represents an Andrew File System Database Server (AFSDB) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_ATMAType |
Represents an ATM Address-to-Name (ATMA) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_AType |
Represents an Address (A) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_CNAMEType |
Represents a Canonical Name (CNAME) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_HINFOType |
Represents a Host Information (HINFO) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_ISDNType |
Represents an ISDN RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_KEYType |
Represents a KEY RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_MBType |
Represents a Mailbox (MB) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_MDType |
Represents a Mail Agent for Domain (MD) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_MFType |
Represents a Mail Forwarding Agent for Domain (MF) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_MGType |
Represents an MG RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_MINFOType |
Represents an Mail Information (MINFO) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_MRType |
Represents a Mailbox Rename (MR) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_MXType |
Represents a Mail Exchanger (MX) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_NSType |
Represents a Name Server (NS) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_NXTType |
Represents a Next (NXT) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_PTRType |
Represents a Pointer (PTR) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_RPType |
Represents a Responsible Person (RP) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_RTType |
Represents a Route Through (RT) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_SIGType |
Represents a Signature (SIG) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_SOAType |
Represents a Start Of Authority (SOA) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_SRVType |
Represents a Service (SRV) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_TXTType |
Represents a Text (TXT) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_WINSRType |
Represents a WINS-Reverse (WINSR) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_WINSType |
Represents a WINS RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_WKSType |
Represents a Well-Known Service (WKS) RR. Subclass of MicrosoftDNS_ResourceRecord. |
MicrosoftDNS_X25Type |
Represents an X.25 (X25) RR. Subclass of MicrosoftDNS_ResourceRecord. |
For more information about many WMI classes, see the WMI SDK documentation on MSDN.
Related Information
The following resources contain additional information that is relevant to this section.
“Microsoft Platform SDK” on MSDN for more information about many WMI classes that are associated with the DNS Server service.
“Group Policy Settings Reference” in the Tools and Settings Collection for information about Group Policy settings that are associated with the DNS Client service.
“Registry Reference” in the Tools and Settings Collection for information about registry entries that are associated with DNS.