Solving a problem when upgrading a computer to a domain controller

When a Windows 2003 server is converted to a domain controller, the system writes some special domain name resolution records to the machine's DNS service (usually The next is Microsoft's own DNS service, but the third party's DNS service will also have the same situation). These records include the globally unique identifier (GUID) of the entire domain environment so that the Active Directory can perform DNS resolution through the GUID address.

If an administrator promotes a DNS service to a domain controller without installing and configuring a DNS service in advance, then the DNS resolution record for the above Active Directory will not be properly configured. This will cause the DNS service to not save these special parsing records, which will cause some network connectivity problems. You can use a command dcdiag to test, it will fail when connecting to the DNS server. In general, the error message is similar to the following:

() The GUID DNS name of the service cannot be resolved to an IP address. Please check the DNS service name and DHCP name. Although the GUID DNS name (._msdcs.domain-name.local) cannot be resolved, the server name () can still be resolved to an IP address () and can be pinged. Please check if the IP address is properly registered in the DNS service.

Obviously, this problem will cause your Active Directory to not work properly. Here's how to solve this problem:

1. Make sure the system's TCP/IP settings are correct, and Configure it to support local DNS services.

2. Open “My Network Connection”| “Local connection" (or any network connection you currently use)| “Internet Protocol (TCP/IP)”| “Attributes”| “Advanced”| “DNS”.

3. Set the first DNS server as the local computer. It can be the network address of this machine, or 127.0.0.1 (loopback address).

4. Add “ Add primary and connection specified DNS suffixes & &quo; Add parent suffix to primary DNS suffix & rdquo; two options selected.

5. Register the address of the connection in DNS ”, then click “OK” to exit.

6. In the command prompt mode, enter the command ipconfig/flushdns and run, then enter ipconfig/registerdns to clear the local DNS resolution cache and register the DNS source record separately.

7. Open the DNS Management Console and find the host record, SOA record, and Name Server record for the computer name.

8. In the Forward Lookup Zones, find the DNS zone for the Active Directory domain and view its properties.

9. Select “Active Directory Integration> in the zone type and select “Security Only in the dynamic update type, then click “OK" to exit.

10. Enter netdiag/fix in the command prompt mode and run it, then the net stop netLogon and net start netLogon commands to apply the changes.

11. Finally, run dcdiag to test if the domain controller's DNS service is working.