Server 2008 Active Directory DNS Entries Deleted. Dcdiag unable to contact local AD controller


I've never seen anything like this. At a potential customer site, I noticed that the PC's were all unable to locate the domain controller and netlogon was failing. I fixed the DNS entries on the client PC's so the AD server was DNS server and tried to rejoin the domain. The PC was unable to locate the domain controller.

On the server, I checked the DNS settings and while there is the high level AD folder, every single entry related to Active Directory appears to have been completely deleted.

There are no backups from what I can tell and this has been happening for 6 months at least. Does anyone have any recommendations for repairing this? Thanks.

Best Answer

Here's a step-by-step to get the records back. It's not too painful at all:

  • If the forward lookup zone for the Customer's domain is still there make sure it's configured as an Active Directory integrated zone that allows secure dynamic updates. If the zone is gone re-created it and configured as I described. If it's there but not configured as Active Directory integrated or to allow only secure dynamic updates then configure it as such.

  • Make the same checks and changes, if necessary, for the "" DNS zone (where "" is the Customer's domain).

  • Make sure the DC is configured to use itself as its DNS server (and not configured to use any others).

  • Stop and restart the "Netlogon" service to cause the DC to re-register its SRV records, etc.