Question : Reversing a New Delegation "continued"

This is a Repost and continuation of a previous posting. There appears to be some hardware/software issues that prohibits and trashes some of my postings. Customer Service is aware of the problems. The points remain at 500 and please post only to this posting now--

I made a mistake and chose to delegate our domain.local to a child domain "child.domain.local" using the new delegation. The child dc isn't fully configured so I have a few replication issues. Otherwise things appear to be working fine.
The only thing I am concerned about is under our domain.local the _msdcs folder is grayed out. It has one NS record pointing to the server it is on. The child domain folder appears to have the information. Also the _msdcs.somain.local zone looks fine.
What does the grayed out icon mean? Is there a way to revese or change back the delegation?
--Thanks
SM

Send to a Friend Printer Friendly

Comment from Pber
Date: 07/13/2006 05:12AM PDT
Comment

Delegations are normally grayed out. It will only contain the NS records you've added of the delegated domain. So this is normal behavior. To reverse a delegation, you just delete it and re-create if needed.

Comment from smantz
Date: 07/13/2006 06:13AM PDT
Your Comment

Thanks for the help but I neeed clarification before I start deleting items.
1. Which folders do I delete? I assume the grayed out delegation folder (_msdcs) but what do I do with the child domain folder which appears to have all info in it(where I delegated to)? Do I delete it and add it back?
2. What are the steps to recreate the _msdcs folder and info in it?
3. I have two root DC's with AD and DNS. Do I need to do it to both for proper transfer?
4. What about the child DC with AD? How can I start over with it and have a clean slate? Demote/uninstall?
5. Are there any clear and concise resources explaining setting up chil domains including what dns records are needed on it and how to create them?
--Thanks for the help
Steve

Comment from Pber
Date: 07/13/2006 07:26AM PDT
Comment

Well, this is a sticky situation because you delegated the root to the child. I hope I getting that right.

You will probably want to do this off hours because you might have some issues if you delete the delegation.

- I would write down/export the _msdcs records so I have a backup. The root DC's should have a file called netlogon.dns in %windir%\system32\config. This file should contain the DNS SRV records. It might help to have this if you need to re-create.
- I make sure my root DNS servers are pointing to themselves for DNS.
- I would remove the delegation wait a about 2 minutes for replication.
- I would do a ipconfig /registerdns on each root DC.
- I would also stop/start netlogon on each root DC.
- Then I would check to see if it re-created the _msdcs folders.

You will need DNS to have the proper SRV records for each DC for proper replication. You should make your AD DNS zone active Directory integrated (configured in General TAB of the zone properties).

You can try and do a IPconfig /registerDNS on the child DNS servers and see if they register properly. If your child domain isn't in use it might be best to start from scratch.

Have you seen this article from M$: http://support.microsoft.com/kb/255248/

New from Steve in response to Pber

I think you are getting it right. By the way, that article was the one I was using and if you notice, in the section:
Manually Create a Delegation for the Child Domain on the Parent (Root) DNS Server--- You delegate the root zone to a Dns server in the child zone. Unfortunately my steps in the later part were slightly out of sync and this probably why things are not set up properely. I thought it was the other way around and I was going to delegate the child to the root/parent. The child server (dns/ad) isn't even running at this time.
The only grayed out item under the forward lookup zones is the domain.local _msdcs folder(zone?). All other information under "domain.local" is there. The _msdcs.domain.local above the zone "domain.local" is all in tack. I'll assume this holds all the information for the forest and why everything is still working other than some replication errors.
What constitutes removing the delegation? Is it deleting the grayed out icon as there is no "remove delegation" item?
Do I do it on both? Do I delete the child zone with all the info in it?
Doesthis affect the _msdcs.domain.local zone above the domain.local zone?
Thanks for the patience,
-Steve

Answer : Reversing a New Delegation "continued"

Removing the delegation is right clicking the grayed out section and deleting. If your DNS is AD integrated, it should only need to be done on one server. This should only effect the _msdcs.domain.local zone.

Random Solutions

Changing FQDN in Split Brain Domain

Installation will be finished in 34 minutes...

Unable to reboot after Centos 5 installation

How to export autotext entries from Word 2003 and Import them back into a new computer with Word 2003

Sending HTML email with outlook 2003

Sql Reporting Services formatting a column to currency with precision of 4, hide trailing zeros if not necessary

Sorting string field in Natural order

How to create a pivot table in SQL Server 2005

Hta script that needs some changed to be able to send 2 mails to 2 different groups with same body but different Subject

How do I store and add values from a repeating section in Infopath?