DNS: Zone <zone name> is an Active Directory integrated DNS zone and must be configured as primary

  • Article

Updated: October 15, 2010

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Product/Feature

DNS

Severity

Warning

Category

Configuration

Issue

The zone is Active Directory integrated but the zone type is not configured as primary.

All Active Directory (AD)-integrated DNS zones must be configured as primary. The AD-integrated zone is not configured as primary, indicating an error.

Impact

DNS queries for the Active Directory integrated zone might fail.

The zone might not replicate properly to other domain controllers, causing errors in DNS resolution.

Resolution

Configure the zone type for the zone as a primary.

If the zone type was recently changed from standard primary to AD-integrated primary, DNS servers that host a secondary copy of the zone must be rebooted in order to convert the zone to an AD-integrated primary zone. This will occur automatically when you reboot the DNS server. If the zone type was not changed but the zone is no longer primary, attempt to configure the zone type as AD-integrated primary zone. If this fails, restore the zone from backup.

Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To configure the zone type as AD-integrated primary

  1. Open an elevated command prompt.

  2. Type the following command, and then press ENTER:

    dnscmd /ZoneResetType <zone name> /dsprimary
Value Description

dnscmd

The command-line tool for managing DNS servers.

/ZoneResetType

Required. Changes the type of a specified zone.

<zone name>

Required. The FQDN of the zone.

See Also

Concepts

Performing Authoritative Restore of an Application Directory Partition