You want to verify DNS is configured correctly so that a domain controller can register its resource records, which are needed for clients to be able to locate various AD services.
With the following dcdiag command, replace dc1 with the DNS name of the domain the domain controller is in. This command has to be run directly on the domain controller you want to test.
> dcdiag /test:RegisterInDNS /DnsDomain:dc1 Starting test: RegisterInDNS DNS configuration is sufficient to allow this domain controller to dynamically register the domain controller Locator records in DNS. The DNS configuration is sufficient to allow this computer to dynamically register the A record corresponding to its DNS name. ......................... dc1 passed test RegisterInDNS
With the default setup, domain controllers attempt to dynamically register the resource records necessary for them to be located by Active Directory clients and other domain controllers. The domain controllers must have their resource records populated in DNS in order to function. It can be very tedious and error-prone to register all of the records manually, which is why allowing the domain controllers to use dynamic DNS (DDNS) to automatically register and update their records can be much easier from a support standpoint.
The Windows Server 2003 version of the dcdiag command provides a new RegisterInDNS switch that allows you to test whether or not the DC can register its records. In the solution above, I showed the output if the domain controller passes the test.
Here is the output if an error occurs:
Starting test: RegisterInDNS This domain controller cannot register domain controller Locator DNS records. This is because either the DNS server with IP address 18.104.22.168 does not support dynamic updates or the zone rallencorp.com is configured to prevent dynamic updates. In order for this domain controller to be located by other domain members and domain controllers, the domain controller Locator DNS records must be added to DNS. You have the following options: 1. Configure the rallencorp.com zone and the DNS server with IP address 22.214.171.124 to allow dynamic updates. If the DNS server does not support dynamic updates, you might need to upgrade it. 2. Migrate the rallencorp.com zone to a DNS server that supports dynamic updates (for example, a Windows 2000 DNS server). 3. Delegate the zones _msdcs.rallencorp.com, _sites.rallencorp.com, _tcp.rallencorp.com, and _udp.rallencorp.com to a DNS server that supports dynamic updates (for example, a Windows 2000 DNS server); or 4. Manually add to the DNS records specified in the systemroot\system32\config\netlogon.dns file. DcDiag cannot reach a conclusive result because it cannot interpret the following message that was returned: 9501. ......................... dc1 failed test RegisterInDNS
As you can see, it offers several options for resolving the problem. The information provided will also vary depending on the error encountered.
Recipe 13.13 for registering a domain controller's resource records