AD Integrated DNS


DNS Scenario – AD integrated DNS

Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named

The domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the DNS zone. This zone is configured as a standard

primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.

What should you do?

A. Create a new stub zone named on DC2.

B. Create a new standard secondary zone named on DC2.

C. Configure the DNS server on DC2 to forward requests to DC1.

D. Convert the zone on DC1 to an Active Directory-integrated zone.

Correct Answer: D


An AD integrated DNS can automatically get all the updates from AD. Later these records can be transferred to secondary DNS server to avoid any downtime during WAN link issue.


DNS Zone Export


DNS Scenario – Zone Export

Your company has a DNS server that has 10 Active Directory integrated zones.

You need to provide copies of the zone files of the DNS server to the security department. What should you do?

A. Run the dnscmd /ZoneInfo command.

B. Run the ipconfig /registerdns command.

C. Run the dnscmd /ZoneExport command.

D. Run the ntdsutil > Partition Management > List commands.

Correct Answer: C


In Non-AD Integrated DNS Zones

DNS zone file information is stored by default in the %systemroot%\windows\system32\dns folder. When the DNS Server service starts it loads zones from these files. This behavior is limited to any primary and secondary zones that are not AD integrated. The files will be named as <ZoneFQDN>.dns.

In AD Integrated DNS Zones

AD-integrated zones are stored in the directory they do not have corresponding zone files i.e. they are not stored as .dns files. This makes sense because the zones are stored in, and loaded from, the directory.

Now it is important task for us to take a backup of these AD integrated zones before making any changes to DNS infrastructure. Dnscmd.exe can be used to export the zone to a file. The syntax of the command is:

DnsCmd <ServerName> /ZoneExport <ZoneName> <ZoneExportFile>
<ZoneName>   — FQDN of zone to export
/Cache to export cache

As an example, let’s say we have an AD integrated zone named habib.local, our DC is server1. The command to export the file would be:

Dnscmd server1 /ZoneExport habib.local habib.local.bak

You can refer to a complete article on DNSCMD in Microsoft TechNet website

Active Directory Diagnostics


AD Scenario – Active Directory Diagnostics

Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.

You need to identify the Lightweight Directory Access Protocol (LDAP) clients that are using the largest amount of available CPU resources on a domain controller.

What should you do?

A. Review performance data in Resource Monitor.

B. Review the Hardware Events log in the Event Viewer.

C. Run the Active Directory Diagnostics Data Collector Set. Review the Active Directory Diagnostics report.

D. Run the LAN Diagnostics Data Collector Set. Review the LAN Diagnostics report.

Answer: C


Prior to Windows Server 2008, troubleshooting Active Directory performance issues often required the installation of SPA. SPA is helpful because the Active Directory data set collects performance data and it generates XML based diagnostic reports that make analyzing AD performance issues easier by identifying the IP addresses of the highest volume callers and the type of network traffic that is placing the most loads on the CPU.

Download SPA tool

Now the same functionality has been built into Windows Server 2008 and Windows Server 2008 R2 and you don’t have to install SPA anymore.

This performance feature is located in the Server Manager snap-in under the Diagnostics node and when the Active Directory Domain Services Role is installed the Active Directory Diagnostics data collector set is automatically created under System as shown here.

When you will check the properties of the collector you will notice that the data is stored under %systemdrive%\perflogs, only now it is under the \ADDS folder and when a data collection is run it creates a new subfolder called YYYYMMDD-#### where YYYY = Year, MM = Month and DD=Day and #### starts with 0001 . Active Directory Diagnostics data collector set runs for a default of 5 minutes. This duration period cannot be modified for the built-in collector. However, the collection can be stopped manually by clicking the Stop button or from the command line.

To start the data collector set, you just have to right click on Active Directory Diagnostics data collector set and select Start. Data will be stored at %systemdrive%\perflogs location.

Once you’ve gathered your data, you will have these interesting and useful reports under Report section, to aid in your troubleshooting and server performance trending.