Extracting DNS Active Directory-Integrated Zone Files

Summary

When you are troubleshooting customer issues with Domain Name System (DNS), it may be necessary for the customer to send a copy of the zone files to Microsoft Product Support Services (PSS) for analysis.

More Information

If the DNS zone is a Standard Primary or Secondary zone, sending a copy of the files is possible because the zones are stored as .dns files in the %SystemRoot%\System32\Dns folder.

If the zone is an Active Directory-integrated zone type (which was introduced in Microsoft Windows 2000), there is no corresponding .dns file for the zone. However, in Windows Server, the files can be sent by using the updated Dnscmd tool. To extract a copy of the zone, run the following command:
dnscmd /ZoneExport FQDN_of_zonename Zone_export_file
Examples of using the command:
  • dnscmd /ZoneExport Microsoft.local MSzone.txt

    This exports the Microsoft.local zone on the local server to a file called MSzone.txt in the %SystemRoot%\System32\Dns folder.
  • dnscmd centurion /ZoneExport reskit.Microsoft.com reskit.dns

    This export the reskit.Microsoft.com zone on the server named Centurion to a file named Reskit.dns in the %SystemRoot%\System32\Dns folder on the server named Centurion.
You can also create a copy of the zone file for an Active Directory-integrated zone under Windows 2000 and Windows Server by changing the zone type to Standard Primary, which creates the relevant .dns file. Copy the .dns file, and then change the zone back to Active Directory-integrated.

Microsoft does not recommend this method because it causes unnecessary replication and erases all the security information in the zone. If you use this method, make sure to reset the zone to
Only secure updates after it is moved back to Active Directory if you want the zone to be secure. However, because all security information will have been erased, it is possible for client computers that were not the original owners to take ownership of records in the zone. This may be a security issue and can lead to name-resolution issues that can be difficult to troubleshoot.

Currently, the only safe way in windows 2000 to get the zone information is with a secondary zone.
Propriedades

ID do Artigo: 304489 - Última Revisão: 7 de jan de 2008 - Revisão: 1

Comentários