DNS Delegation Warning when Promoting a Server Running Windows Server 2008, 2008 R2, or 2012

DNS Delegation Warning when Promoting a Server Running Windows Server 2008, 2008 R2, or 2012


This article discusses a warning that commonly appears when promoting a Windows 2008, 2008 R2, or 2012 server to a domain controller: "A delegation for this DNS server cannot be created..."


When promoting a server running Windows Server 2008, 2008 R2, or 2012, you may see a warning similar to the following:



This warning typically appears when promoting a server to be the first domain controller (DC) in a new Active Directory (AD) domain and installing the DNS Server role during the promotion, but it may also appear when promoting additional domain controllers.

In most cases, this warning can be ignored.
It signifies that the DC promotion (Dcpromo) wizard was unable to create a delegation on the DNS server that is authoritative for the parent domain of the domain being created.
In most cases, when creating a new AD domain, there is no existing parent domain, but the wizard will still attempt to infer the parent domain's name and contact the DNS server that is authoritative for it.
For example, if the domain being created is named mybusiness.local, the wizard will attempt to contact the authoritative DNS server for a domain named local, which doesn't exist, and the warning will appear.

There are some situations in which this warning can indicate a problem and shouldn't be ignored:

  • When creating a child domain of an existing AD domain. In this case, the first DC in the child domain should indeed be able to create a DNS delegation within the parent domain.
  • When creating an internet-connected AD domain for which the appropriate DNS delegation has already been manually created. The dcpromo wizard checks for an existing delegation before trying to create one, and if it finds one, the warning won't appear.
Note: In order for the Dcpromo wizard to successfully create the appropriate delegation, the parent DNS server must be running Windows DNS. For this reason, newly created internet-connected AD domains will always require the delegation to be created manually, as the top-level domain (TLD) DNS servers run BIND DNS.


More information about this warning can be found in the TechNet article Known Issues for Installing and Removing AD DS.




文章ID: SLN156699

上次修改日期: 12/30/2016 03:27 AM


评价此文章

准确性
有用性
易理解性
这篇文章对您有帮助吗?
向我们发送反馈
注释中不得包含以下特殊字符:<>()\
抱歉,我们的反馈系统目前发生故障。请稍后重试。

感谢您提供反馈。