DNS Delegation Warning when Promoting a Server Running Windows Server 2008, 2008 R2, or 2012

DNS Delegation Warning when Promoting a Server Running Windows Server 2008, 2008 R2, or 2012


This article discusses a warning that commonly appears when promoting a Windows 2008, 2008 R2, or 2012 server to a domain controller: "A delegation for this DNS server cannot be created..."


When promoting a server running Windows Server 2008, 2008 R2, or 2012, you may see a warning similar to the following:



This warning typically appears when promoting a server to be the first domain controller (DC) in a new Active Directory (AD) domain and installing the DNS Server role during the promotion, but it may also appear when promoting additional domain controllers.

In most cases, this warning can be ignored.
It signifies that the DC promotion (Dcpromo) wizard was unable to create a delegation on the DNS server that is authoritative for the parent domain of the domain being created.
In most cases, when creating a new AD domain, there is no existing parent domain, but the wizard will still attempt to infer the parent domain's name and contact the DNS server that is authoritative for it.
For example, if the domain being created is named mybusiness.local, the wizard will attempt to contact the authoritative DNS server for a domain named local, which doesn't exist, and the warning will appear.

There are some situations in which this warning can indicate a problem and shouldn't be ignored:

  • When creating a child domain of an existing AD domain. In this case, the first DC in the child domain should indeed be able to create a DNS delegation within the parent domain.
  • When creating an internet-connected AD domain for which the appropriate DNS delegation has already been manually created. The dcpromo wizard checks for an existing delegation before trying to create one, and if it finds one, the warning won't appear.
Note: In order for the Dcpromo wizard to successfully create the appropriate delegation, the parent DNS server must be running Windows DNS. For this reason, newly created internet-connected AD domains will always require the delegation to be created manually, as the top-level domain (TLD) DNS servers run BIND DNS.


More information about this warning can be found in the TechNet article Known Issues for Installing and Removing AD DS.




Article ID: SLN156699

Last Date Modified: 12/30/2016 03:27 AM


Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.