2

I am setting up and active directory on a vm with Windows Server 2012 R2. When prompted to add the root domain name, I am supposed to put 410Server2012.local. When I get to DNS option and try to check the checkbox for "Create DNS delegation" I get an error notice:

A delegation for this DNS server cannot be created because he authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from an outside the domain "410Server2012.local. Otherwise, no action is required.

How do I find the right parent zone to put in place of .local?

techraf
  • 4,163
  • 8
  • 27
  • 44
N00blord
  • 21
  • 4

2 Answers2

5

Don't use .local!

Why you shouldn't use .local in your Active Directory domain name.

This is a step that trips people up.

Let's show an example using something other than .local.

Let's say you were going to name your AD domain ad.example.com. The wizard is asking if you'd like to create a delegation to your server for the sudomain ad in the parent zone example.com. Unless you have an internal DNS server that is authoritative for the example.com DNS zone then you can and should ignore this warning message. If you have a public domain named example.com you wouldn't generally create a delegation for the subdomain ad.example.com because your public DNS namespace and your internal DNS namespace are more than likely (and generally should be) separate and independent namespaces. This is why the article I linked to instructs you to use an unused subdomain of your public DNS namespace.

Long story short; use an unused subdomain of your public domain, don't select the checkbox to create a delegation, and ignore the delegation error message.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • What domain should i use instead? `microsoft.com` is already taken, and i think `example.com` is a bad idea. – Ian Boyd Apr 23 '18 at 19:21
3

The option to create a DNS delegation is only applicable if:

  • You are creating a subdomain of an already existing domain
  • You actually want to delegate DNS for the subdomain to your new domain controller
  • DNS for the parent domain is running on Windows servers
  • You have the proper access rights to manage DNS in the parent domain

If all of the above is true, then you can check this option, and the parent domain will be automatically configured to delegate DNS for the subdomain to your new DC.

In short, this option is (usually) only applicable when you are creating a child Active Directory domain in an existing forest; you can and should ignore it if this is not the case.

Massimo
  • 68,714
  • 56
  • 196
  • 319