Secondary AD doesnt have DNS, cannot restore Primary AD

Not applicable

Hi guys, 


My first post here, completely exhausted Googling this issue without much luck, but a very simple setup.


I had 2 ADs (primary and secondary)
- Primary (DC1)- AD + DNS 

- Secondary (DC2) - AD (and other services like WSUS)


Forgetting that DC2 didn't have DNS setup, we formatted DC1, seized FSMO roles on DC2, now we are trying to join DC1 (formatted) to the domain and realized that DC1 does not have a DNS to lookup and know where DC2 is.


I have tried creating the DNS on DC2 and I get this message: 
The forward lookup zone cannot be added to the server. There was a server failure.


This error message is not very helpful so I tried looking up logs in Applications and Services > Microsoft > Windows -> DNS-Server but it does not show any error messages.


Please help, really running out of ideas here! Thanks in advanced :)


(I have also attached a dcdiag log if this help)

9 Replies

Thanks for the response, I could not do step 1 as currently I do not have any zones:

Screen Shot 2018-11-09 at 3.34.06 PM.png

However, I followed the other steps (deleting the dns objects from AD) and when trying to create the domain again, I am confronted with this message again:

Screen Shot 2018-11-09 at 3.34.31 PM.png


This is all on my currently working AD (DC2)

Probably was a fatal mistake installing a domain controller without integrated DNS role. I'd probably try turning this one off and restore the other DC from a recent backup.



Agreed, but I do not have a recent backup, this is all I can work with :(

@Deleted wrote:
 this is all I can work with :(

Sorry but this is not enough to work with. You cannot have a functional active directory without DNS.



Have you tried a simple reboot yet?

Also, is there anything in the Eventlog that would be helpful?

I do think you should be able to get basic DNS up and running again. (At least the very basics of the DNS server should work... )


So what happens when you create a non-AD integrated zone? Does this also not work?

Quadrotech - Management, Reporting and Migration for Office 365 and Exchange

Thanks for your response, I have tried:

- reboot
- can't find anything in event logs, any hints where I should be looking? I tried general errors and windows specific to DNS errors but couldn't find anything related to the error
- I can create other domains but not the one my AD is on.

I really need to get this running asap and regretting wholeheartedly of not taking a backup as I should have before formatting

@Michel Zehnder wrote:

At least the very basics of the DNS server should work...

Creating a new DNS server should not be a problem. The problem is there isn't anything left of old directory to connect it to.



Yes, but there is nothing essential there that could not be recreated.

All AD DNS entries can be recreated, and all dynamic DNS entries can be recreated.

The only thing "lost" are the static entries, and I guess he would be happy if his Domain would "work" again :)


Quadrotech - Management, Reporting and Migration for Office 365 and Exchange