Step-by-Step: When creating a new Root Level Domain Controller you get the message “A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found”

This is the 6th post in this series and today I am working on resolving a warning which appears when you are trying to create a new forest in a new network.

Let us walk through the above error first and then the steps to resolve it:

Step 1: Installing Active Directory Domain Services

• I created a new VM and installed Windows Server 2012
• In Server Manager–> click on Manage–> click Add Roles and Features Wizard–> click Next
• Under Select installation type, select Role-based or feature-based installation–> click Next
  
  
  
  
  
• Under Select destination server –> click Next
  
  
  
  
  
• Under Select server roles –> click Active Directory Domain Services
• Under Add features that are required for AD DS –> click Add Features–> click Next
  
  
  
  
  
• Under Select features –> click Next–> click Next–> click Install
  
  
  
  
  
• Finally the Installation progress window shows, installation completed successfully but Configuration required
  
  
  
  
  
• Click Promote this server to a domain controller, this starts Active Directory Domain Services Configuration Wizard
• Under Deployment Configuration –> click Add a new forest, type Root domain name: dotnetscraps.com–> click Next
  
  
  
  
  
• Under Domain Controller Options, enter Directory Services Restore Mode (DSRM) password–> click Next
  
  
  
  
  
• Here you are prompted with the warning..
  
  
  
  
  
• If you continue further on the wizard, you will get the prerequisites check failure messages
  
  
  
  
  

Step 2: Installing DNS Server

• In Server Manager–> click on Manage–> click Add Roles and Features Wizard–> click Next
• Under Select installation type, select Role-based or feature-based installation–> click Next
  
  
  
  
  
• Under Select destination server –> click Next
  
  
  
  
  
• Under Select server roles –> click DNS Server
• Under Add features that are required for DNS Server –> click Add Features–> click Next
  
  
  
  
  
• Click Next–> click Next–> Install
  
  
  
  
  
• Once the install the completed, let us configure DNS Server
  
  

Step 3: Configuring DNS Server

• In Server Manager–> DNS
• Under Servers–> right click WIN-DC–> click DNS Manager
  
  
  
  
  
• Under DNS Manager–> right click WIN-DC–> click Configure DNS Server…
  
  
  
  
  
• Under Configure a DNS Server Wizard –> click Next
• Under Select Configuration Action –> click Create a forward lookup zone (recommended for small networks) –> click Next
  
  
  
  
  
• Under Primary Server Location –> click This server maintains the zone–> click Next
  
  NOTE: Since this is my Private Network, I selected This server maintains the zone else you could have selected ISP maintains the zone and followed the steps further
  
  
  
  
• Under Zone Name, type dotnetscraps.com–> click Next
  
  
  
  
  
• Under Zone File –> click Next
  
  
  
  
  
• Under Dynamic Update, I am going with the default Do not allow dynamic updates–> click Next
  
  
  
  
  
• Under Forwarders, I have selected No, it should not forward queries but you can select the first option as well –> click Next
  
  
  
  
  
• The wizard will search for Root Hints and return back –> click Finish
  
  
  
  
  
• This will give you the below error “Configure a DNS Server Wizard could not configure root hints” –> click OK
  
  
  
  
  
• In Server Manager–> DNS–> right click WIN-DC–> DNS Manager
  
  
  
  
  
• Expand WIN-DC–> Forward Lookup Zones, we can see dotnetscraps.com is now added in the Forward Lookup Zones
  
  
  
  
  
• Right click dotnetscraps.com–> click Properties
  
  
  
  
  
• Under General–> Dynamic update: select Nonsecure and secure–> click Apply
  
  
  
  
  

Step 4: Configure DNSSEC (Optional, but you should configure DNSSEC in your domain)

• In DNS Manager–> WIN-DC–> click Forward Lookup Zones–> right click dotnetscraps.com –> DNSSEC–> Sign the Zone
  
  
  
  
  
• I am going to use the default settings –> click Next
  
  
  
  
  
  Click Next
  
  
  
  
  
  Click Next
  
  
  
  
  
  Click Finish
  
  
  

Step 5: Promote the server to a domain controller

• In Server Manager–> Notification–> click Promote this server to a domain controller
• Under Deployment Configuration –> click Add a new forest–> type dotnetscraps.com–> click Next
  
  
  
  
  
• Under Domain Controller Options, type Directory Services Restore Mode *DSRM) password
  
  
  
  
  
• Under DNS Options –> click Change…–> click Next
  
  
  
  
  
• Under Additional Options –> type NetBIOS domain name:<I am leaving the default> –> click Next
  
  
  
  
  
• Under Paths –> change the Database, Log and SYSVOL folder paths–> click Next
  
  
  
  
  
• Under Review Options –> click Next
• Under Prerequisites Check –> click Install
  
  
  
  
  
• The server is now configured as a domain controller
  
  
  
  

Success !!

Hope this helps,
Vivek Kumbhar