Reallocating an ACL for DNS zones on a Windows 2000-based server may take a long time and the database might grow (836004)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Advanced Server SP4

SYMPTOMS

When you reallocate an access control list (ACL) for DNS zones on a Microsoft Windows 2000-based server that is running Active Directory directory service, the process takes longer than expected. This scenario is more likely for domains with many domain controllers that are running as Active Directory-integrated DNS servers. If, in addition to many DNS servers, that domain also has many Active Directory-integrated zones you may also see a significant growth in the size of the Active Directory database because of a high number of SerialNo objects.

CAUSE

This problem may occur if you installed Windows 2000 Service Pack 4 (SP4). Functionality was added to Dns.exe in Windows 2000 SP4 to correctly track the zone serial number for Active Directory-integrated zones. This change causes the replication of deleted records in the DNS database before they are deleted from Active Directory. These records can accumulate, increasing the size of the Active Directory database.

RESOLUTION

Hotfix information

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that this article describes. Apply it only to systems that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites

No prerequisites are required.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

This hotfix has been replaced by the hotfix in Micrcosoft Knowledge Base aritcle 843514.

For additional information about this hotfix, click the following article number to view the article in the Microsoft Knowledge Base:

843514 Your Active Directory database size increases because of many SerialNo objects

File Information

The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date         Time   Version        Size     File name
   ------------------------------------------------------
   24-Feb-2004  23:25  5.0.2195.6901  326,928  Dns.exe

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

To determine if this is your problem, create a Ntds.dmp file of the Active Directory datbase on one of your global catalog servers by using the steps that are outlined in the following Microsoft Knowledge Base article:

315098 How to use the online Dbdump feature in Ldp.exe


If you filter the resulting file for the SerialNo object name, you will see that you have a high number of both valid and deleted objects with SerialNo in the name.

Sample shell commands:

  • Filters the DNS objects: findstr /c:"..SerialNo" #DC-X#-ntds.dmp > #DC-X#-ntds.dmp-serial.txt
  • Sorts by live/deleted status: sort /+43 #DC-X#-ntds.dmp-serial.txt /o #DC-X#-ntds.dmp-serial-sort.txt
If you load #DC-X#-ntds.dmp-serial-sort.txt in a text editor, you can determine how many valid and deleted objects the database contains. The sorted data will show deleted objects in column 43.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

816915 New file naming schema for Microsoft Windows software update packages

824684 Description of the standard terminology that is used to describe Microsoft software updates

Modification Type:MinorLast Reviewed:10/28/2005
Keywords:kbHotfixServer kbQFE kbBug kbfix kbQFE kbWin2000preSP5fix KB836004 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.