I've walked into a new environment and have been tasked with resolving active directory issues. The first glaring thing that appears out of whack is DNS. I've been trying to manually get it back into shape but I've hit a wall, and here's why:
I'm dealing with a single forest. The root domain is domainA.private.contoso.com. This is also the domain that our partner organization is using. All partner computers and servers are joined to this domain, exchange, etc...
A new domain tree root was added called domainB.private.contoso.com. Our organizations computers and servers are joined to this domain.
DomainB's domain controllers fail a dcdiag /test:dns . Basically, they are unable to resolve SRV and other records for GUIDofDCinDomainB.domainA.private.contoso.com.
The DCs in DomainB do not have a DNS record ending with domainA.private.contoso.com because they are not in that zone, but I assume because that is the root zone it is expected.
The only way I can think of to make dcdiag happy is to create the records in domainA's zone for the DCs in domainB even though they dont belong to domainA.