I recently tried to change the security policy set on my domain.
While the old security policy contained settings for both DC and DNS, I somehow, in hurry, installed only the settings for the DC, and then removed the old policy. As a result, the domain controllers no longer functioned as DNS servers, as the DC policy had the DNS server service disabled.
When noticed, switched back to the old policy, but even if I deleted the new GPO links, the controllers continue to have the same GPO's applied: the new ones.
I have enabled and started manually the DNS server service, and some services started working(web, nslookup). But I still have no authentication. When checking the DNS management console, I noticed the forward lookup zone with the same name as my domain(rt.w005.opng.int) is gone!
Upon checking the DNS event logs I see a succession of events 4000 and 4013:
"The DNS Server was unable to open Active Directory... The DNS server will wait for the directory to start."
When trying to create the zone with the name rt.w005.opng.int I get a message that the operation failed. Invalid data.
Any help is highly appreciated.