Event ID 4017 — DNS Server Active Directory Integration

Applies To: Windows Server 2008

You can configure the DNS Server service to use Active Directory Domain Services (AD DS) to store zone data. This makes it possible for the DNS server to rely on directory replication, which enhances security, reliability, and ease of administration.

Event Details

Product: Windows Operating System
ID: 4017
Source: Microsoft-Windows-DNS-Server-Service
Version: 6.0
Message: The DNS server was unable to load or create the DnsAdmins group. The most likely cause is that the Group Name has been changed. The DNS server will continue but for full functionality the DnsAdmins group should be repaired. The event data contains the error.


Correct the group name

The DNS Server service depends on the DnsAdmins group being named DnsAdmins. It is likely that the name of this group has changed, which prevents the DNS Server service from accessing the group. Determine the new name that was given the the group, and then give it the correct name.

To perform this procedure, you must have membership in Domain admins, or you must have been delegated the appropriate authority.

To rename a group:

  1. On a domain controller, start Active Directory Users and Computers. To start Active Directory Users and Computers, click Start, click Administrative Tools, and then click Active Directory Users and Computers.
  2. In the console tree, expand the domain, and then click Users.
  3. In the right pane, right-click the DNS administrators group, click Rename, and then type DnsAdmins.
  4. Press ENTER, and then, in the Rename Group dialog box, click OK.


Ensure that Event IDs 4523 and 4524 are being logged and that no events in the range 4000 to 4019 appear in the Domain Name System (DNS) event log.

DNS Server Active Directory Integration

DNS Infrastructure