Hello, I have promoted a Windows 2008R2 DC and replication etc... seems to work great. I can create users, change passwords etc... and it does get replicated. When I attempt to create a record in the DNS tool I get Can't create host "server01.salem.int" reecord. Refused. In the event logs I have the following error: "The following application directory partition has no security descriptor reference domain. Application directory partition: DC=DomainDnsZones,DC=salem,DC=int The root domain will be used instead. User Action Set the security descriptor reference domain for this application directory partition." I have tried some Group Policy changes and replicated the Sysvol to the windows system, that doesn't seem to resolve anything. I would really like to manage dns directly on a windows server since pointing the management tools at the samba4 box's seems to be quite buggy at the moment. Thanks for any help. Regards, Moe