Last week a I had an issue with Windows 7 Client PCs not able to update the group policy manually. Additionally I could not Search the directory for users, however Client's were able to authenticate and change their passwords.
I found out that the quickest way to troubleshoot a domain controller is using:
C:\> dcdiag /v
This command will test all of the connection protocols and settings configured in your Active Directory domain controller. In my configuration, there is only 1 AD controller, which is also the DNS server for my network. Although I had initially configured this DNS to be an "Active Directory Integrated" DNS Server, some how the DNS entries had been erased.
I am not sure if this would be the suggested fix, however I was able to repair my DNS entries so that the Clients could connect to the domain controller. From the Roles Management Snap-in I expanded the DNS Role, then expanded my primary server, and finally Right-Clicked the domain name that is having issues, and click "Properties".
At this point, you can designate your server Type to be a Primary DNS, Secondary DNS or Active Directory-Integrated. Mine was set to Active Directory-Integrated (like above) so I set it to Primary, clicked apply and then set it back to Active Directory Integrated and hit apply again. This did nothing.
Turns out I had to set the DNS type to "Primary", and then Restart the DNS service. This time it was able to notice the configuration change and rebuild all the "standard" Primary DNS entries. I then set it back to Active Directory Integrated, restarted DNS and all of my Active Directory DNS issues went away.