Solved

Leftover DNS records after removing a domain controller

Posted on 2010-11-25
4
1,438 Views
Last Modified: 2012-10-07
I followed the MS protocols documented on technet to remove several domain controllers that were also acting as a DNS servers. I'm still seeing a number of DNS records referencing the old server:
1. NS records in the _msdcs.mydomain.local zone
2. Some SRV records under _msdcs
3. Some under domaindnszones under mydomain.local
4. Some under forestdnszones under mydomain.local

I see these for several DCs I removed. Some are from mydomain.local and some are from subdomain.mydomain.local.

I saw no errors during the dcpromo process for any DC and I'm seeing several DCs listed so I'm assuming this is not some one-time dcpromo error.

Why are these records there? Will they be automatically removed at some point? If not, how do I remove them?


0
Comment
Question by:Julian123
  • 2
4 Comments
 
LVL 14

Expert Comment

by:canali
ID: 34217172
"I saw no errors during the dcpromo process for any DC"
BUT in the event viewer there is some errors?

If there isn't errors, try the script to have some information more , and then remove the leftover dns record, but pay attention...

Gastone
Function fGetDCList()
 ' AUTHOR: DiGiTAL SkReAM
 ' CONTACT: digital.skream@gmail.com
 ' DATE  : 4/8/2006
 ' COMMENT: Will return a list of all of the Domain Controllers in an
 '        Active Directory domain.
 Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
 Dim oRecordSet, oDC, oSite, oCat, iErr
 fGetDCList = "N/A"
 On Error Resume Next 
  Set oRoot = GetObject("LDAP://RootDSE")
  iErr = Err.Number
 On Error GoTo 0 
  If iErr = 0 Then 
   sConfigNamingContext = oRoot.Get("configurationNamingContext")
   Set oADOCommand = CreateObject("ADODB.Command")
   Set oADOConnection = CreateObject("ADODB.Connection")
   oADOConnection.Provider = "ADsDSOObject"
   oADOConnection.Open "Active Directory Provider"
   oADOCommand.ActiveConnection = oADOConnection
   sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
   oADOCommand.CommandText = sADOQuery
   oADOCommand.Properties("Page Size") = 100
   oADOCommand.Properties("Timeout") = 30
   oADOCommand.Properties("Cache Results") = False
   Set oRecordSet = oADOCommand.Execute
   'Set oCat = New StringCat
    Do Until oRecordSet.EOF
      Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
      wscript.echo "Netbios_Name : " & oDC.cn
       wscript.echo  "FQDN : " & oDC.DNSHostName & VbCrLf 
      oRecordSet.MoveNext
    Loop
   oADOConnection.Close
   'fGetDCList = oCat.Flush
  End If 
 End Function
call fGetDCList()

Open in new window

0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 34222621
Is you DNS set to scavenging?
how many days has passed after u removed DC?
0
 
LVL 12

Author Comment

by:Julian123
ID: 34222805
I have manually initiated scavenging. I removed my DC serveral days ago (about 7)
0
 
LVL 12

Accepted Solution

by:
Vaseem Mohammed earned 500 total points
ID: 34222858
I think we have to remove it manually, recently I also removed a failed DC which was DC, and I had to remove its records manually from DNS, the Host, PTR, cname from _msdcs etc.
Even if we check the article at http://support.microsoft.com/kb/216498 it says to remove it manually.

The nameserver tab is also an important section which I did forget in my scenario :-D

If i stumble across any method which can remove automatically will let you know.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now