Solved

Leftover DNS records after removing a domain controller

Posted on 2010-11-25
4
1,508 Views
Last Modified: 2012-10-07
I followed the MS protocols documented on technet to remove several domain controllers that were also acting as a DNS servers. I'm still seeing a number of DNS records referencing the old server:
1. NS records in the _msdcs.mydomain.local zone
2. Some SRV records under _msdcs
3. Some under domaindnszones under mydomain.local
4. Some under forestdnszones under mydomain.local

I see these for several DCs I removed. Some are from mydomain.local and some are from subdomain.mydomain.local.

I saw no errors during the dcpromo process for any DC and I'm seeing several DCs listed so I'm assuming this is not some one-time dcpromo error.

Why are these records there? Will they be automatically removed at some point? If not, how do I remove them?


0
Comment
Question by:Julian123
  • 2
4 Comments
 
LVL 14

Expert Comment

by:canali
ID: 34217172
"I saw no errors during the dcpromo process for any DC"
BUT in the event viewer there is some errors?

If there isn't errors, try the script to have some information more , and then remove the leftover dns record, but pay attention...

Gastone
Function fGetDCList()
 ' AUTHOR: DiGiTAL SkReAM
 ' CONTACT: digital.skream@gmail.com
 ' DATE  : 4/8/2006
 ' COMMENT: Will return a list of all of the Domain Controllers in an
 '        Active Directory domain.
 Dim oRoot, sConfigNamingContext, oADOConnection, oADOCommand, sADOQuery
 Dim oRecordSet, oDC, oSite, oCat, iErr
 fGetDCList = "N/A"
 On Error Resume Next 
  Set oRoot = GetObject("LDAP://RootDSE")
  iErr = Err.Number
 On Error GoTo 0 
  If iErr = 0 Then 
   sConfigNamingContext = oRoot.Get("configurationNamingContext")
   Set oADOCommand = CreateObject("ADODB.Command")
   Set oADOConnection = CreateObject("ADODB.Connection")
   oADOConnection.Provider = "ADsDSOObject"
   oADOConnection.Open "Active Directory Provider"
   oADOCommand.ActiveConnection = oADOConnection
   sADOQuery = "<LDAP://" & sConfigNamingContext & ">;(ObjectClass=nTDSDSA);AdsPath;subtree"
   oADOCommand.CommandText = sADOQuery
   oADOCommand.Properties("Page Size") = 100
   oADOCommand.Properties("Timeout") = 30
   oADOCommand.Properties("Cache Results") = False
   Set oRecordSet = oADOCommand.Execute
   'Set oCat = New StringCat
    Do Until oRecordSet.EOF
      Set oDC = GetObject(GetObject(oRecordSet.Fields("AdsPath")).Parent)
      wscript.echo "Netbios_Name : " & oDC.cn
       wscript.echo  "FQDN : " & oDC.DNSHostName & VbCrLf 
      oRecordSet.MoveNext
    Loop
   oADOConnection.Close
   'fGetDCList = oCat.Flush
  End If 
 End Function
call fGetDCList()

Open in new window

0
 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 34222621
Is you DNS set to scavenging?
how many days has passed after u removed DC?
0
 
LVL 12

Author Comment

by:Julian123
ID: 34222805
I have manually initiated scavenging. I removed my DC serveral days ago (about 7)
0
 
LVL 12

Accepted Solution

by:
Vaseem Mohammed earned 500 total points
ID: 34222858
I think we have to remove it manually, recently I also removed a failed DC which was DC, and I had to remove its records manually from DNS, the Host, PTR, cname from _msdcs etc.
Even if we check the article at http://support.microsoft.com/kb/216498 it says to remove it manually.

The nameserver tab is also an important section which I did forget in my scenario :-D

If i stumble across any method which can remove automatically will let you know.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question