Modifying _msdcs.domain.local

Posted on 2013-05-24
Medium Priority
Last Modified: 2013-05-24
I noticed under _msdcs.domain.local > dc and gc > sites I have old data. Is it safe to manually remove these old unused sites? Why isn't this removed automatically?
I just want to  make sure that it isn't interfering with my current set up in Sites and Services.
Question by:ecosys
  • 2
  • 2
LVL 42

Expert Comment

ID: 39195049
Are you saying that there are old sites in the zone, or old SRV records?  In general a clean demotion of a dc will also remove its records in the _msdcs zone.  In fact, if you delete the _msdcs zone and create a new one, all the records in it should be autopopulated by the DCs when their Netlogon service restarts.  Also, when a site is deleted from AD Site and Services it should be removed from the _msdcs zone automatically.

Author Comment

ID: 39195075
Yes, the sites that I deleted were not removed automatically. I am not demoting any DC just browsed through there and noticed those old sites still in there. The timestamp is old so I am just wondering if it is safe to remove or indicative that something else may be wrong since it didn't automatically remove.
LVL 27

Expert Comment

ID: 39195150
The timestamp is old so I am just wondering if it is safe to remove or indicative that something else may be wrong since it didn't automatically remove.
I'd say both: if those sites no longer exist, the corresponding records can be removed from DNS...but because they weren't automatically removed when the sites were deleted, there could be a problem somewhere.
LVL 42

Accepted Solution

footech earned 600 total points
ID: 39195169
Do you also see the old site still under your domain zone > _sites, or > domaindnszones > _sites, or > forestdnszones > _sites?
If you have scavenging set up for the zones all this should be cleaned up automatically which would be my recommendation for you, but I'd also say it's safe to delete the records manually.

Author Closing Comment

ID: 39195493
I removed manually but scavenging was not set up on this zone.

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question