Solved

change static Active Directory DNS record to dynamic

Posted on 2014-12-30
6
2,220 Views
Last Modified: 2014-12-30
For our servers, i have manually changed some of our critical DNS records to static, as DNS was in bad shape when i arrived and wanted no potential hiccups on a production network.  Now that scavenging is fixed and shown to work for DHCP client systems and the server records are in order, i'd like to get back to dynamic records for the servers so no manual deletions will be needed going forward.  I've found online that registering manually at the server usin ipconfig /registerdns is supposed to initiate the record to go dynamic, but that hasn't worked.  How can i get my servers back to dynamic A records?
0
Comment
Question by:itsasupport
6 Comments
 
LVL 10

Expert Comment

by:schaps
ID: 40523783
Have you already done the following?

-Open DNS Manager.
-In the console tree, right-click the applicable zone, and then click Properties.
-On the General tab, verify that the zone type is either Primary or Active Directory-integrated.
-In Dynamic Updates, click Nonsecure and secure.

If so and no change, have you rebooted?
0
 

Author Comment

by:itsasupport
ID: 40523841
DNS/other servers were rebooted doin the MS updates for the month already. we only do secure updates and AD integrated.  would it not work with these settings?
0
 

Author Comment

by:itsasupport
ID: 40523849
was that the correct method?  or is there a better step by step to be sure i did it correctly other than just running ipconfig /flushdns from the problem computer only?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 40

Expert Comment

by:footech
ID: 40523905
I would leave it at secure only.
To change the record to dynamic, in the DNS console under View make sure you have Advanced checked > then go to the record > right-click and choose Properties > then check the box to delete the record when it becomes stale.  When you hit Apply you should see a timestamp on the record.  However, there have been times where I have seen this not stick for some reason.  In that case I would suggest deleting the record, then run ipconfig /registerdns on the server so that it will recreate the record.  This also has the benefit of ensuring that the security on the record is correct.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 40523933
I've been doing some testing, and the dnscmd /ageallrecords command appears to do just what you want. However, you'll need to be careful with the parameters you supply to the command in order to change only the records you want. Here's what I've found in my testing:

Dnscmd /ageallrercords mydomain.local will change all static (same as parent folder) records in the root of the mydomain.local zone to dynamic.
Dnscmd /ageallrecords mydomain.local /tree will change all static records in the mydomain.local zone and all subzones to dynamic.
Dnscmd /ageallrecords mydomain.local server1 will change the server1.mydomain.local record to dynamic.

I recommend creating a test zone, populating it with some random test records and/or subzones, and experimenting a little before running this command on a production zone, so you'll know what to expect. There are a couple of important things to be aware of:

The timestamp applied to the records will be the current time rounded down to the nearest hour. (Running the command at 10:55am on 12/30/2014, for example, applies a timestamp of 12/30/2014 10:00am.)
The documentation for the command (see the link above) implies that running the command on a record that's already dynamic will update the record's timestamp, but this didn't happen in my testing, which was performed in Windows Server 2012 R2. Records that were already dynamic were unchanged by the command.
0
 

Author Comment

by:itsasupport
ID: 40524254
DrDave242, you are correct.  the syntax after testing and creating a test zone is:

dnscmd /ageallrecords FQDN_zone_name server_name /f

(also have to have scavenging on the zone set or it will fail)

the /f is to not prompt "are you sure" type of thing.

thanks everyone.  that did it.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question