Solved

change static Active Directory DNS record to dynamic

Posted on 2014-12-30
6
2,585 Views
Last Modified: 2014-12-30
For our servers, i have manually changed some of our critical DNS records to static, as DNS was in bad shape when i arrived and wanted no potential hiccups on a production network.  Now that scavenging is fixed and shown to work for DHCP client systems and the server records are in order, i'd like to get back to dynamic records for the servers so no manual deletions will be needed going forward.  I've found online that registering manually at the server usin ipconfig /registerdns is supposed to initiate the record to go dynamic, but that hasn't worked.  How can i get my servers back to dynamic A records?
0
Comment
Question by:itsasupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Expert Comment

by:schaps
ID: 40523783
Have you already done the following?

-Open DNS Manager.
-In the console tree, right-click the applicable zone, and then click Properties.
-On the General tab, verify that the zone type is either Primary or Active Directory-integrated.
-In Dynamic Updates, click Nonsecure and secure.

If so and no change, have you rebooted?
0
 

Author Comment

by:itsasupport
ID: 40523841
DNS/other servers were rebooted doin the MS updates for the month already. we only do secure updates and AD integrated.  would it not work with these settings?
0
 

Author Comment

by:itsasupport
ID: 40523849
was that the correct method?  or is there a better step by step to be sure i did it correctly other than just running ipconfig /flushdns from the problem computer only?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 40

Expert Comment

by:footech
ID: 40523905
I would leave it at secure only.
To change the record to dynamic, in the DNS console under View make sure you have Advanced checked > then go to the record > right-click and choose Properties > then check the box to delete the record when it becomes stale.  When you hit Apply you should see a timestamp on the record.  However, there have been times where I have seen this not stick for some reason.  In that case I would suggest deleting the record, then run ipconfig /registerdns on the server so that it will recreate the record.  This also has the benefit of ensuring that the security on the record is correct.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 40523933
I've been doing some testing, and the dnscmd /ageallrecords command appears to do just what you want. However, you'll need to be careful with the parameters you supply to the command in order to change only the records you want. Here's what I've found in my testing:

Dnscmd /ageallrercords mydomain.local will change all static (same as parent folder) records in the root of the mydomain.local zone to dynamic.
Dnscmd /ageallrecords mydomain.local /tree will change all static records in the mydomain.local zone and all subzones to dynamic.
Dnscmd /ageallrecords mydomain.local server1 will change the server1.mydomain.local record to dynamic.

I recommend creating a test zone, populating it with some random test records and/or subzones, and experimenting a little before running this command on a production zone, so you'll know what to expect. There are a couple of important things to be aware of:

The timestamp applied to the records will be the current time rounded down to the nearest hour. (Running the command at 10:55am on 12/30/2014, for example, applies a timestamp of 12/30/2014 10:00am.)
The documentation for the command (see the link above) implies that running the command on a record that's already dynamic will update the record's timestamp, but this didn't happen in my testing, which was performed in Windows Server 2012 R2. Records that were already dynamic were unchanged by the command.
0
 

Author Comment

by:itsasupport
ID: 40524254
DrDave242, you are correct.  the syntax after testing and creating a test zone is:

dnscmd /ageallrecords FQDN_zone_name server_name /f

(also have to have scavenging on the zone set or it will fail)

the /f is to not prompt "are you sure" type of thing.

thanks everyone.  that did it.
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question