Broken AD Integrated DNS Zone

I have an existing active directory integrated DNS zone - let's call it company.com

I was trying to create a subdomain A record using dnscmd, and used the following commands

    dnscmd /zoneadd sub.company.com /DsPrimary /DP /domain
    dnscmd /recordadd sub.company.com webserver A 192.168.50.150

I realize now that this is incorrect syntax, however, I cannot delete this single subdomain. When I try to delete sub.company.com in the DNS GUI, it appears to delete, but the AD DNS servers still answer queries for the webserver.sub.company.com A record - even though it doesn't exist. I've tried a zone reload, server reboot, to no avail.

The only information I've seen about cleaning up bad records in an AD integrated zone is this from Microsoft:

    https://support.microsoft.com/en-us/kb/305967

This involves deleting the zone and adding it back in. As this zone is critical to a number of applications, and we have 7 domain controllers in 5 locations, it's a scary proposition.

Does anyone know how I can clean up the sub.company.com zone without deleting and recreating the entire company.com zone?
slhbsmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
I have to ask, are you sure the servers are returning this info?  Perhaps your cache just hasn't cleared.  Are you using nslookup?  Make sure you've ipconfig /flushdns on your machine.

I've done the exact steps you described above, and after deleting the zone, queries for the record come back with none found.
0
slhbsmAuthor Commented:
Yes, very sure. Clients querying the server, as well as an nslookup against the server, from the server, returned the result, even after reboot.

I actually found the solution and will post it here in case anyone needs it in the future:

       dnscmd /zonedelete sub.company.com /dsdel /f

Force delete from CLI.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
h1r0Commented:
Have you checked all of your DNS servers - the changes should be replicating. But you may want to verify.  Run a Dcdiag and post the sanitized results
0
footechCommented:
Thanks for posting back what worked for you.
0
slhbsmAuthor Commented:
Worked
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.