The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am migrating a 2003 server to a 2008R2 server in preparation to migrate to a 2019 server. As part of the first phase, I have transferred all 5 FSMO roles to the new 2008R2 server, removed the global catalog from the 2003 server.  I was ready to dcpromo down the 2003 server when I get the message that the 2008R2 cannot be contacted.  I do not have the "This server is the last domain controller in the domain" checked.  I am pulling hair as to what I have missed.

Running dcdiag yields this:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   Testing server: Default-First-Site-Name\FS1
      Starting test: Connectivity
         ......................... FS1 passed test Connectivity

Doing primary tests
   Testing server: Default-First-Site-Name\FS1
      Starting test: Replications
         ......................... FS1 passed test Replications
      Starting test: NCSecDesc
         ......................... FS1 passed test NCSecDesc
      Starting test: NetLogons
         ......................... FS1 passed test NetLogons
      Starting test: Advertising
         ......................... FS1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... FS1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... FS1 passed test RidManager
      Starting test: MachineAccount
Hello All,

I am unable to access the company website from within the network/domain however the site loads correctly when accessed from anywhere else.  Attempting to access results in a 403 forbidden error.

Our web developer, who uses SiteGround as the host, claims that no changes have been made on their end and they are seeing nothing that could cause the error.  They are saying it has to be internal to our domain or network.

The web address does resolve to the same IP internally as it does externally, and I am able to ping and tracert to both the web address and the resolved IP address.  I cannot access the site by the resolved IP address however, from any location, internal or external, without being brought to a generic "Website Not Available" page for the web host.

If I connect directly to our modem by ethernet or the integrated WiFi which is on the other side of the firewall (SonicWall TZ300) I am able to view the site without any problems.  I do not see anything being caught in the logs, and packet monitor indicates the ip is receiving, acknowledging the packets, and replying.  Content filter does not show anything being blocked.

I was able to have our web person check the CPanel error logs as suggested in the 403 error page.  In the logs we can see the below, where 50.XXX.XXX.XXX is our modems static IP and ourdomain.com is our website address.  Also, FWIW, our internal network domain name is different from from our web domain name by one letter, and …
I have a Hyper-V VM with Server 2016 and added the role for AD.
I added my first user and tried to connect but that the AD Domain Controller could not be contacted.
... an error occurred when DNS was queried for the service location..... DNS name does not exist. BTW my domain name is AGHSRV.LOCAL    
Not sure if using local is good or not??

So in my VM under the DNS section is error id 4013 ,  The DNS server is waiting for Active Directory Domain Services to signal that the initial synchronization of the directory has been completed.

I'm not sure if this error is playing into it or not.
We are going to be moving a server to a new Location and the IP address on the server needs to change.

What would be the steps to take on the server when you have to change it to another IP address.

I found these steps online. Can you let me know it this is accurate?

[b]To perform this procedure, you must be a member of the Domain Admins group in the domain of the domain controller whose IP address you are changing.

To change the static IP address of a domain controller
Log on locally (also known as interactively) to the system console of the domain controller whose IP address you want to change. If you are not able to log on to the domain controller by using the domain, you may have to start the domain controller in Directory Services Restore Mode (DSRM). For more information, see Restart the domain controller in Directory Services Restore Mode locally (https://lazyadminblog.wordpress.com/2015/04/11/restart-the-domain-controller-in-directory-services-restore-mode-locally/).
On the desktop, right-click My Network Places, and then click Properties.

In theNetwork Connections dialog box, right-click Local Area Connection, and then click Properties.
In theLocal Area Connection Properties dialog box, double-click Internet Protocol (TCP/IP).
In theInternet Protocol (TCP/IP) Properties dialog box, in the IP address box, type the new address.
In theSubnet mask box, type the subnet mask.
In theDefault gateway box, type the default gateway.
In thePreferred
I would like to use an Azure Application proxy as our single place to go for OWA and ActiveSync having it handle redirecting to the on prem and cloud mailboxes.

We currently are upgrading to Exch 2016 hybrid.  All servers are in place and installed and the hybrid is up and working.  We have OWA.company.com redirected to the owa-company.msappproxy.net address.

I would like to have OWA.company.com  be the single url for OWA and ActiveSync.  we have split DNS and internal is working fine with proper redirects from our old servers - url: webmail.company.com to the new owa.company.com.

so right now OWA and ECP are working but Activesync is not.  If I enable Passthrough auth on the proxy, I can get Activesync to work by pointing it to the owa-company.msappproxy.net address but not the OWA.company.com that simply forwards to that same address.  Certs are installed where we have the redirect (AWS).

Any Help would be appreciated!
The issue is strait forward.  On Ubuntu 18.04 I have deleted reolve.conf from the /ETC dir.  Resolv.conf appears to get recreated on reboot but it does not contain any DNS server entries save  This will not work, you cannot edit the file as it is symbolically linked.  How do I correct, and provide it with the correct entries.  I was trying to install Dnsmasq.  The following commands were issue

john@VBserver1:~$ sudo systemctl stop systemd-resolved
john@VBserver1:~$ sudo ls -lh /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Feb 17 21:35 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
john@VBserver1:~$ sudo rm /etc/resolv.conf
john@VBserver1:~$ echo "nameserver" > /etc/resolv.conf
-bash: /etc/resolv.conf: Permission denied
john@VBserver1:~$ sudo echo "nameserver" > /etc/resolv.conf   This one is where the failure results.
-bash: /etc/resolv.conf: Permission denied
Office365 with 2 seperate domains approved.
Both domain have run aprox a year before being DNS pointet på 365.
One domain works fine and all older folders loaded in via .pst shows correct.
The other domain has 2 emails, one works fine but the other only shows the subfolders context in owa.
I have tried looking at the permissions with powershell and everything seems fine.
Microsoft Exchange Online Powershell Module
I tried creating new profiles and logging the account in, also on different client pc's but still no context on subfolders.

Further the 'Inbox' wont change name according to the language, sent etc folder renames fine when changing timezone on first log-in to owa. Alle the other emails on both domains this has worked fine.

All mailbox in outlook is set to recieve all emails and not just a year back.

There is a Business Premium Licens to the account, so it should have the nessasary permissions and program access.

Both owa and outlook can send and recieve emails.
When implementing Exchange 2016 on-premise, do I need to add anything to my public DNS records?  Say, autodiscover?  If yes, are there other things I need to add?
An nslookup on my domain servers returns a wrong non-authoritative zone.  An nslookup from corp.ourdomain.com for www.google.com returns an incorrect non-authoritative dns server.  The result goes:

Microsoft Windows [Version 10.0.18363.657]
(c) 2019 Microsoft Corporation. All rights reserved.

Default Server:  server1.corp.ourdomain.com

Server:  server1.corp.ourdomain.com

Non-authoritative answer:
Name:    www.google.com.ourdomain.com

Any nslookup result is always appended the result with that "ourdomain.com"

Any ideas on how to correct the matter would be appreciated
Microsoft updates claimed another machine.  this domain workstation this morning gives the 'no computer account for trust relationship' error refusing login to domain network/server.  i can disconnect the Ethernet cable, log in, reconnect the cable and all is perfect.  this is a doc workstation with client server patient management, xray, patient charts,  plus all the usual suspects.  6 mo old Dell 640 single Server 2016 domain controller, dhcp role, dns role, os raid 1, data 8 drive raid 6.  medium size dental practice.

i know to recreate the trust the hard way but will recreate user and loose his desktop, setting etc which i would prefer to avoid as would he.

can i reestablish the computer account trust via a simpler and less destructive procedure?
How can I determine if and how much our RODCs are being used at our remote branches? This includes authenticating and providing DNS services, with comprehensive reports?
I have an issue with some servers authenticating to servers on the other side of the world from them.

The member server is set to have SERVER A as its DNS server.
SERVER A is also a DC and sits very close to the member server.

Sites and Services is configured with the correct Subnet associated with the correct site.
SERVER A is a DC in that Site.

SRV records are configured for SERVER A. (GC, Keberos, LDAP)

Also, when running nltest /dsgetdc:domain.local  I see the Server in the Correct "Our Site"  however, the authenticating server is in a site on the other side of the world.  

I then run a nltest /dsgetdc:domain.local /force.  It then goes to the DC that is closest to it, one I would expect.   I logoff, then back on, we are going around the world again.

I don't understand why it would try to go around the world, which is taking a while for auth to occur. I am missing something.

Server 2012 R2

Any ideas?
DC replication issue
DNS warning 4013
Hello Team

Coexistence with Exchange 2010 and Exchange 2016. Hopefully you will be able to help me with my question as I was reading so many articles and watched tutorials about this topic but there are few questions open for me which I want to understand and which are making the deploymen a bit complicated becasue of our stupid design we had in the past.

I want to confirm with you if my Outlook anywhere setup and my URL setup is correct because whenever I try to point by DNS to Exchange 2016 some unexpected pop ups are appearing by some users with Outlook 2010 and i want to avoid  that next time.

Existing Setup:
Exchange 2010 :
Outlook Anywhere is enabled on all the server with following settings:
SSOffloading is set to $false
External URL is set to webmai.domain.com (domain.com has been change for the purpose), this url will poin to Exchange 2016 later
There is no internal Host name
ExternalClientsRequireSsl          : True
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Ntlm}

All other service URLs are set to match same what I have on Exchange 2016.

Exchange 2016 Outlook anywhere is set as this:
SSLoffLoading $true
External and internalurls same as exchange 2010 webmail.domain.com
External and Internalrequire ssl is set to $true
Default authentication Method NTLM

The Exchange 2016 was originally installed on a different AD site then our Exchange 2010. So when i run non …
Multiple entries for the same computer in DNS managerHi,
 I have a workstation PC that displays "Duplicate IP address" message popup window on Windows 10 PC.
 I checked DHCP server running from DC1 (domain controller) and the computer name "FISCALDELL.domain.local" shows up with IP address of
 However when I opend DNS manager, I see 4 entries for FISCALDELL computer and 4 entries for DC1 too.
 Among 4 entries, I see one entry show its IP address, but it shows 4 more IPv6 addresses.
 Is this typical?
 Why am I seeing 4 additional entries for FISCALDELL and DC1?
 In DNS manager, one PC shows 1 IPv4 address and 3 IPv6 addresses. some PCs shows 1 IPv4 and 1 IPv6 addreses.
 Why do I see IPv6 multiple entries for some computers?

Remove DNS DelegationHi,

 I have two domain controllers: DC1 and DC2 - both running Windows Server 2008 R2.
When I run netdom query fsmo in both domain controllers, it returns DC1 as Schema master/Domain naming master/PDC/RID pool manage/Infrastructure master.
 I am in the process of demoting DC2 (Windows 2008) and create a new domain controller on Windows Server 2019.
 When I run DCPROMO in DC2,,I get "Remove DNS Delegation window" and don't know if I should go ahead and let it DELETE the DNS delegation or not.

 When I watched other youtube videos about "how to demote domain controller Windows Server 2008 (where there is another domain controller as MASTER on the same network)", I don't see this particular prompt.
 I assume it is ok to let it delete here because I have DC1 as Schema master/Domain naming master/PDC/RID pool manage/Infrastructure master. but just want to double-check.

We want to get rid of Wpad in our organisation as some of our apps don’t work well through the proxy. The first stage of decommissioning is we removed the IE settings from all clients via GPO. This unchecked ‘automatically detect settings’ and ‘use automatic configuration script’. However, for our internal apps which are getting authentication prompts when browsing to them. Entering AD credentials and you go straight through. It seems that it has broken WIA. When we tick ‘detect automatic settings’ everything works fine. Why would ‘detect automatic settings’ fix our issue? We want to remove wpad all together.
Windows 10 Workstations are not getting the correct DNS server from the Server 2016 DHCP Server.

Any suggestions?
I want to set up a health monitor to a "beacon" url on the internet.   I need to choose an address that is always  online.   Question is, does every go offline?  When was the last time?  How long?
Hi. I have 3 Domain controllers 2008R2 and 2016
All 3 has synchronization between them.
Two are on one site and both synchronize fine. The second one is on a different site (different location). Both site are connect it via VPN. I'm able to ping each server from both site by dns name and IP.
SRV1 and SRV2 are on site 1 and like I say they have no problem synchronizing. SRV3 is on site 2 and connect it via site to site VPN to site 1
They use to work fine till November last year. Not sure what happen then (Maybe password change) but SRV stop synchronizing with the rest of the server.
When I force the synchronization from Srv3 I get the following "One or more of these Active Directory Domain Services connections are between Domain Controller in different sites. AD DS will attempt to replicate acrross these connections" But nothing happens.
When I run repadmin /replsummary I get
Destination DSA     largest delta    fails/total %%   error
SRV3         >60 days           10 /  10  100  (2148074274) The target principal name is incorrect.

Experienced the following operational errors trying to retrieve replication information:
        8341 - SRV1.domain.local

I also try the netdom resetpwd but still no luck
I'm not an expert on Site replication since till now I work on single server environment so I'm running out if ideas
Ideas needed for MX records sharing. A company used emailA.com for years and is splitting up. Now companyA needs to forward email from companyA.com to both new companies that comprise of now companyB and companyC. Is there a way to split the DNS management of the MX records on the hosting site so email is forwarded from companyA hosting (the MX records) to companyB and companyC. Both new companies do not trust the other with their email server managing the other and being responsible for forwarding to the other.

If I need to provide more information let me know.
Experts, Here is the situation. I have two ISPs providing a primary and a backup internet service.  I use a mail scanning service which then connects to O365 for email.  I have a sperate DNS host (Cloudfiair) to host our DNS record along with our website.  I have my servers in my LAN setup to send SMTP notifications to our mailscanning service but I've been getting Blacklisted by RATS Dyna for RTP (Reverse Lookup)  failure.  I have DNS set up with Cloudflair to resolve a name lookup correctly, but they don't offer RTP.  I spoke to my ISP and they can provide RTP,  but would need to migrate my domain to be hosted by them which I don't plan to do.  Any other recommendations?
We are having a DNS issue with Outlook Anywhere (2010) that I can not explain. We run and Exchange 2010 on the backend.

At first we were having a few users who were unable to connect via OA while at home. Then it became a widespread problem. We got around the problem by manually putting the companies pri and sec DNS servers in along with Googles DNS as a third and this worked. Normally, the get their DNS automatically. We have since found out that doing this blocks all Internet access from some hotels when they are on the road.

The only thing that I can think of is that ISP's are doing something or there was a change in Win10 somewhere.

I have a Windows Server 2008R2 DC, and I want to upgrade the operating system (on the same hardware).

From information on the internet, I have seen how to upgrade Active Directory, though my server also has other roles and features like DNS, Group Policies and File Services.

Will an AD and operating system upgrade from 2008R2 to 2012R2 also automatically upgrade Group Policies, DNS and File Services?
Hello Experts,

I have a web application written in C# and running on IIS, the hosting server is a Virtual Private Server in GoDaddy, when I try the IP address of the server in the Internet the site comes ok but if I use the domain name assigned to it, it doesn't, it tries to render the default site in PORT 80 which doesn't have anything, the web application runs in PORT 443.

I tried the hosts file to force the domain name to the IP address of the server but doesn't work, I also asked GoDaddy for the definition on their end (DNS and Firewall) and they say is all correct.

Please let me know if we need a call to discuss the issue.








The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.