locked
SRV Records Keep Appearing For Demoted Domain Controller RRS feed

  • Question

  • I accidentally spun up two domain controllers using a KMS key.  We will call them DCA and DCB  There are now vlmcs SRV records in my dns for these domain controllers.  Neither of these servers ever had VAMT installed on them.  I got to looking at my dns more closely and found that DCB, a domain controller that was demoted months ago still has SRV records for gc, ldap, kerb, etc..  Deleting them does not work as they just reappear.  The server is no longer associated with a site, nor does it have an ad computer object, it was completely removed.  Unsure how to get rid of the SRV records for it.

    ** edit: ntds metadata cleanup also does not show the server associated with a site

    Thursday, July 16, 2020 6:24 PM

All replies

  • Hi,

     

    Thanks for posting here.

     

    Based on our experience, SRV records will be deleted in DNS automatically if the DC was demoted correctly. If the DC was not demoted successfully, it still can register corresponded SRV record automatically. We suspected that DCB was not demoted successfully and its metadata was still existed.

     

    As you have mentioned that "ntds metadata cleanup also doesn't show the server associated with the site".

     

    To make sure the DC was demoted successfully, you could check if the demoted DC wasn't listed Domain controllers in AD users and Computers and AD sites and services of current DC.

    If the demoted DC still existed in above 2 pages which means DC was not demoted successfully.

    Please kindly refer to the following link of "Delete Failed DCs from Active Directory" by using "ntdsutil" command and the description of "ntdsutil" command to cleanup metadata of demoted DC again.

    https://petri.com/delete_failed_dcs_from_ad

    "Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability."

    This "IPAM, DHCP, DNS" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details. 

    Hope my answer will help you. Thanks!

    Best Regards,

    Sunny


    "IPAM, DHCP, DNS" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "IPAM, DHCP, DNS"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.

    Friday, July 17, 2020 10:02 AM
  • Hi,

    If you just want to delete the unwanted SRV record, you 

    can try to delete the unwanted SRV record by using Powershell. I tested in my environment and please kindly refer to the following details steps for removing unwanted SRV records in DNS.

    My test: delete the following highlighted SRV record in DNS.

    1. Click "Start", insert "Powershell", find "Windows Powershell" and select "Run as Administrator"

    2. Insert the following command and press "Enter".

    Remove-DnsServerResourceRecord -RRType SRV -Name "_kerberos._tcp.dc" -ZoneName "_msdcs.sunny.com" -RecordData "0","100","88","dc2.sunny.com."

    Please replace the bolded parts to your unwanted SRV records.

     

    3. It will pop out the confirmation reminder and please insert "Y" to continue

    4. Then the corresponded SRV record has been removed from DNS. I rebooted my computer and didn’t find the SRV record appeared.


    For more details about removing DNS records, please refer to the following link:

    https://docs.microsoft.com/en-us/powershell/module/dnsserver/remove-dnsserverresourcerecord?view=win10-ps


    Hope my answer will help you. Thanks!


    Best Regards,

    Sunny



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   




    Friday, July 17, 2020 10:12 AM
  • Hi,

     

    Just want to confirm the current situations.

     

    Please feel free to let us know if you need further assistance.

    This "IPAM, DHCP, DNS" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best Regards,

    Sunny


    "IPAM, DHCP, DNS" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "IPAM, DHCP, DNS"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.
    Wednesday, July 22, 2020 1:38 AM
  • Hi,

     

    Was your issue resolved?

     

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

     

    Best Regards,

    Sunny Qi


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Friday, July 24, 2020 2:48 AM
  • Hi,

     

    How are you doing these days?

     

    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

     

    This "IPAM, DHCP, DNS" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Best Regards,

    Sunny


    "IPAM, DHCP, DNS" forum will be migrating to a new home on Microsoft Q&A!

    We invite you to post new questions in the "IPAM, DHCP, DNS"  forum's new home on Microsoft Q&A!

    For more information, please refer to the sticky post.

    Friday, July 24, 2020 7:31 AM