none
DNSLOOKUP AD Domain RRS feed

  • Question

  • when I use NSLOOKUP for a AD Domain (example:Domain1,example.com). I noticed some IP addresses listed are DCs that were decommissioned. any idea where these IPs come from, I checked the zone and I don't see these IPs listed.

    Example:

    Nslookup

    Domain1,example.com

    Some IP listed are DCs that were decommissioned.

    If I lookup the SRV for the zone:

    Set type=all

    _ldap._tcp.dc._msdcs.Domain1,example.com

    the correct DCs list returned.

    Thanks,



    Friday, July 19, 2019 11:58 PM

All replies

  • Some places to look here.

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Saturday, July 20, 2019 12:38 AM
  • Hello,
    Thank you for posting in our TechNet forum.

    According to our description, we may not remove all the old metadata for these DCs that were decommissioned.

    We can refer to the following article to perform 
    metadata for these DCs that were decommissioned and check if we did remove all the old metadata.

    Find a good DC perform the metadata clean command.

    Delete Failed DCs from Active Directory
    https://www.petri.com/delete_failed_dcs_from_ad


    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 22, 2019 6:27 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, July 25, 2019 7:35 AM
    Moderator
  • I understand what you mean here because I also had the same problem with one of my clients.

    Some places to look for these records are:

    • NS records of the domain DNS zone.
    • CNAME records in _msdcs.ad.domain.com
    • SRV records in _tcp.ad-site._sites.dc._msdcs.ad.domain.com
    • A records in domaindnszones.ad.domain.com and forestdnszones.ad.domain.com

    Normally these are dynamically registered records and if you accidentally deleted a record for a healthy DC, just restart netlogon service on that DC and it will initiate the registration again.

    Thursday, July 25, 2019 7:46 AM
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 29, 2019 8:39 AM
    Moderator