Troubleshooting SRV Record Registration Verify that the DC is trying to register the correct records. To do this, stop the “Netlogon” service on the DC and then delete the “Netlogon.dnb” and “Netlogon.dns” files located in the %systemroot%\System32\Config folder. Then start the netlogon service. Verify that the “Netlogon.dns” file contains the correct SRV records & verify that these records have been updated in DNS.  If the records did not update correctly, examine the system event log for errors. In particular, look for events with event IDs 5774, 5775 & 5781. Each of these event IDs indicates a problem with the SRV record registration.

This blog post is a lesson on DNS storage and behavior.  Read on to learn more.  Joining in a conversation…… “….I used server manager to remove the DNS role.” Or “….I uninstalled DNS from my domain controller. “ “….This means, DNS data is now removed from my domain controller, right?” Well, probably not. Background on Storing DNS Data in the Active Directory Database Let’s hit some basics first to make sure we are all on the same page. If you follow the history of Active Directory integrated DNS from Windows 2000 to 2008 R2 you will find some changes along the way. The one change I want to focus on…

Scenario: Imagine finding yourself as an IT administrator faced with over 50,000 reverse DNS records that are placed comfortably in one single, large, super zone. For example’s sake, let’s say it’s 10.in-addr.arpa which happens to be an AD-integrated zone. Normally this is totally fine and actually recommended to do from our standpoint as it’s easier to manage. (Here’s a blog post on how to consolidate multiple reverse DNS zones by “GOATEEPFE” Ashley McGlone, in case you’re interested.) However, a decision is made to break up that super zone into smaller reverse zones for reasons that are, well, whatever that reason may be. There’s a maintenance window coming up, and you’re…

Stale DNS SRV records are common due to no scavenging on DNS zones and each zone has to be setup correctly to have this happen. So, I have often found the “contoso.com” setup correctly, but the “_msdcs.contoso.com” is not. So this leads to stale DNS SRV records in DNS from failed domain controllers or due to de register failure during a successful demotion. This is something I have found probably hundreds of times over the years. Managing the DNS is obviously important and a thorough post from Hilde, Brent, and Bryan around the DNS topic can be found here. That said, I have now been tasked upgrading or replacing a…

DNS Policies allow you to control how a DNS Server handles queries/responses based on various parameters such as client IP subnet, the IP address of the network interface which received the DNS request, or even the time of day. One use-case for a DNS Policy is the ability to provide clients geographically-appropriate resources for a given name, based on the client’s IP address. Another common configuration for many customers is some sort of “split-brain” DNS where the same DNS domain name (i.e. CONTOSO.COM) is used both on the Internet and on the internal corporate network but the name may resolve to different internal/external IP addresses. With DNS Policies, this configuration…

Dougga here – PFE (or “poofy” as one of my customers likes to call us). The DNS scavenging topic never dies – bear with me and I will reveal a not so obvious configuration to control which servers can scavenge a zone. Let’s go with a simple multi-domain forest named Contoso.com that has 3 child domains and AD integrated DNS configured to replicate as shown in the table below and try to not have more than 1 or 2 scavenging severs per DNS zone. Domain DNS Scavenging server Contoso.com Domain replicated in contoso ContosoDC1 _msdcs.contoso.com Forest replicated ContosoDC1 Child1.contoso.com Domain replicated in child1 Child1DC1 Child2.contoso.com Domain replicated in child2 Child2DC1…

Hello, my name is Pierre Ricca, and I am a Premier Field Engineer focused on Active Directory and PowerShell scripting. I started working at Microsoft France as PFE in November 2010. An important part of my job consists of delivering health checks, risk assessments, and knowledge transfer around those technologies for our Premier customers in France. Introduction From the field, I have been asked many times by our customers to provide advices and best practices on how to optimize their DNS resolution. Even if each customers DNS topology is unique, we have some common recommendations. You are probably aware that hosting DNS zones on the Active Directory instance is possible…

As a quick follow on to our recent post about DNS deletion auditing, here’s an ounce of prevention for you – well actually about 3 tons worth – courtesy of Brent Whitlow, Bryan Zink and your blogger-de jure, Hilde. Our co-workers, peers and others ‘out there’ have covered this but we wanted to get our own ‘variation on a theme’ post out as a logical follow up (or some might say prequel) to the DNS auditing post. Here are the links to two of the other great posts: AskDS Post – http://blogs.technet.com/b/askds/archive/2013/06/04/two-lines-that-can-save-your-ad-from-a-crisis.aspx Eric Jansen’s Post – http://cbfive.com/blog/protecting-dns-zones-from-accidental-deletion/   Let’s roll … **** EDIT **** As with any changes, folks should always exercise caution…

Hey y’all, Mark here again. When visiting a customer PFEs tend to get a bunch of questions that have been “saved up” over time. One of my frequent customers always has a massive list for me when I get there. If they are reading this, they know who they are. Many of these questions are the types where it isn’t causing a production issue where they’d call in for support to determine root cause but just little annoyances they’d like to get figured out. If you have those feel free to use the contact us button, it might turn into a blog post. This is a perfect example. All clients…

Introduction With the introduction of Windows 2003 and the new DNS application partitions, I have helped numerous customers resolve the issue of having multiple copies of the same DNS zone. So, today we’re going to cover the following:         1.) What exactly does this mean?         2.) What are the symptoms?         3.) How does this scenario occur?         4.) How to resolve the problem? What Does this Mean? Quick history lesson…With the introduction of Windows 2003, Microsoft created two new DNS-related application partitions. Let’s quickly discuss why Microsoft did this. To do this, we’ll have to take a look at how Windows 2000 implemented DNS. With Windows 2000, when…