Printable View
I have done a successful demotion, after that DC's names are not removed from the DNS Ad-Integrated zones with Name Servers Tab. I have waited days to check if it was replication related, but it is not. Also, I have checked that the replication is taking place and its fine. Can anyone help? Thanks.
You can try to get rid of them manually without any issues. Also you need to remove it manually from AD sites and services as well.
I usually do that from both DNS and ADSS. However it is a bit irritating to do it to all DNS zones everytime I demote a box. I have even dump the entire AD DB with LDIFDE and search throught it. I think that it will be good to have a proper cleanup. Thanks.
It is good that you are being thorough, but you need to be able to check the relevant DNS records registered by a domain controller in the forward lookup zones by examining content of the local %windir%\system32\config\netlogon.dns file.
I think that you can do that manually or by using dnscmd in a script, can you check at Script center for samples of this? But it should not be a thing that you do regularly, is it? Did you continuously remove DCs from your domain?
I agree that you should remove it manually, or else you can try to enable aging/scavenging on the DNS zones/server as well.
I had to do this for our reverse zones.
Export the list from the dns gui or dnscmd, open in Excel, delete all other columns except the zones list. Add a column before the zones, drag this down: dnscmd /recorddelete <-space. Then add a column after and drag this down: space -> @ NS yournameserverFQDNdot /f. Then save as a .bat file, review for syntax and run it.
Don't forget the spaces before or after my arrows and the trailing dot on your name server.