Discussion:
_msdcs in DNS shows old DC
(too old to reply)
Whiteford
2009-11-04 20:12:58 UTC
Permalink
Hi,

In DNS the _msdcs folder shows only one entry and this entry is an old
domain controller we no longer have in our domain, should I remove it and/or
replace with a live domain controller?

What is this folder?
Meinolf Weber [MVP-DS]
2009-11-05 07:26:52 UTC
Permalink
Hello Whiteford,

Is that DC removed from the domain with dcpromo or just ddisconnected and
the AD database is never cleaned from it? If the latter check:
http://support.microsoft.com/kb/555846/en-us

Also you have to check the DNS server list in DNS management console on each
existing zone, if it is listed there.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by Whiteford
Hi,
In DNS the _msdcs folder shows only one entry and this entry is an old
domain controller we no longer have in our domain, should I remove it
and/or replace with a live domain controller?
What is this folder?
Rich Crandall
2009-11-06 05:05:03 UTC
Permalink
This DNS zone (or subdomain, depending on how you have it set up) stores many
of the service records used by Active Directory and its clients. In
addition, it stored the CNAME records which domain controllers use in
replication. It is a highly critical zone to the success of your directory
service.

You only have one DC so there isn't any replication to worry about but you
should still be concerned with client service record lookups. If your
current DC is not located in that zone (or subdomain) it is likely because
the zone doesn't support dynamic updates. I would strongly encourage you to
enable secure dynamic updates. More info about secure dynamic updates and
how to properly configure them can be found here:
http://cbfive.com/blog/post/Enabling-DNS-Secure-Only-Updates.aspx.

There are several records under the _msdcs subdomain that will need to be
udpated and it is much more efficient to do this with dynamic updates over
hand-jamming. However, if you are unable (by corporate policy) to enable
dynamic updates, then yes, please do delete the old record and update it with
the new DC. Make sure to craft the record appropriately.
--
hth.

/rich

http://cbfive.com
http://cbfive.com/blogs
Post by Whiteford
Hi,
In DNS the _msdcs folder shows only one entry and this entry is an old
domain controller we no longer have in our domain, should I remove it and/or
replace with a live domain controller?
What is this folder?
.
Whiteford
2009-11-06 09:34:21 UTC
Permalink
Today I'm a little confused today, I'm sure I had a _msdcs folder, but it's
gone. under forward lookup zones I do have a _msdcs.domain.com folder
though containing dc, domains, gc, pdc?
Post by Rich Crandall
This DNS zone (or subdomain, depending on how you have it set up) stores many
of the service records used by Active Directory and its clients. In
addition, it stored the CNAME records which domain controllers use in
replication. It is a highly critical zone to the success of your directory
service.
You only have one DC so there isn't any replication to worry about but you
should still be concerned with client service record lookups. If your
current DC is not located in that zone (or subdomain) it is likely because
the zone doesn't support dynamic updates. I would strongly encourage you to
enable secure dynamic updates. More info about secure dynamic updates and
http://cbfive.com/blog/post/Enabling-DNS-Secure-Only-Updates.aspx.
There are several records under the _msdcs subdomain that will need to be
udpated and it is much more efficient to do this with dynamic updates over
hand-jamming. However, if you are unable (by corporate policy) to enable
dynamic updates, then yes, please do delete the old record and update it with
the new DC. Make sure to craft the record appropriately.
--
hth.
/rich
http://cbfive.com
http://cbfive.com/blogs
Post by Whiteford
Hi,
In DNS the _msdcs folder shows only one entry and this entry is an old
domain controller we no longer have in our domain, should I remove it and/or
replace with a live domain controller?
What is this folder?
.
Meinolf Weber [MVP-DS]
2009-11-06 09:50:00 UTC
Permalink
Hello Whiteford,

In a 2000 or upgraded 2003 environment this is the default you see now. Please
give some more information about your domain and DNS setup. Also give some
answers about the question we asked so we get an overview.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Post by Whiteford
Today I'm a little confused today, I'm sure I had a _msdcs folder, but
it's gone. under forward lookup zones I do have a _msdcs.domain.com
folder though containing dc, domains, gc, pdc?
Post by Rich Crandall
This DNS zone (or subdomain, depending on how you have it set up)
stores
many
of the service records used by Active Directory and its clients. In
addition, it stored the CNAME records which domain controllers use in
replication. It is a highly critical zone to the success of your directory
service.
You only have one DC so there isn't any replication to worry about but you
should still be concerned with client service record lookups. If your
current DC is not located in that zone (or subdomain) it is likely because
the zone doesn't support dynamic updates. I would strongly encourage
you
to
enable secure dynamic updates. More info about secure dynamic updates and
http://cbfive.com/blog/post/Enabling-DNS-Secure-Only-Updates.aspx.
There are several records under the _msdcs subdomain that will need to be
udpated and it is much more efficient to do this with dynamic updates over
hand-jamming. However, if you are unable (by corporate policy) to enable
dynamic updates, then yes, please do delete the old record and update
it
with
the new DC. Make sure to craft the record appropriately.
-- hth.
/rich
http://cbfive.com
http://cbfive.com/blogs
Post by Whiteford
Hi,
In DNS the _msdcs folder shows only one entry and this entry is an old
domain controller we no longer have in our domain, should I remove
it
and/or
replace with a live domain controller?
What is this folder?
.
Ace Fekay [MCT]
2009-11-06 08:02:02 UTC
Permalink
Post by Whiteford
Hi,
In DNS the _msdcs folder shows only one entry and this entry is an old
domain controller we no longer have in our domain, should I remove it
and/or replace with a live domain controller?
What is this folder?
It shows only one entry? Under which sub folder under the _msdcs zone? Does
the machine also show up under Sites and Services?

Please post an ipconfig /all of this DC. This will help us evaluate the
machine's config and other factors the output provides.

I am also curious to the responses to Meinolf's questions.
--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Continue reading on narkive:
Loading...