Discussion:
Demoted DC IP address still showing up at an active DC
(too old to reply)
ScottWWebb
2006-04-25 15:47:01 UTC
Permalink
I recently demoted one of my child domain controllers. Everything went
smoothly. A couple days later, I removed it from the domain and turn the
server off. A week later, when I "ping <domain.com>" some machines try to
ping this old demoted domain controller. When I do "nslookup <domain.com>,
all of my domain controller IP addresses show up, including the one I just
demoted and removed.

Everywhere I look, there is no mention of this old domain controller being a
domain controller any longer. I deleted all records withing WINS and DNS.
NTDSutil does not see this old demoted server as a domain controller. And
what little I know to look at in ADSIedit, this demoted domain controller is
no where to be found.

I think this is causing problems for some people, and it is random. Users
are not getting authenticated correctly because their machines seem to be
attempting to authenticate via this removed and demoted domain controller
that is no longer online.

Not sure what to do.
ScottWWebb
2006-04-25 15:55:02 UTC
Permalink
Here is what my nslookup looks like:

H:\>nslookup <domain.com>
Server: <dns server.domain.com>
Address: 10.7.1.1

Name: <domain.com>
Addresses: 10.7.1.19, 10.7.1.6, 10.7.1.7, 10.7.1.4

The IP address, 10.7.1.4, is the old demoted domain controller that is no
longer on the domain or online. The server is off and sitting on a shelf.

All the other IP's are correct. Those are my other child domain
controllers. I am ready to demote and remove 10.7.1.19 as well, but I want
to solve this problem first. I do not want there to be two demoted domain
controllers showing up and causing twice the problem with authentication.
Thrash
2006-04-25 18:15:02 UTC
Permalink
On your DNS server have you cleared out all references to the old DC from the
DomainDNSZones folder? You might see and entry like this:

(same as parent folder) Host (A) 10.7.1.4


I know you said you checked you DNS server but nslookup is going to pull
records from your DNS server. LDAP doesn't come into play here. I would
double check all your DNS servers for any references first.

I hope this helps. I have had to clean stuff out many times after running
dcpromo.
Post by ScottWWebb
H:\>nslookup <domain.com>
Server: <dns server.domain.com>
Address: 10.7.1.1
Name: <domain.com>
Addresses: 10.7.1.19, 10.7.1.6, 10.7.1.7, 10.7.1.4
The IP address, 10.7.1.4, is the old demoted domain controller that is no
longer on the domain or online. The server is off and sitting on a shelf.
All the other IP's are correct. Those are my other child domain
controllers. I am ready to demote and remove 10.7.1.19 as well, but I want
to solve this problem first. I do not want there to be two demoted domain
controllers showing up and causing twice the problem with authentication.
ScottWWebb
2006-04-25 18:29:01 UTC
Permalink
Thank you for the reply.

I just checked my DNS server (both of which are in the root domain) and I
found this: (same as parent folder) Host 10.7.1.4

I have deleted this.

I also found this same entry under: <primary dns server>\Forward Lookup
Zones\<root domain>\_msdcs\gc\
and under: <secondary dns server>\Forward Lookup Zones\<root
domain>\_msdcs\gc\

I have deleted this as well.

I also found some other lingering objects in these areas as well and I never
could figure out why these things were showing up sometimes the way they
were.

Now, after deleting these entries, my nslookup looks correct.

H:\>nslookup <domain.com>
Server:
Address: 10.7.1.1

Name: <domain.com>
Addresses: 10.7.1.19, 10.7.1.6, 10.7.1.7


Thank you very much.
Post by Thrash
On your DNS server have you cleared out all references to the old DC from the
(same as parent folder) Host (A) 10.7.1.4
I know you said you checked you DNS server but nslookup is going to pull
records from your DNS server. LDAP doesn't come into play here. I would
double check all your DNS servers for any references first.
I hope this helps. I have had to clean stuff out many times after running
dcpromo.
Loading...