Cybersteve
10-02-2006, 03:35 AM
Am on the cusp of doing a metadata cleanup for a flamed server. Have read
http://support.microsoft.com/?kbid=216498 carefully, as well as other
associated online documentation. The 216498 document references deleting the
DNS cname record _msdcs.root domain of forest zone in DNS. It goes on to say
other DNS records should be deleted as best practice, like hostname records,
reverse lookup, etc.
Does this include deleting the SRV and NS records for the soon to be gone DC?
Rather be safe then sorry.
--
Endurance is more important then truth.
Herb Martin
10-02-2006, 12:43 PM
"Cybersteve" <Cybersteve@discussions.microsoft.com> wrote in message
news:F3D15AB0-EE3C-4131-9DDC-9AFDE8479235@microsoft.com...
> Am on the cusp of doing a metadata cleanup for a flamed server. Have read
> http://support.microsoft.com/?kbid=216498 carefully, as well as other
> associated online documentation. The 216498 document references deleting
> the
> DNS cname record _msdcs.root domain of forest zone in DNS. It goes on to
> say
> other DNS records should be deleted as best practice, like hostname
> records,
> reverse lookup, etc.
>
> Does this include deleting the SRV and NS records for the soon to be gone
> DC?
>
> Rather be safe then sorry.
Sure. Anything related to it being a DC, but always
do the NTDSUtil metadata cleanup and never try to
first remove it from AD users/computers etc.
(Of course you must allow for any records it needs a
an "ordindary server" if it is still online but this is none
of that stuff above.)
AND were you to delete to much in DNS for a demoted
DC you could always just reboot or run "NetDiag /fix"
(or maybe even "ipconfig /registerDNS") on it.
You have already found the articles about cleanup but
you might wish to note the KEY point about understanding
how to use"
NTDSutil metadata cleanup
You CONNECT to a WORKING DC.
You SELECT the missing/dead DC or DOMAIN
'Connect' and 'Select' are technical terms in this context.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Cybersteve
10-02-2006, 04:42 PM
--
Endurance is more important then truth.
"Herb Martin" wrote:
> "Cybersteve" <Cybersteve@discussions.microsoft.com> wrote in message
> news:F3D15AB0-EE3C-4131-9DDC-9AFDE8479235@microsoft.com...
> > Am on the cusp of doing a metadata cleanup for a flamed server. Have read
> > http://support.microsoft.com/?kbid=216498 carefully, as well as other
> > associated online documentation. The 216498 document references deleting
> > the
> > DNS cname record _msdcs.root domain of forest zone in DNS. It goes on to
> > say
> > other DNS records should be deleted as best practice, like hostname
> > records,
> > reverse lookup, etc.
> >
> > Does this include deleting the SRV and NS records for the soon to be gone
> > DC?
> >
> > Rather be safe then sorry.
>
> Sure. Anything related to it being a DC, but always
> do the NTDSUtil metadata cleanup and never try to
> first remove it from AD users/computers etc.
>
> (Of course you must allow for any records it needs a
> an "ordindary server" if it is still online but this is none
> of that stuff above.)
>
> AND were you to delete to much in DNS for a demoted
> DC you could always just reboot or run "NetDiag /fix"
> (or maybe even "ipconfig /registerDNS") on it.
>
> You have already found the articles about cleanup but
> you might wish to note the KEY point about understanding
> how to use"
>
> NTDSutil metadata cleanup
>
> You CONNECT to a WORKING DC.
> You SELECT the missing/dead DC or DOMAIN
>
> 'Connect' and 'Select' are technical terms in this context.
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>
> Thanks, Herb, for the helpful information. I'm on my way.
Jorge de Almeida Pinto [MVP - DS]
10-02-2006, 08:12 PM
a normal demote is recommended if possible....
AD metadata cleanup through NTDSUTIL does not cleanup the records of the
DC... so that needs to be done manually..
for stale DNS records you might also wanna have a look at DNS Aging and
Scavenging:
http://technet2.microsoft.com/WindowsServer/en/library/20fbbd82-0cea-4a74-9634-fdd993f4c4f41033.mspx?mfr=true
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Cybersteve" <Cybersteve@discussions.microsoft.com> wrote in message
news:F3D15AB0-EE3C-4131-9DDC-9AFDE8479235@microsoft.com...
> Am on the cusp of doing a metadata cleanup for a flamed server. Have read
> http://support.microsoft.com/?kbid=216498 carefully, as well as other
> associated online documentation. The 216498 document references deleting
> the
> DNS cname record _msdcs.root domain of forest zone in DNS. It goes on to
> say
> other DNS records should be deleted as best practice, like hostname
> records,
> reverse lookup, etc.
>
> Does this include deleting the SRV and NS records for the soon to be gone
> DC?
>
> Rather be safe then sorry.
> --
> Endurance is more important then truth.