_ldap._tcp.pdc._msdcs.domain.com

[Brendon Rogers]

Over time we have had three different servers host the FSMO PDC role. I just
noticed that all three are listed in DNS under
_ldap._tcp.pdc._msdcs.domain.com.

Surely only the current FSMO PDC should be listed here? What side-effects
could this have?

 

[Kevin D. Goodknecht [MVP]]

In

Over time we have had three different servers host the FSMO PDC role.
I just noticed that all three are listed in DNS under
_ldap._tcp.pdc._msdcs.domain.com.

Surely only the current FSMO PDC should be listed here? What
side-effects could this have?

Yes only the current PDC emulator should be listed. This brings up the
question, was the PDC emulator role transferred gracefully or was it seized?
If the role was seized instead of transferred gracefully then the previous
PDC would not have had the chance to de-register the PDC record. That means
that DNS never knew the PDC role changed. The new PDC would have just
registered it record.
If you are NOT getting replication errors you may be able to delete the
records, as long as Active Directory knows the DCs are gone and they weren't
just turned off.
Were the previous PDCs successfully DCPROMOed out of the domain?
HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498&Product=win2000

 

[Brendon Rogers]

Thanks for the response.

The transfer of the PDC FSMO role was done gracefully on all occasions. The
previous two PDC role-holders are still DCs in the domain, the role was
moved because of network design requirements.

I have deleted the two old DNS records and am not seeing any errors in
Eventvwr or ReplMon.