DNS/AD problems after demoting first server in AD

  • Thread starter Thread starter Jim Helfer
  • Start date Start date
J

Jim Helfer

I had to demote a server that was a GC, DC and a DNS server. I didn't
see any errors on this process, but it's seemed to have some ugly side
effects on the network. First of all, the demoted server remains a
member server and a DNS server, but is not connected to the zone. (and
there are events that tell me it tried but couldn't).

But, several important-looking records in the other DNS server still
apear to reference the demoted, dns-disconnected server, such as:

ForwardLookupZpne/_msdc: NS - Name Server

ForwardLookupZone/_msdc/_tcp : SRV - Service Location

ForwardLookupZpne/_msdc/_gc: A - Host

Similar for wtwarch.com

I know this is wrong, but I'm not sure what to do. Manually delete the
records? reconnect the demoted servers DNS? Remove DNS from the demoted
server?

Thanks
Jim Helfer
WTW Architects
Pittsburgh PA
 
Hi,

First, before you demote it, did you transfer FSMO to other DCs? If not,
please now try to seize FSMO to other DCs.

324801 How to view and transfer FSMO roles in Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;EN-US;324801

255504 Using Ntdsutil.exe to transfer or seize FSMO roles to a domain
controller
http://support.microsoft.com/default.aspx?scid=kb;EN-US;255504

Second, since you demoted the DC, I suggest you let other DCs to hold the
DNS role if the DNS is stored in AD.

Third, I'm not sure what is the exact event of "not connected to the zone",
please let me know in detail.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
 
Thanks, I just removed the DNS service from the demoted server and
everything seeemed to go back to normal.
 
Hi Ji,

Glad to know that. :)

Have a good day~


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================

Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
 
Back
Top