Metadata Cleanup and DNS

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Am on the cusp of doing a metadata cleanup for a flamed server. Have read
http://support.microsoft.com/?kbid=216498 carefully, as well as other
associated online documentation. The 216498 document references deleting the
DNS cname record _msdcs.root domain of forest zone in DNS. It goes on to say
other DNS records should be deleted as best practice, like hostname records,
reverse lookup, etc.

Does this include deleting the SRV and NS records for the soon to be gone DC?

Rather be safe then sorry.
 
Cybersteve said:
Am on the cusp of doing a metadata cleanup for a flamed server. Have read
http://support.microsoft.com/?kbid=216498 carefully, as well as other
associated online documentation. The 216498 document references deleting
the
DNS cname record _msdcs.root domain of forest zone in DNS. It goes on to
say
other DNS records should be deleted as best practice, like hostname
records,
reverse lookup, etc.

Does this include deleting the SRV and NS records for the soon to be gone
DC?

Rather be safe then sorry.
Click to expand...

Sure. Anything related to it being a DC, but always
do the NTDSUtil metadata cleanup and never try to
first remove it from AD users/computers etc.

(Of course you must allow for any records it needs a
an "ordindary server" if it is still online but this is none
of that stuff above.)

AND were you to delete to much in DNS for a demoted
DC you could always just reboot or run "NetDiag /fix"
(or maybe even "ipconfig /registerDNS") on it.

You have already found the articles about cleanup but
you might wish to note the KEY point about understanding
how to use"

NTDSutil metadata cleanup

You CONNECT to a WORKING DC.
You SELECT the missing/dead DC or DOMAIN

'Connect' and 'Select' are technical terms in this context.
 
--
Endurance is more important then truth.


Herb Martin said:
Cybersteve said:
Am on the cusp of doing a metadata cleanup for a flamed server. Have read
http://support.microsoft.com/?kbid=216498 carefully, as well as other
associated online documentation. The 216498 document references deleting
the
DNS cname record _msdcs.root domain of forest zone in DNS. It goes on to
say
other DNS records should be deleted as best practice, like hostname
records,
reverse lookup, etc.

Does this include deleting the SRV and NS records for the soon to be gone
DC?

Rather be safe then sorry.
Click to expand...

Sure. Anything related to it being a DC, but always
do the NTDSUtil metadata cleanup and never try to
first remove it from AD users/computers etc.

(Of course you must allow for any records it needs a
an "ordindary server" if it is still online but this is none
of that stuff above.)

AND were you to delete to much in DNS for a demoted
DC you could always just reboot or run "NetDiag /fix"
(or maybe even "ipconfig /registerDNS") on it.

You have already found the articles about cleanup but
you might wish to note the KEY point about understanding
how to use"

NTDSutil metadata cleanup

You CONNECT to a WORKING DC.
You SELECT the missing/dead DC or DOMAIN

'Connect' and 'Select' are technical terms in this context.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


Thanks, Herb, for the helpful information. I'm on my way.
Click to expand...
 
a normal demote is recommended if possible....

AD metadata cleanup through NTDSUTIL does not cleanup the records of the
DC... so that needs to be done manually..

for stale DNS records you might also wanna have a look at DNS Aging and
Scavenging:
http://technet2.microsoft.com/Windo...0cea-4a74-9634-fdd993f4c4f41033.mspx?mfr=true

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
Back
Top