Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » _msdcs in DNS shows old DC
_msdcs in DNS shows old DC [message #307888] Wed, 04 November 2009 13:11 Go to next message
Peter[1]  is currently offline Peter[1]  United Kingdom
Messages: 76
Registered: August 2009
Member
Hi,

In DNS the _msdcs folder shows only one entry and this entry is an old
domain controller we no longer have in our domain, should I remove it and/or
replace with a live domain controller?

What is this folder?
Re: _msdcs in DNS shows old DC [message #308405 is a reply to message #307888] Thu, 05 November 2009 00:26 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Whiteford,

Is that DC removed from the domain with dcpromo or just ddisconnected and
the AD database is never cleaned from it? If the latter check:
http://support.microsoft.com/kb/555846/en-us

Also you have to check the DNS server list in DNS management console on each
existing zone, if it is listed there.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi,
>
> In DNS the _msdcs folder shows only one entry and this entry is an old
> domain controller we no longer have in our domain, should I remove it
> and/or replace with a live domain controller?
>
> What is this folder?
>
RE: _msdcs in DNS shows old DC [message #309438 is a reply to message #307888] Thu, 05 November 2009 22:05 Go to previous messageGo to next message
Rich Crandall  is currently offline Rich Crandall
Messages: 10
Registered: November 2009
Junior Member
This DNS zone (or subdomain, depending on how you have it set up) stores many
of the service records used by Active Directory and its clients. In
addition, it stored the CNAME records which domain controllers use in
replication. It is a highly critical zone to the success of your directory
service.

You only have one DC so there isn't any replication to worry about but you
should still be concerned with client service record lookups. If your
current DC is not located in that zone (or subdomain) it is likely because
the zone doesn't support dynamic updates. I would strongly encourage you to
enable secure dynamic updates. More info about secure dynamic updates and
how to properly configure them can be found here:
http://cbfive.com/blog/post/Enabling-DNS-Secure-Only-Updates .aspx.

There are several records under the _msdcs subdomain that will need to be
udpated and it is much more efficient to do this with dynamic updates over
hand-jamming. However, if you are unable (by corporate policy) to enable
dynamic updates, then yes, please do delete the old record and update it with
the new DC. Make sure to craft the record appropriately.

--
hth.

/rich

http://cbfive.com
http://cbfive.com/blogs


"Whiteford" wrote:

> Hi,
>
> In DNS the _msdcs folder shows only one entry and this entry is an old
> domain controller we no longer have in our domain, should I remove it and/or
> replace with a live domain controller?
>
> What is this folder?
>
> .
>
Re: _msdcs in DNS shows old DC [message #309498 is a reply to message #307888] Fri, 06 November 2009 01:02 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"Whiteford" <no@no.com> wrote in message
news:ujPEyqYXKHA.3404@TK2MSFTNGP05.phx.gbl...
> Hi,
>
> In DNS the _msdcs folder shows only one entry and this entry is an old
> domain controller we no longer have in our domain, should I remove it
> and/or replace with a live domain controller?
>
> What is this folder?


It shows only one entry? Under which sub folder under the _msdcs zone? Does
the machine also show up under Sites and Services?

Please post an ipconfig /all of this DC. This will help us evaluate the
machine's config and other factors the output provides.

I am also curious to the responses to Meinolf's questions.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: _msdcs in DNS shows old DC [message #309555 is a reply to message #309438] Fri, 06 November 2009 02:34 Go to previous messageGo to next message
Peter[1]  is currently offline Peter[1]  United Kingdom
Messages: 76
Registered: August 2009
Member
Today I'm a little confused today, I'm sure I had a _msdcs folder, but it's
gone. under forward lookup zones I do have a _msdcs.domain.com folder
though containing dc, domains, gc, pdc?


"Rich Crandall" <initialAssist@cbfive.com> wrote in message
news:E975B888-29A9-4231-96A7-43FE7EA7C0AC@microsoft.com...
> This DNS zone (or subdomain, depending on how you have it set up) stores
> many
> of the service records used by Active Directory and its clients. In
> addition, it stored the CNAME records which domain controllers use in
> replication. It is a highly critical zone to the success of your
> directory
> service.
>
> You only have one DC so there isn't any replication to worry about but you
> should still be concerned with client service record lookups. If your
> current DC is not located in that zone (or subdomain) it is likely because
> the zone doesn't support dynamic updates. I would strongly encourage you
> to
> enable secure dynamic updates. More info about secure dynamic updates and
> how to properly configure them can be found here:
> http://cbfive.com/blog/post/Enabling-DNS-Secure-Only-Updates .aspx.
>
> There are several records under the _msdcs subdomain that will need to be
> udpated and it is much more efficient to do this with dynamic updates over
> hand-jamming. However, if you are unable (by corporate policy) to enable
> dynamic updates, then yes, please do delete the old record and update it
> with
> the new DC. Make sure to craft the record appropriately.
>
> --
> hth.
>
> /rich
>
> http://cbfive.com
> http://cbfive.com/blogs
>
>
> "Whiteford" wrote:
>
>> Hi,
>>
>> In DNS the _msdcs folder shows only one entry and this entry is an old
>> domain controller we no longer have in our domain, should I remove it
>> and/or
>> replace with a live domain controller?
>>
>> What is this folder?
>>
>> .
>>
Re: _msdcs in DNS shows old DC [message #309558 is a reply to message #309555] Fri, 06 November 2009 02:50 Go to previous message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Whiteford,

In a 2000 or upgraded 2003 environment this is the default you see now. Please
give some more information about your domain and DNS setup. Also give some
answers about the question we asked so we get an overview.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Today I'm a little confused today, I'm sure I had a _msdcs folder, but
> it's gone. under forward lookup zones I do have a _msdcs.domain.com
> folder though containing dc, domains, gc, pdc?
>
> "Rich Crandall" <initialAssist@cbfive.com> wrote in message
> news:E975B888-29A9-4231-96A7-43FE7EA7C0AC@microsoft.com...
>
>> This DNS zone (or subdomain, depending on how you have it set up)
>> stores
>> many
>> of the service records used by Active Directory and its clients. In
>> addition, it stored the CNAME records which domain controllers use in
>> replication. It is a highly critical zone to the success of your
>> directory
>> service.
>> You only have one DC so there isn't any replication to worry about
>> but you
>> should still be concerned with client service record lookups. If
>> your
>> current DC is not located in that zone (or subdomain) it is likely
>> because
>> the zone doesn't support dynamic updates. I would strongly encourage
>> you
>> to
>> enable secure dynamic updates. More info about secure dynamic
>> updates and
>> how to properly configure them can be found here:
>> http://cbfive.com/blog/post/Enabling-DNS-Secure-Only-Updates .aspx.
>> There are several records under the _msdcs subdomain that will need
>> to be
>> udpated and it is much more efficient to do this with dynamic updates
>> over
>> hand-jamming. However, if you are unable (by corporate policy) to
>> enable
>> dynamic updates, then yes, please do delete the old record and update
>> it
>> with
>> the new DC. Make sure to craft the record appropriately.
>> -- hth.
>>
>> /rich
>>
>> http://cbfive.com
>> http://cbfive.com/blogs
>> "Whiteford" wrote:
>>
>>> Hi,
>>>
>>> In DNS the _msdcs folder shows only one entry and this entry is an
>>> old
>>> domain controller we no longer have in our domain, should I remove
>>> it
>>> and/or
>>> replace with a live domain controller?
>>> What is this folder?
>>>
>>> .
>>>
Previous Topic:Domain migration :Disabling SID history and allowing anonymous SID
Next Topic:Will users be able to log on?
Goto Forum:
  


Current Time: Tue Jan 23 16:42:52 MST 2018

Total time taken to generate the page: 0.03288 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software