September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
13.14. Preventing a Domain Controller from Dynamically Registering All Resource Records
Problem
You want to prevent a domain controller from dynamically registering its resource records using DDNS. If you manually register domain controllers’ resource records, you’ll want to prevent those domain controllers from attempting to dynamically register them. If you do not disable them from sending dynamic update requests, you may see annoying error messages on your DNS servers that certain DDNS updates are failing.
Solution
Using a command-line interface
>reg add HKLM\System\CurrentControlSet\Services\Netlogon\Parameters /v[RETURN]UseDynamicDNS /t REG_DWORD /d 0The operation completed successfully. >net stop netlogonThe Net Logon service is stopping. The Net Logon service was stopped successfully. >del %SystemRoot%\system32\config\netlogon.dnb>net start netlogonThe Net Logon service is starting....... The Net Logon service was started successfully.
Using VBScript
' This code prevents a DC from registering resource records dynamically. ' It must be run directly on the server. ' Create Registry Value const HKLM = &H80000002 set oReg=GetObject("winmgmts:root\default:StdRegProv") strKeyPath = "System\CurrentControlSet\Services\Netlogon\Parameters" if oReg.SetDWORDValue(HKLM,strKeyPath,"UseDynamicDNS",1) <> 0 then WScript.Echo "Error creating registry value" else WScript.Echo "Created registry value successfully" end if ' Stop Netlogon service strService = "Netlogon" set objService = GetObject("WinMgmts:root/cimv2:Win32_Service.Name='" ...