September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
13.16. Deregistering a Domain Controller’s Resource Records
Problem
You want to manually deregister a domain controller’s resource records.
Solution
Using a command-line interface
With the following nltest
command, replace
<DomainControllerName> with the FQDN
of the domain controller you want to deregister and
<DomainDNSName> with the FQDN of the
domain of which the domain controller is a member:
> nltest /dsderegdns:<DomainControllerName> /Dom:<DomainDNSName>
Discussion
When a domain controller is demoted from a domain, it dynamically deregisters its resource records. This is a nice feature of the demotion process because it means you do not have to manually remove all of the resource records or wait for scavenging to remove them. If, however, you have a domain controller that crashes and you do not plan on bringing it back online, you’ll need to remove the records manually or wait for scavenging.
You can use the DNS Mgmt MMC snap-in and even the
dnscmd.exe utility to remove them one by one, or
you can use the nltest command, as shown in the
solution. The /dsderegdns
switch also has
/DomGUID
and /DsaGUID
options if you want to delete the records that are based on the
domain GUID and DSA GUID,
respectively. You need to know the actual GUIDs of the
domain and domain controller to use those switches, so if you
don’t have them handy,
it would be easier to delete them
using the DNS Mgmt MMC snap-in.