O'Reilly logo

Active Directory Cookbook by Robbie Allen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

13.16. Deregistering a Domain Controller’s Resource Records

Problem

You want to manually deregister a domain controller’s resource records.

Solution

Using a command-line interface

With the following nltest command, replace <DomainControllerName> with the FQDN of the domain controller you want to deregister and <DomainDNSName> with the FQDN of the domain of which the domain controller is a member:

> nltest /dsderegdns:<DomainControllerName> /Dom:<DomainDNSName>

Discussion

When a domain controller is demoted from a domain, it dynamically deregisters its resource records. This is a nice feature of the demotion process because it means you do not have to manually remove all of the resource records or wait for scavenging to remove them. If, however, you have a domain controller that crashes and you do not plan on bringing it back online, you’ll need to remove the records manually or wait for scavenging.

You can use the DNS Mgmt MMC snap-in and even the dnscmd.exe utility to remove them one by one, or you can use the nltest command, as shown in the solution. The /dsderegdns switch also has /DomGUID and /DsaGUID options if you want to delete the records that are based on the domain GUID and DSA GUID, respectively. You need to know the actual GUIDs of the domain and domain controller to use those switches, so if you don’t have them handy, it would be easier to delete them using the DNS Mgmt MMC snap-in.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required